Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

Hanguang Luo,Tao Zou,Chunming Wu,Dan Li,Shunbin Li,Chu

DOI: https://doi.org/10.32604/cmc.2022.027118

2022-01-01

Abstract:In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.

Sensen Li,Yicai Huang,Bin Yu

DOI: https://doi.org/10.1016/j.comnet.2024.110426

IF: 5.493

2024-05-09

Computer Networks

Abstract:With the explosive development of the Internet of Things (IoT), its security has become a critical concern. As a lightweight hardware primitive, Physical Unclonable Function (PUF) provides a promising solution for IoT security. Nevertheless, as per the knowledge of the authors, most of the existing PUF-based anonymous authentication protocols for IoT are not suitable for end-to-end IoT applications due to their flexibility or security. Specifically, there are two main issues with existing related protocols: (1) the end-to-end anonymous authentication between IoT devices requires the participation of a trusted third party, which seriously affects the flexibility of interaction; (2) most related protocols provide weak anonymity, that is, they are anonymous against only eavesdroppers. To solve these problems, a new PUF-based end-to-end anonymous authentication protocol is proposed. Without needing the real-time participation of the third party, the proposed protocol realizes end-to-end direct mutual authentication and session key agreement while maintaining strong anonymity. It also provides an online dynamic updating mechanism for security parameters. The security analysis shows that the proposed protocol has perfect forward secrecy while resisting various known attacks including physical attacks and modeling attacks. Meanwhile, it outperforms related protocols in terms of protocol rounds and communication costs.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Fahem Zerrouki,Samir Ouchani,Hafida Bouarfa

DOI: https://doi.org/10.1007/s12652-022-04321-x

IF: 3.662

2022-08-07

Journal of Ambient Intelligence and Humanized Computing

Abstract:The Internet of things (IoT) is an indispensable part of our daily lives, bringing us many conveniences, including e-commerce and m-commerce services. Unfortunately, IoT networks suffer from several security issues, such as privacy, access control, and authentication. However, due to the limited computation resources, remote authentication between IoT devices and servers is vulnerable to being attacked over an insecure communication channel. Many authentication schemes have been proposed, but generally, they are based on traditional cryptographic techniques. Unfortunately, most of them are vulnerable to physical attacks since they rely mainly on a stored secret key in the device's local memory. However, recently Physically unclonable functions (PUFs) have been classified as solid security primitives that could guarantee the three pillars of security (confidentiality, authenticity, and privacy) of sent or received information by IoT devices. PUFs extract unique information from the physical characteristics of the IoT device. Nevertheless, a Fuzzy extractor (FE) should be considered to extract correct and reproducible cryptographic keys from a noisy source. This paper proposes a mutual authentication and a session key establishment protocol for IoT devices based on Silicon PUFs using Arbiter chips. We also validate our developed protocol regarding its resistance to attack scenarios. By relying on formal verification using VerifPal, we found that the proposed authentication mechanism is secure and suitable for resource-constrained IoT devices. Furthermore, our scheme is more efficient than the existing ones in terms of attack robustness. Finally, the experiments have been validated on an Arbiter PUF dataset.

computer science, information systems,telecommunications, artificial intelligence

Jie Cui,Jing Yu,Hong Zhong,Lu Wei,Lu Liu

DOI: https://doi.org/10.1109/tits.2022.3227949

IF: 8.5

2023-03-04

IEEE Transactions on Intelligent Transportation Systems

Abstract:Autonomous Vehicles (AVs) are a highly discussed topic owing to their great performance and convenience. However, some requirements limit their wider deployment. Specifically, AV should be controlled by remote users during emergencies. It may lead to AV's system facing the risk of being intruded on by a malicious party, resulting in unreasonable decisions. We, therefore, design the Internet of autonomous vehicle (IoAV) model to mitigate the problems arising from these limitations. To promote a secure remote control of the AV, a reliable authentication scheme, which can be used in IoAV, must be performed. Our proposed chaotic map-based authenticated key agreement (CMAKA) method provides secure remote control features for AVs. In this method, users, data centers, and AV establish a secure communication channel through the negotiation of three independent session keys. Furthermore, a physical unclonable function (PUF) is employed to produce a trusted private key during the authentication. The security of our scheme is evaluated using game hopping through the widespread Real-or-Random (ROR) model. Compared with other existing three-factor authentication schemes, the performance of our protocol is higher in both security requirements and total cost.

engineering, electrical & electronic,transportation science & technology, civil

Junfeng Miao,Zhaoshun Wang,Xin Ning,Achyut Shankar,Carsten Maple,Joel J. P. C. Rodrigues

DOI: https://doi.org/10.1109/tits.2024.3360251

IF: 8.5

2024-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:As a component of the Intelligent Transportation System (ITS), Internet of Vehicles (IoV) is becoming increasingly important in the management and construction of urban transportation as it can provide users with a range of applications related to traffic accident warnings, entertainment information, collaborative driving and real-time road information through communication devices on vehicles. However, with the increasing variety of services in the IoV, the growing demand for user traffic and the advances in Unmanned Aerial Vehicle (UAV) technology, UAV is introduced into the IoV as a solution, which can relieve the pressure on the communication infrastructure in the network, provide emergency communication services and improve the performance of network services. Due to the openness of IoV and the high-speed movement of vehicles, authentication and privacy issues are among the most pressing issues in IoV. Therefore, the paper proposes a secure and effective authentication protocol for UAV-assisted IoV. The protocol utilises elliptic curve cryptography to assure the security of the authentication. The protocol undergoes proof of security, Burrows-Abadi-Needham (BAN) logic analysis and informal security analysis to ensure secure and mutual authentication, and have a good resistance to known attacks. Furthermore, performance analysis and comparison are conducted to evaluate the efficiency of our protocol. The results indicate that our protocol has superior advantages in overhead.

engineering, electrical & electronic,transportation science & technology, civil

Li Li,XingJuan Fan,BoYuan Zhi,ShaoJun Li,Seyyed Amirreza Dabollahi

DOI: https://doi.org/10.1007/s11235-024-01172-z

2024-06-20

Telecommunication Systems

Abstract:In the contemporary era, the Internet of Vehicles (IoV) plays a pivotal role in traffic management, especially in the context of highly scalable and dynamic 5 G networks. Safeguarding these networks presents numerous challenges, particularly in controlling access for unauthenticated users and establishing secure key agreements with fine-grained access control. Balancing these security measures is vital to prevent unauthorized information flow while aligning with the promising goals of future generation technologies. Despite numerous related studies being conducted, existing schemes face risks such as privacy breaches, identity tracing, and substantial computation overheads. Consequently, there is an urgent need to introduce a more secure and efficient scheme to counter various attacks. This paper introduces an authenticated key agreement scheme, tailored for fog-based IoV. The scheme's security is established under the Random Oracle Model and verified using the ProVerif tool. Additionally, a performance assessment is conducted, demonstrating that the proposed protocol simultaneously meets both security and efficiency requirements when compared to several related schemes.

telecommunications

Urbi Chatterjee,Vidya Govindan,Rajat Sadhukhan,Debdeep Mukhopadhyay,Rajat Subhra Chakraborty,Debashis Mahata,Mukesh M. Prabhu

DOI: https://doi.org/10.1109/tdsc.2018.2832201

2019-05-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Physically Unclonable Functions (PUFs) promise to be a critical hardware primitive to provide unique identities to billions of connected devices in Internet of Things (IoTs). In traditional authentication protocols a user presents a set of credentials with an accompanying proof such as password or digital certificate. However, IoTs need more evolved methods as these classical techniques suffer from the pressing problems of password dependency and inability to bind access requests to the “things” from which they originate. Additionally, the protocols need to be lightweight and heterogeneous. Although PUFs seem promising to develop such mechanism, it puts forward an open problem of how to develop such mechanism without needing to store the secret challenge-response pair (CRP) explicitly at the verifier end. In this paper, we develop an authentication and key exchange protocol by combining the ideas of Identity based Encryption (IBE), PUFs and Key-ed Hash Function to show that this combination can help to do away with this requirement. The security of the protocol is proved formally under the Session Key Security and the Universal Composability Framework. A prototype of the protocol has been implemented to realize a secured video surveillance camera using a combination of an Intel Edison board, with a Digilent Nexys-4 FPGA board consisting of an Artix-7 FPGA, together serving as the IoT node. We show, though the stand-alone video camera can be subjected to man-in-the-middle attack via IP-spoofing using standard network penetration tools, the camera augmented with the proposed protocol resists such attacks and it suits aptly in an IoT infrastructure making the protocol deployable for the industry.

computer science, information systems, software engineering, hardware & architecture

Xinying Yu,Kejun Zhang,Zhufeng Suo,Jun Wang,Wenbin Wang,Bing Zou

DOI: https://doi.org/10.1016/j.jksuci.2024.102166

IF: 9.006

2024-08-30

Journal of King Saud University - Computer and Information Sciences

Abstract:Biometric recognition is extensive for user security authentication in the Industrial Internet of Things (IIoT). However, the potential leakage of biometric data has severe repercussions, such as identity theft or tracking. Existing authentication schemes primarily focus on protecting biometric templates but often overlook the "one-authentication multiple-access" mode. As a result, these schemes still confront challenges related to privacy leakage and low efficiency for users who frequently access the server. In this regard, this paper proposes an efficient authentication scheme syncretizing physical unclonable function (PUF) and revocable biometrics in IIoT. Specifically, we design a revocable biometric template generation method syncretizing the user's biometric data and the device's PUF to enhance the security and revocability of the dual identity information. Given the generated revocable biometric template and the secret sharing, our scheme implements secure authentication and key negotiation between users and servers. Additionally, we establish an access boundary and an authentication validity period to permit multiple accesses following one authentication, thus significantly decreasing the computational cost of the user-side device. We leverage BAN logic and the ROR model to prove our scheme's security. Informal security analysis and performance comparison demonstrate that our scheme satisfies more security features with higher authentication efficiency.

computer science, information systems

Kaiyan He,Zhe Ren

DOI: https://doi.org/10.1016/j.comnet.2024.110450

IF: 5.493

2024-04-26

Computer Networks

Abstract:The Industrial Internet of Things (IIoT) is an emerging technology for smart manufacturing and productivity improvement. Due to the increasing complexity of manufacturing, devices with smart industrial sensors from several domains work together on the same job, raising serious security and privacy concerns about peer-to-peer (P2P) communication. Specifically, P2P secure communication should be focused on when it comes to high efficiency and security of information exchange between two industrial sensors. However, none of the existing schemes can resist physical attacks toward industrial sensors. To resolve the problem, we propose a new three-factor authentication and key agreement scheme named NTFAK for P2P IIoT communication using Physical Unclonable Functions (PUF) and Chebyshev chaotic mapping, where PUF is used to replace the smart card factor in the traditional schemes. The unclonable property of PUF and its ability to securely identify a device by challenge-response can provide safety to physical attacks. Besides, the use of the Chebyshev chaotic map also can provide high computational efficiency while ensuring better security. The proposed scheme enables secure communication between any two industrial sensors, which can resist physical attacks and offer a smaller key size, faster computation, and higher efficiency for IIoT. The security of our scheme is formally proved by the random oracle model, and security properties are discussed to show our scheme resists various attacks. Moreover, experiments were implemented to prove the efficiency of our scheme. Specifically, the results show that NTFAK can improve the computation and communication overheads by 36.6% and 17.5% at least, compared to existing schemes, while also ensure a minimum time reduction of 30.4% in delay time. In terms of security and functionality features, NTFAK satisfies the proposed 14 properties, outperforming existing solutions.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Saad Ali Alfadhli,Songfeng Lu,Kai Chen,Meriem Sebai

DOI: https://doi.org/10.1109/access.2020.3014038

IF: 3.9

2020-01-01

IEEE Access

Abstract:Vehicles authentication, the integrity of messages exchanged, and privacy-preserving are essential features in vehicular ad hoc network (VANETs) security. Most of the previously proposed VANETs security solutions do not sufficiently satisfy the security and efficiency requirements. Besides, most of those solutions are heavily dependent on the system key and long-term sensitive data stored in an ideal tamper-proof device, which may not be practical or ideal for resource-constrained onboard units ( $OBUs$ ), especially in the case of an unexpected cloning or physical attack. Therefore, a robust authentication solution should consider those security issues and the nature of resource-constrained nodes. To satisfy all these requirements, we propose a lightweight multi-factor authentication and privacy-preserving security solution for VANETs. It employs a combination of physically unclonable functions ( $PUF$ ) and one-time dynamic pseudo-identities as authentication factors. Furthermore, it eliminates the heavy dependency on the system key by decentralising the wide precinct of the certificate authority ( $CA$ ) into regional domains and achieves robust control of domains keys. A detailed analysis demonstrates that our scheme efficiently meets the VANETs security requirements, and offers more suitable communication and computation costs and features than existing schemes.

Chandranshu Gupta,Gaurav Varshney

2023-11-07

Abstract:The Internet of Things (IoT) has improved people's lives by seamlessly integrating into many facets of modern life and facilitating information sharing across platforms. Device Authentication and Key exchange are major challenges for the IoT. High computational resource requirements for cryptographic primitives and message transmission during Authentication make the existing methods like PKI and IBE not suitable for these resource constrained devices. PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE. PUF provides an unclonable and tamper sensitive unique signature based on the PUF chip by using manufacturing process variability. Therefore, in this study, we use lightweight bitwise XOR, hash function, and PUF to Authenticate IoT devices. Despite several studies employing the PUF to authenticate communication between IoT devices, to the authors' knowledge, existing solutions require intermediary gateway and internet capabilities by the IoT device to directly interact with a Server for Authentication and hence, are not scalable when the IoT device works on different technologies like BLE, Zigbee, etc. To address the aforementioned issue, we present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself. The results of a thorough security study are validated against adversarial attacks and PUF modeling attacks. For formal security validation, the AVISPA verification tool is also used. Performance study recommends this protocol's lightweight characteristics. The proposed protocol's acceptability and defenses against adversarial assaults are supported by a prototype developed with ESP32.

Cryptography and Security

Manik Gupta,Rakesh Kumar,Shashi Shekhar,Bhisham Sharma,Ram Bahadur Patel,Shaily Jain,Imed Ben Dhaou,Celestine Iwendi

DOI: https://doi.org/10.3390/s22145119

2022-07-07

Abstract:The Internet of Vehicles (IoV) is a new paradigm for vehicular networks. Using diverse access methods, IoV enables vehicles to connect with their surroundings. However, without data security, IoV settings might be hazardous. Because of the IoV's openness and self-organization, they are prone to malevolent attack. To overcome this problem, this paper proposes a revolutionary blockchain-enabled game theory-based authentication mechanism for securing IoVs. Here, a three layer multi-trusted authorization solution is provided in which authentication of vehicles can be performed from initial entry to movement into different trusted authorities' areas without any delay by the use of Physical Unclonable Functions (PUFs) in the beginning and later through duel gaming, and a dynamic Proof-of-Work (dPoW) consensus mechanism. Formal and informal security analyses justify the framework's credibility in more depth with mathematical proofs. A rigorous comparative study demonstrates that the suggested framework achieves greater security and functionality characteristics and provides lower transaction and computation overhead than many of the available solutions so far. However, these solutions never considered the prime concerns of physical cloning and side-channel attacks. However, the framework in this paper is capable of handling them along with all the other security attacks the previous work can handle. Finally, the suggested framework has been subjected to a blockchain implementation to demonstrate its efficacy with duel gaming to achieve authentication in addition to its capability of using lower burdened blockchain at the physical layer, which current blockchain-based authentication models for IoVs do not support.

Amir Masoud Aminian Modarres,Nima S. Anzabi-Nezhad,Maryam Zare

DOI: https://doi.org/10.1109/access.2024.3361921

IF: 3.9

2024-02-16

IEEE Access

Abstract:The Internet of Medical Things (IoMT) is a promising framework for expanding and improving telemedicine services. A common cloud-based IoMT architecture consists of three layers of entities, the first layer (such as smart sensors and devices), the second layer (such as gateways), and the third layer (such as cloud servers). Obviously, in these networks, the protection of sensitive information against security threats as well as authentication between the entities is a key issue. On the other hand, the devices involved in the first and second layers usually suffer from poor computational capabilities as well as a lack of physical protection, which should be considered in the design of security protocols. Recently, Alladi et al. have proposed a lightweight authentication protocol for the cloud-based IoMT that addresses these challenges, using Physically Unclonable Function (PUF). In this paper, we first provide thorough cryptanalysis of their scheme and clarify its important vulnerabilities that lead to protocol collapse. Then, we propose a new lightweight protocol based on PUF to perform strong mutual authentication and key agreement between parties in the IoMT networks. The formal (using BAN logic) and informal security analysis demonstrate that our scheme is resistant to several well-known attacks, including physical attacks. Also, our evaluation of computational cost and security features clearly shows that the proposed scheme outperforms similar schemes in security and efficiency. Another important advantage of our protocol is that it performs the mutual authentication and key agreement process separately for each pair of layers in the three-layer cloud-based IoMT architecture. This triple authentication scheme provides the necessary flexibility for use in different scenarios and working conditions. In this aspect, as far as we know, our proposed protocol is the first of its kind.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chunhua Jin,Penghui Zhou,Zhiwei Chen,Wenyu Qin,Guanhua Chen,Hao Zhang,Jian Weng

DOI: https://doi.org/10.1016/j.vehcom.2024.100847

IF: 6.7

2024-10-27

Vehicular Communications

Abstract:Vehicular ad hoc network (VANET) has been a promising technology in smart transportation system, which can enable information exchange between vehicles and roadside units (RSUs). However, the privacy of vehicles and RSUs is a critical challenge in VANET, as they may expose sensitive information to malicious attackers or unauthorized parties. Many existing authenticated key agreement (AKA) schemes aim to protect the privacy of vehicles and RSUs, but they often neglect the physical security of the devices involved in the communication. Therefore, we propose an efficient and privacy-preserving AKA scheme in VANET, which embeds physical unclonable function (PUF) and fuzzy extraction (FE) technology. PUF is a physical device that generates random strings based on their intrinsic characteristics and external inputs, which can protect the secrets in the devices from being stolen by attackers. FE can compensate for the drawbacks of PUF affected by environmental factors. Our scheme preserves the identity privacy of legitimate RSUs and vehicles, as well as intercepts and traces the identity of malicious attackers. In addition, we eliminate the involvement of the third party (TP) in the AKA phase to better meet the high-speed driving of vehicles. Finally, we conduct formal and informal security analyses in random oracle model (ROM), which prove that our scheme can resist various attacks. We also show in the performance analysis that our scheme has the lowest computational cost, communication overhead, and total energy consumption.

telecommunications,transportation science & technology

Xianji Jin,Na Lin,Zhongwei Li,Wenqi Jiang,Yuge Jia,Qingyang Li

DOI: https://doi.org/10.1109/access.2024.3413853

IF: 3.9

2024-06-21

IEEE Access

Abstract:With the wide application of IoT technologies in the power sector, power IoT faces serious security challenges, which can be severely affected by malicious attacks and unauthorised access. Meanwhile, devices in power IoT are usually resource-constrained and deployed in a decentralised manner, making them vulnerable to physical attacks. Therefore, a robust and reliable lightweight authentication scheme needs to be constructed to guarantee its information security. A lightweight authentication scheme for the power IoT based on Physical Unclonable Function (PUF) and Chebyshev chaotic map is proposed in this paper, which achieves two-way authentication and session key negotiation between gateways and terminal devices. Comparing with traditional authentication schemes, the PUF and Chebyshev chaotic map used in this scheme have high security and lower resource overhead. PUF is used to generate Challenge and Response Pairs (CRPs) for two-way authentication and key negotiation without storing any secret information about authentication in the device memory. At the same time, Chebyshev chaotic map is used to protect the transmission of secret information such as CRPs in insecure channels. The solution is therefore resistant to attacks such as physical, machine learning modelling and impersonation, ensuring the information security of the authentication process. The proposed scheme is analyzed and verified using the formal verification tool ProVerif and improved BAN logic along with informal methods. The verification results show that the scheme satisfies 12 security properties such as two-way authentication and user anonymity. Comparative analysis with existing related authentication schemes shows that the proposed scheme has low computation and communication costs while guaranteeing security, thus rendering it suitable for resource-constrained terminal devices in the power IoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hu Xiong,Ting Yao,Yaxin Zhao,Lingxiao Gong,Kuo-Hui Yeh

DOI: https://doi.org/10.1109/tits.2024.3465242

IF: 8.5

2024-11-05

IEEE Transactions on Intelligent Transportation Systems

Abstract:With the rise of intelligent transportation, various mobile value-added services can be provided by the service provider (SP) in the Internet of Vehicles (IoV). To guarantee the dependability of services, it is essential to implement a mutual authentication protocol between the vehicles and the SP. Existing mutual authentication protocols to secure the communication between the SP and the vehicle raise challenges such as providing fine-grained forward security for the SP and achieving backward security for the vehicle. To handle these challenges, this paper proposes a conditional privacy-preserving mutual authentication protocol featured with fine-grained forward security and backward security for IoV, which can be implemented via two building blocks we have constructed. Specifically, we present a new puncturable signature (PS) scheme without false-positive probability and the update of the public key as well as the first proxy re-signature scheme with parallel key-insulation (PKI-PRS). What's more, both the proposed PKI-PRS and PS still have interest beyond this protocol. Then, an anonymous mutual authentication protocol with resistance to key leakage is constructed by incorporating the above signature schemes. The proposed protocol not only provides fine-grained forward security for the SP, but also ensures forward security as well as backward security for the vehicles. Besides, the approach to achieving anonymous authentication can efficiently provide conditional privacy-preserving for the vehicles. With the support of the random oracle model and experimental simulations, the formal security proof and the superiority of the proposed protocol is explicitly given.

engineering, electrical & electronic,transportation science & technology, civil

Yu Zhuang,Gaoxiang Li

2024-05-22

Abstract:Lightweight authentication is essential for resource-constrained Internet-of-Things (IoT). Implementable with low resource and operable with low power, Physical Unclonable Functions (PUFs) have the potential as hardware primitives for implementing lightweight authentication protocols. The arbiter PUF (APUF) is probably the most lightweight strong PUF capable of generating exponentially many challenge-response pairs (CRPs), a desirable property for authentication protocols, but APUF is severely weak against modeling attacks. Efforts on PUF design have led to many PUFs of higher resistance to modeling attacks and also higher area overhead. There are also substantial efforts on protocol development, some leverage PUFs' strength in fighting modeling attacks, and some others employ carefully designed protocol techniques to obfuscate either the challenges or the responses with modest increase of area overhead for some or increased operations for some others. To attain both low resource footprint and high modeling attack resistance, in this paper we propose a co-design of PUF and protocol, where the PUF consists of an APUF and a zero-transistor interface that obfuscates the true challenge bits fed to the PUF. The obfuscated PUF possesses rigorously proven potential and experimentally supported performance against modeling attacks when a condition is met, and the protocol provides the condition required by the PUF and leverages the PUF's modeling resistance to arrive at low resource overhead and high operational simplicity, enabling lightweight authentications while resisting modeling attacks.

Cryptography and Security

Kang Wen,Shengbao Wang,Yixiao Wu,Jie Wang,Lidong Han,Qi Xie

DOI: https://doi.org/10.3390/math12050716

IF: 2.4

2024-02-29

Mathematics

Abstract:Unmanned Aerial Vehicles (UAVs) are increasingly pivotal in operations such as flood rescue, wildfire surveillance, and covert military endeavors, with their integration into the Internet of Things (IoT) networks broadening the scope of services they provide. Amidst this expansion, security concerns for UAVs have come to the forefront, particularly in open communication environments where they face authentication challenges and risks of sensitive data, including location information, being exposed to unauthorized parties. To address these issues, we propose a secure and lightweight authentication scheme that combines the use of anonymity mechanisms and Physical Unclonable Functions (PUFs). Specifically, we employ pseudo- and temporary identities to maintain the anonymity of UAVs, while also utilizing PUF technology to strengthen the security of Ground Station Servers (GSSs) against physical threats. Rigorous validation through ProVerif and the Random Oracle (ROR) Model indicates our scheme's superior performance over existing protocols in terms of both efficiency and security.

mathematics

Hongming Fei,Owen Millwood,Gope Prosanta,Jack Miskelly,Biplab Sikdar

2024-03-06

Abstract:Physical Unclonable Functions (PUFs) have been shown to be a highly promising solution for enabling high security systems tailored for low-power devices. Commonly, PUFs are utilised to generate cryptographic keys on-the-fly, replacing the need to store keys in vulnerable, non-volatile memories. Due to the physical nature of PUFs, environmental variations cause noise, manifesting themselves as errors which are apparent in the initial PUF measurements. This necessitates expensive active error correction techniques which can run counter to the goal of lightweight security. ML-based techniques for authenticating noisy PUF measurements were explored as an alternative to error correction techniques, bringing about the concept of a PUF Phenotype, where PUF identity is considered as a structure agnostic representation of the PUF, with relevant noise encoding. This work proposes a full noise-tolerant authentication protocol based on the PUF Phenotype concept and methodology for an Internet-of-Things (IoT) network, demonstrating mutual authentication and forward secrecy in a setting suitable for device-to-device communication. Upon conducting security and performance analyses, it is evident that our proposed scheme demonstrates resilience against various attacks compared to the currently existing PUF protocols.

Cryptography and Security