Hanguang Luo,Tao Zou,Chunming Wu,Dan Li,Shunbin Li,Chu

DOI: https://doi.org/10.32604/cmc.2022.027118

2022-01-01

Abstract:In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.

W Liang,S Xie,X Li,J Long,Y Xie,KC Li

DOI: https://doi.org/10.1007/978-981-10-7398-4_36

2017-01-01

Abstract:The widespread use of radio frequency identification (RFID) in IoTs makes authentication of RFID systems be widely concerned. In existing encryption schemes (e.g., Hash function) in electronic products, secure chip is hard to be used in high performance RFID system due to high computation complexity and cost. In this work, we consider problems in these performances and propose a PUF-GIMAP protocol by combining GIMAP protocol and physically unclonable functions (PUFs). The response of PUF is added into protocol. The mutual authentication between label and reader is realized by transmitting information such as secret key and dynamical pseudonym, which greatly ensures data security in transmission. After authentication, the reserved data is updated in time. The protocol analysis shows that the proposed scheme has the advantages of high security and high reliability.

Baokui Zhu,Xiaowen Jiang,Kai Huang,Miao Yu

DOI: https://doi.org/10.3390/s24010093

IF: 3.9

2024-01-01

Sensors

Abstract:Physical Unclonable Functions (PUFs) are significant in building lightweight Internet of Things (IoT) authentication protocols. However, PUFs are susceptible to attacks such as Machine-Learning(ML) modeling and statistical attacks. Researchers have conducted extensive research on the security of PUFs; however, existing PUFs do not always possess good statistical characteristics and few of them can achieve a balance between security and reliability. This article proposes a strong response-feedback PUF based on the Linear Feedback Shift Register (LFSR) and the Arbiter PUF (APUF). This structure not only resists existing ML modeling attacks but also exhibits good Strict Avalanche Criterion (SAC) and Generalized Strict Avalanche Criterion (GSAC). Additionally, we introduce a Two-Level Reliability Improvement (TLRI) method that achieves 95% reliability with less than 35% of the voting times and single-response generation cycles compared to the traditional pure majority voting method.

Yu Zhuang,Gaoxiang Li

2024-05-22

Abstract:Lightweight authentication is essential for resource-constrained Internet-of-Things (IoT). Implementable with low resource and operable with low power, Physical Unclonable Functions (PUFs) have the potential as hardware primitives for implementing lightweight authentication protocols. The arbiter PUF (APUF) is probably the most lightweight strong PUF capable of generating exponentially many challenge-response pairs (CRPs), a desirable property for authentication protocols, but APUF is severely weak against modeling attacks. Efforts on PUF design have led to many PUFs of higher resistance to modeling attacks and also higher area overhead. There are also substantial efforts on protocol development, some leverage PUFs' strength in fighting modeling attacks, and some others employ carefully designed protocol techniques to obfuscate either the challenges or the responses with modest increase of area overhead for some or increased operations for some others. To attain both low resource footprint and high modeling attack resistance, in this paper we propose a co-design of PUF and protocol, where the PUF consists of an APUF and a zero-transistor interface that obfuscates the true challenge bits fed to the PUF. The obfuscated PUF possesses rigorously proven potential and experimentally supported performance against modeling attacks when a condition is met, and the protocol provides the condition required by the PUF and leverages the PUF's modeling resistance to arrive at low resource overhead and high operational simplicity, enabling lightweight authentications while resisting modeling attacks.

Cryptography and Security

Yongming Jin,Wei Xin,Huiping Sun,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-29253-8_27

2012-01-01

Abstract:RFID tags are now pervasive in our everyday life. They raise a lot of security and privacy issues. Many authentication protocols against these problems assume that the tags can contain a secret key that is unknown to the adversary. However, physical attacks can lead to key exposure and full security breaks. On the other hand, many protocols are only described and analyzed. However, we cannot explain why they are designed like that. Compare with the previous protocols, we first propose a universal RFID authentication protocol and show the principle why the protocol is designed. It can be instantiated for various types and achieve different security properties according to the implementation of the functions. Then we introduce a general prototype of delay-based PUF for low-cost RFID systems and propose a new lightweight RFID authentication protocol based on the general prototype of PUF. The new protocol not only resists the physical attacks and secret key leakage, but also prevents the asynchronization between the reader and the tag. It also can resist the replay attack, man-in-the-middle attack etc. Finally, we show that it is efficient and practical for low-cost RFID systems.

WANG Da-yin,LIN Dong-dai,WU Wen-ling

DOI: https://doi.org/10.3321/j.issn:0372-2112.2006.10.014

2006-01-01

Abstract:The most important tool to protect data integrity is Message Authentication Code(MAC),which is widely used in many kinds of secure systems.With the development of the theory of provable security,the MACs,which have security proof,are the first choice of many people.Based on the constructions of XOR MAC and PMAC,we define a deterministic fully parallelizable block-cipher mode of operation for message authentication-DXOR MAC(Deterministic XOR MAC).We prove its security,quantifying an adversary's forgery probability in terms of the quality of the block cipher as a pseudo-random permutation.

Shuai Chen,Bing Li,Ziheng Chen,Yan Zhang,Caicai Wang,Cheng Tao

DOI: https://doi.org/10.1109/jiot.2021.3065836

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Physical unclonable function (PUF) has emerged as an attractive hardware primitive for lightweight authentication in the Internet of Things (IoT). However, strong-PUF-based authentication schemes are threatened by powerful machine learning attacks. Therefore, dedicated lightweight protocols are required to preserve the privacy of the embedded strong PUF. In this article, we show that the "availability" and "reliability" features of Shamir's secret sharing (SSS) can be applied to address the security issue. In protocol A, the mappings between challenges and responses are randomly shuffled to resist the machine learning attacks. Leveraging the "availability" feature of SSS, the verification process is unaffected by the randomized challenge–response pairs (CRPs) at the server end. Moreover, the "reliability" feature of SSS provides the error-tolerant characteristic in our protocol, which is suitable for the noisy PUFs. Protocol A also presented a method to securely store the CRPs at the server side. The improved protocol A optimizes protocol A by eliminating the response storage and matching process at the server end. In protocol B, we present a mutual authentication protocol, where no response is exposed to the adversary. Protocol B can be classified as the lightweight protocol because it can avoid the use of cryptographic algorithms and error-correcting codes. We rigorously analyze and prove the security of our protocols with formal security proofs, informal security analysis, and several selected machine learning techniques, including logistic regression (LR), the deep neural network (DNN), approximate attack, AutoGluon-Tabular, and a new brute-force machine learning attack. Furthermore, we present an efficient implementation of our protocols on FPGA. The experimental results sh-w the feasibility and practicability of our protocols under different parameters.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wei Liang,Songyou Xie,Dafang Zhang,Xiong Li,Kuan-ching Li

DOI: https://doi.org/10.1145/3426968

IF: 5.3

2021-01-01

ACM Transactions on Internet Technology

Abstract:The Industrial Internet of Things ( IIoT ) is designed to refine and optimize the process controls, thereby leveraging improvements in economic benefits, such as efficiency and productivity. However, the Radio Frequency Identification ( RFID ) technology in an IIoT environment has problems such as low security and high cost. To overcome such issues, a mutual authentication scheme that is suitable for RFID systems, wherein techniques in Deep Learning ( DL ) are incorporated onto the Arbiter Physical Unclonable Function ( APUF ) for the secured access authentication of the IC circuits on the IoT, is proposed. The design applies the APUF-MPUF mutual authentication structure obtained by DL to generate essential real-time authentication information, thereby taking advantage of the feature that the tag in the PUF circuit structure does not need to store any essential information and resolving the problem of key storage. The proposed scheme also uses a bitwise comparison method, which hides the PUF response information and effectively reduces the resource overhead of the system during the verification process, to verify the correctness of the two strings. Security analysis demonstrates that the proposed scheme has high robustness and security against different conventional attack methods, and the storage and communication costs are 95.7% and 42.0% lower than the existing schemes, respectively.

Mahmood Azhar Qureshi,Arslan Munir

DOI: https://doi.org/10.48550/arXiv.2007.09588

2020-07-19

Abstract:Physically unclonable functions (PUFs) can be employed for device identification, authentication, secret key storage, and other security tasks. However, PUFs are susceptible to modeling attacks if a number of PUFs' challenge-response pairs (CRPs) are exposed to the adversary. Furthermore, many of the embedded devices requiring authentication have stringent resource constraints and thus require a lightweight authentication mechanism. We propose PUF-RLA, a PUF-based lightweight, highly reliable authentication scheme employing binary string shuffling. The proposed scheme enhances the reliability of PUF as well as alleviates the resource constraints by employing error correction in the server instead of the device without compromising the security. The proposed PUF-RLA is robust against brute force, replay, and modeling attacks. In PUF-RLA, we introduce an inexpensive yet secure stream authentication scheme inside the device which authenticates the server before the underlying PUF can be invoked. This prevents an adversary from brute forcing the device's PUF to acquire CRPs essentially locking out the device from unauthorized model generation. Additionally, we also introduce a lightweight CRP obfuscation mechanism involving XOR and shuffle operations. Results and security analysis verify that the PUF-RLA is secure against brute force, replay, and modeling attacks, and provides ~99% reliable authentication. In addition, PUF-RLA provides a reduction of 63% and 74% for look-up tables (LUTs) and register count, respectively, in FPGA compared to a recently proposed approach while providing additional authentication advantages.

Cryptography and Security

Indu Chandran,Kizheppatt Vipin

DOI: https://doi.org/10.1016/j.comnet.2024.110717

IF: 5.493

2024-08-21

Computer Networks

Abstract:Unmanned aerial vehicles, initially developed for military use, have evolved to play vital roles in civilian applications including photography, agriculture, disaster management, and delivery services. Their agility, precision, and ad-hoc formation make them indispensable, particularly in time-sensitive tasks such as search-and-rescue missions. However, the widespread use of UAVs has raised security concerns, including unauthorized access, cyberattacks, and physical threats. In addition, the dynamic nature of these networks provides adversaries with opportunities to exploit node failures leading to potential data breaches. To address these risks, implementing robust security measures such as authentication, encryption, physical security, and proactive monitoring is essential even amidst the inherent resource limitations faced by UAVs. This paper proposes a lightweight authentication and key agreement protocol for multi-UAV networks, incorporating physically unclonable technology for securing the data sent over the network. The protocol also addresses security risks during UAV failures and the unauthorized access to data. The scheme has been validated using the Scyther simulation tool, with the PUF implemented on the Xilinx FPGA platform. An informal security analysis is also presented that demonstrates its adherence to security requirements. Additionally, the performance of the proposed scheme is compared with state-of-the-art approaches by evaluating network latency in terms of computational and communication costs, affirming its effectiveness in resource-constrained applications.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Jeroen Delvaux,Dawu Gu,Dries Schellekens,Ingrid Verbauwhede

DOI: https://doi.org/10.1007/978-3-662-44709-3_25

2014-01-01

Abstract:Physically unclonable functions PUFs exploit the unavoidable manufacturing variations of an integrated circuit IC. Their input-output behavior serves as a unique IC 'fingerprint'. Therefore, they have been envisioned as an IC authentication mechanism, in particular for the subclass of so-called strong PUFs. The protocol proposals are typically accompanied with two PUF promises: lightweight and an increased resistance against physical attacks. In this work, we review eight prominent proposals in chronological order: from the original strong PUF proposal to the more complicated converse and slender PUF proposals. The novelty of our work is threefold. First, we employ a unified notation and framework for ease of understanding. Second, we initiate direct comparison between protocols, which has been neglected in each of the proposals. Third, we reveal numerous security and practicality issues. To such an extent, that we cannot support the use of any proposal in its current form. All proposals aim to compensate the lack of cryptographic properties of the strong PUF. However, proper compensation seems to oppose the lightweight objective.

Yao Wang,Xue Mei,Zhengtai Chang,Wenbing Fan,Benqing Guo,Zhi Quan,Deepak Kumar Jain

DOI: https://doi.org/10.1109/jiot.2023.3314058

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Simple authentication protocols based on conventional physical unclonable functions (PUF) are vulnerable to modeling attacks and other security threats. This paper proposes an arbiter PUF based on a linear feedback shift register (LFSR-APUF). Different from the previously reported linear feedback shift register for challenge extension, the proposed scheme feeds the external random challenges into the LFSR module to obfuscate the linear mapping relationship between the challenge and response. It can prevent attackers from obtaining valid challenge-response pairs (CRPs), increasing its resistance to modeling attacks significantly. A 64-stage LFSR-APUF has been implemented on a field programmable gate array (FPGA) board. The experimental results reveal that the proposed design can effectively resist various modeling attacks such as logistic regression (LR), evolutionary strategy (ES), Artificial Neuro Network (ANN), and support vector machine (SVM) with a prediction rate of 51.79% and a slight effect on the randomness, reliability, and uniqueness. Further, a lightweight authentication protocol is established based on the proposed LFSR-APUF. The protocol incorporates a low-overhead, ultra-lightweight, novel private bit conversion Cover function that is uniquely bound to each device in the authentication network. The proposed authentication protocol not only resists spoofing attacks, physical attacks, and modeling attacks effectively, but also ensures the security of the entire authentication network by transferring important information in encrypted form from the server to the database even when the attacker completely controls the server.

computer science, information systems,telecommunications,engineering, electrical & electronic

Weize Yu,Jia Chen

DOI: https://doi.org/10.48550/arXiv.1810.07250

2018-09-12

Abstract:In this letter, a physical unclonable function (PUF)-advanced encryption standard (AES)-PUF is proposed as a new PUF architecture by embedding an AES cryptographic circuit between two conventional PUF circuits to conceal their challenge-to-response pairs (CRPs) against machine learning attacks. Moreover, an internal confidential data is added to the secret key of the AES cryptographic circuit in the new PUF architecture to update the secret key in real-time against side-channel attacks. As shown in the results, even if 1 million number of data are enabled by the adversary to implement machine learning or side-channel attacks, the proposed PUF can not be cracked. By contrast, only 5,000 (1,000) number of data are sufficient to leak the confidential information of a conventional PUF via machine learning (side-channel) attacks.

Cryptography and Security

Paul Chin,Yuan Cao,Xiaojin Zhao,Leilei Zhang,Fan Zhang

DOI: https://doi.org/10.1109/AsianHOST47458.2019.9006716

2019-01-01

Abstract:Physical Unclonable Functions (PUFs) are considered as an attractive low-cost security anchor. The unique features of PUFs are dependent on the Nanoscale variations introduced during the manufacturing variations. Most PUFs exhibit an unreliability problem due to aging and inherent sensitivity to the environmental conditions. As a remedy to the reliability issue, helper data algorithms are used in practice. A helper data algorithm generates and stores the helper data in the enrollment phase in a secure environment. The generated helper data are used then for error correction, which can transform the unique feature of PUFs into a reproducible key. The key can be used to encrypt secret data in the security scheme. In contrast, this work shows that the fuzzy PUFs can be used to secret important data directly by an error-tolerant protocol without the enrollment phase and error-correction algorithm. In our proposal, the secret data is locked in a vault leveraging the unique fuzzy pattern of PUF. Although the noise exists, the data can then be released only by this unique PUF. The evaluation was performed on the most prominent intrinsic PUF - DRAM PUF. The test results demonstrate that our proposal can reach an acceptable reconstruction rate in various environment. Finally, the security analysis of the new proposal is discussed.

Hu Zhenyu,Lin Dongdai,Wu Wenling,Feng Dengguo

IF: 1.019

2007-01-01

Chinese Journal of Electronics

Abstract:A security notion of Message authentication (MAC) named Tag-secrecy was abstracted from the pseudo-randomness of tagging algorithm, to characterize the security that is very different from the unforgeability (which is the traditional security notion of MAC). The Tag-secrecy is weaker than the pseudo-randomness and can be met by widely used authentication schemes. Under the assumption of Tag-secrecy, it is showed that the Encryptand-MAC can preserve Indistinguishability under Chosen-plaintext attacks (IND-CPA) and Integrity of Plaintext (INT-PTXT) in general.A security notion of encryption called Un-trivial forgeability of Ciphertext (UTF-CTXT) was presented to characterize that for any given ciphertext C, the adversary cannot forge a new ciphertext C' to decrypt to the same plaintext as C (named trivial forgery). This UTF-CTXT was to guarantee that any modification about the ciphertext must correspond to some change of the plaintext. It is proved to be much weaker than Integrity of Ciphertext (INT-CTXT) and satisfied by many popular encryption schemes and modes.With a Tag-secrecy MAC and an UTF-CTXT-secure encryption, Encrypt-and-MAC can satisfy the both strongest security requirements-Indistinguishability under Chosen-ciphertext attacks (IND-CCA) and INT-CTXT.

Li Zhang,Jianbo Xu,Mohammad S. Obaidat,Xiong Li,Pandi Vijayakumar

DOI: https://doi.org/10.1049/cmu2.12295

IF: 1.345

2021-01-01

IET Communications

Abstract:With the advancement of information technology and the reduction of costs, the application of unmanned aerial vehicle (UAV) has gradually expanded from the military field to the industrial field and civilian field. It brings great convenience to people in surveillance, detection, transportation, emergency rescue etc. However, UAVs usually work in harsh natural environments, and their communication security confronts various challenges. Due to UAVs' limited resources, such as computing capability, storage space, and energy, traditional security protection schemes based on complex cryptographic algorithms are not suitable for UAV systems directly. Therefore, a two-stage lightweight identity authentication and key agreement protocol for UAV is proposed in this paper. The entire process only uses hash and XOR operations, which significantly improves the authentication efficiency. Simultaneously, the physical unclonable function (PUF) is introduced and embedded into the UAV hardware to ensure UAV network communication security when a UAV suffers a physical capture attack. In the paper, the security of the proposed protocol is proved with Burrows-Abadi-Needham (BAN) logic, Real-or-Random (ROR) model, and AVISPA simulation tools. An informal security analysis is also provided to illustrate that the protocol satisfies the security requirements of UAV networks. Finally, the protocol is compared with other existing protocols regarding function properties, computation cost, and communication cost, which shows that the proposed protocol has effectiveness and practicality.

Thomas McGrath,Ibrahim E. Bagci,Zhiming M. Wang,Utz Roedig,Robert J. Young

DOI: https://doi.org/10.1063/1.5079407

IF: 15

2019-01-01

Applied Physics Reviews

Abstract:Authentication is an essential cryptographic primitive that confirms the identity of parties during communications. For security, it is important that these identities are complex, in order to make them difficult to clone or guess. In recent years, physically unclonable functions (PUFs) have emerged, in which identities are embodied in structures, rather than stored in memory elements. PUFs provide “digital fingerprints,” where information is usually read from the static entropy of a system, rather than having an identity artificially programmed in, preventing a malicious party from making a copy for nefarious use later on. Many concepts for the physical source of the uniqueness of these PUFs have been developed for multiple different applications. While certain types of PUF have received a great deal of attention, other promising suggestions may be overlooked. To remedy this, we present a review that seeks to exhaustively catalogue and provide a complete organisational scheme towards the suggested concepts for PUFs. Furthermore, by carefully considering the physical mechanisms underpinning the operation of different PUFs, we are able to form relationships between PUF technologies that previously had not been linked and look toward novel forms of PUF using physical principles that have yet to be exploited.

Xiaolin Zhang,Dawu Gu,Tengfei Wang,Yu Huang

DOI: https://doi.org/10.1109/tcad.2023.3286260

IF: 2.9

2023-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:The Internet of Things (IoT) facilitates the information exchange between people and smart devices. It needs cryptographic measures to secure its communications and interconnected objects. However, cyber–physical attacks pose a great challenge to the protection of secret keys inside. Physically unclonable function (PUF) is a promising hardware primitive with unclonable structures providing tamper evidence for a device. Moreover, a PUF instance has a unique set of randomized challenge–response pairs. Although it can be integrated into a security scheme to replace long-term keys, designing a dedicated PUF-based cryptographic algorithm that supports peer-to-peer communication remains a challenging field to explore. In this article, we propose SPEAR, a scalable PUF-based authenticated encryption (AE) scheme that uses no cryptographic primitives other than PUF and hash functions. SPEAR can be deployed on peer IoT devices that have performed a handshake protocol to obtain shared credentials. Its security under the chosen ciphertext attack is formally proved using the game-playing technique, and it is still secure when attackers physically extract the credentials. In addition, we give a variant, $x$ SPEAR, to involve associated data and avoid the nonce reuse problem. Compared to other PUF-based ciphers, it performs better in terms of storage overhead and PUF evaluation times. SPEAR first realizes scalable AE based on PUF and can be a practical solution for IoT.

Sameh Khalfaoui,Jean Leneutre,Arthur Villard,Ivan Gazeau,Jingxuan Ma,Pascal Urien

DOI: https://doi.org/10.3390/s21248415

IF: 3.9

2021-12-16

Sensors

Abstract:The demand for Internet of Things services is increasing exponentially, and consequently a large number of devices are being deployed. To efficiently authenticate these objects, the use of physical unclonable functions (PUFs) has been introduced as a promising solution for the resource-constrained nature of these devices. The use of machine learning PUF models has been recently proposed to authenticate the IoT objects while reducing the storage space requirement for each device. Nonetheless, the use of a mathematically clonable PUFs requires careful design of the enrollment process. Furthermore, the secrecy of the machine learning models used for PUFs and the scenario of leakage of sensitive information to an adversary due to an insider threat within the organization have not been discussed. In this paper, we review the state-of-the-art model-based PUF enrollment protocols. We identity two architectures of enrollment protocols based on the participating entities and the building blocks that are relevant to the security of the authentication procedure. In addition, we discuss their respective weaknesses with respect to insider and outsider threats. Our work serves as a comprehensive overview of the ML PUF-based methods and provides design guidelines for future enrollment protocol designers.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Qirui Ren,Xiangqu Fu,Hao Wu,Kaiqi Yang,Dengyun Lei,Guozhong Xing,Feng Zhang

DOI: https://doi.org/10.3390/mi12121560

IF: 3.4

2021-12-15

Micromachines

Abstract:Radio frequency identification technology (RFID) has empowered a wide variety of automation industries. Aiming at the current light-weight RFID encryption scheme with limited information protection methods, combined with the physical unclonable function (PUF) composed of resistive random access memory (RRAM), a new type of high-efficiency reconfigurable strong PUF circuit structure is proposed in this paper. Experimental results show that the proposed PUF shows an almost ideal value (50%) of inter-chip hamming distance (HD) (μ/σ = 0.5001/0.0340) among 1000 PUF keys, and intra-chip HD results are very close to the ideal value (0). The bit error rate (BER) is as low as 3.8×10−6 across one million challenges. Based on the RRAM PUF, we propose and implement a light weight RFID authentication protocol. By virtue of RRAM’s model ability, the protocol replaces the One-way Hash Function with a response chain mutual encryption algorithm. The results of test and analysis show that the protocol can effectively resist multiple threats such as physical attacks, replay attacks, tracking attacks and asynchronous attacks, and has good stability. At the same time, based on RRAM’s unique resistance variability, PUF also has the advantage of being reconfigurable, providing good security for RFID tags.

chemistry, analytical,nanoscience & nanotechnology,instruments & instrumentation,physics, applied