Abdulaziz Al-Meer,Saif Al-Kuwari

DOI: https://doi.org/10.1145/3591464

IF: 16.6

2023-04-08

ACM Computing Surveys

Abstract:Physical Unclonable Function (PUF) has recently attracted interest from both industry and academia as a potential alternative approach to secure Internet of Things (IoT) devices from the more traditional computational-based approach using conventional cryptography. PUF is a promising solution for lightweight security, where the manufacturing fluctuation process of IC is used to improve the security of IoT as it provides low complexity design and preserves secrecy. PUF provides a low-cost low-power solution and can be implemented in both Field Programmable Gate Arrays (FPGA) and Application-Specific Integrated Circuits (ASICs). In this survey, we provide a comprehensive review of the state-of-the-art of PUF, its architectures, protocols and security for IoT.

computer science, theory & methods

Hanguang Luo,Tao Zou,Chunming Wu,Dan Li,Shunbin Li,Chu

DOI: https://doi.org/10.32604/cmc.2022.027118

2022-01-01

Abstract:In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.

Fahem Zerrouki,Samir Ouchani,Hafida Bouarfa

DOI: https://doi.org/10.1007/s12652-022-04321-x

IF: 3.662

2022-08-07

Journal of Ambient Intelligence and Humanized Computing

Abstract:The Internet of things (IoT) is an indispensable part of our daily lives, bringing us many conveniences, including e-commerce and m-commerce services. Unfortunately, IoT networks suffer from several security issues, such as privacy, access control, and authentication. However, due to the limited computation resources, remote authentication between IoT devices and servers is vulnerable to being attacked over an insecure communication channel. Many authentication schemes have been proposed, but generally, they are based on traditional cryptographic techniques. Unfortunately, most of them are vulnerable to physical attacks since they rely mainly on a stored secret key in the device's local memory. However, recently Physically unclonable functions (PUFs) have been classified as solid security primitives that could guarantee the three pillars of security (confidentiality, authenticity, and privacy) of sent or received information by IoT devices. PUFs extract unique information from the physical characteristics of the IoT device. Nevertheless, a Fuzzy extractor (FE) should be considered to extract correct and reproducible cryptographic keys from a noisy source. This paper proposes a mutual authentication and a session key establishment protocol for IoT devices based on Silicon PUFs using Arbiter chips. We also validate our developed protocol regarding its resistance to attack scenarios. By relying on formal verification using VerifPal, we found that the proposed authentication mechanism is secure and suitable for resource-constrained IoT devices. Furthermore, our scheme is more efficient than the existing ones in terms of attack robustness. Finally, the experiments have been validated on an Arbiter PUF dataset.

computer science, information systems,telecommunications, artificial intelligence

Pengpeng Ren,Yongkang Xue,Linglin Jing,Lining Zhang,Runsheng Wang,Zhigang Ji

DOI: https://doi.org/10.1007/s11432-022-3722-8

2023-01-01

Science China Information Sciences

Abstract:The physical unclonable functions (PUFs) are novel cryptographic primitives in modern hardware security systems. Compared with traditional alternatives based on digital keys and non-volatile memory (NVM), the PUF system shows great unclonability, high efficiency, and physical attack resilience. However, the conventional PUF design suffers from weak machine learning immunity, high storage overhead, and unreliability, making it difficult to implement in the Internet of Things (IoT) and edge computing applications. This paper presents a new PUF design that could solve the proposed obstacles. By utilizing the emission probability of traps commonly found in nano-scaled transistors, a model-based PUF system with strong machine learning resistance could be achieved. This PUF design, called Prob-PUF, needs fewer challenge-response pairs (CRPs) space and reveals superior resistance to modeling attacks due to the mixture of stable/random bits in its output response. Moreover, the Prob-PUF system could reach a high level of uniqueness and robustness, making it a potential candidate for future cryptographically secured protocols within the IoT.

Jiliang Zhang,Gang Qu

DOI: https://doi.org/10.48550/arXiv.1807.10884

2019-08-21

Abstract:In many Industry Internet of Things (IIoT) applications, resources like CPU, memory, and battery power are limited and cannot afford the classic cryptographic security solutions. Silicon Physical Unclonable Function (PUF) is a lightweight security primitive that exploits manufacturing variations during the chip fabrication process for key generation and/or device authentication. However, traditional weak PUFs such as Ring Oscillator (RO) PUF generate chip-unique key for each device, which restricts their application in security protocols where the same key is required to be shared in resource-constrained devices. In order to address this issue, we propose a PUF-based key sharing method for the first time. The basic idea is to implement one-to-one input-output mapping with Lookup Table (LUT)-based interstage crossing structures in each level of inverters of RO PUF. Individual customization on configuration bits of interstage crossing structure and different RO selections with challenges bring high flexibility. Therefore, with the flexible configuration of interstage crossing structures and challenges, CRO PUF can generate the same shared key for resource-constrained devices, which enables a new application for lightweight key sharing protocols.

Cryptography and Security

Ashwija Reddy Korenda,Fatemeh Afghah,Bertrand Cambou,Christopher Philabaum

DOI: https://doi.org/10.48550/arXiv.1907.12144

2019-07-28

Cryptography and Security

Abstract:This paper provides a proof of concept for using SRAM based Physically Unclonable Functions (PUFs) to generate private keys for IoT devices. PUFs are utilized, as there is inadequate protection for secret keys stored in the memory of the IoT devices. We utilize a custom-made Arduino mega shield to extract the fingerprint from SRAM chip on demand. We utilize the concepts of ternary states to exclude the cells which are easily prone to flip, allowing us to extract stable bits from the fingerprint of the SRAM. Using the custom-made software for our SRAM device, we can control the error rate of the PUF to achieve an adjustable memory-based PUF for key generation. We utilize several fuzzy extractor techniques based on using different error correction coding methods to generate secret keys from the SRAM PUF, and study the trade-off between the false authentication rate and false rejection rate of the PUF.

Krzysztof Gołofit

DOI: https://doi.org/10.1038/s41598-024-75373-6

IF: 4.6

2024-10-16

Scientific Reports

Abstract:The article describes various security primitives for significantly resource-constrained devices, such as sensors or sensor networks, IoT devices, wearables, etc. — i.e., devices without programmable memory. It is dedicated to parts which cannot handle complex algorithms of modern secure cryptography, cannot be equipped with programmable memories, or their circuits or data in permanent memories can be easily reverse-engineered. Instead, all security techniques (e.g., identification, authentication, and encryption) are based on modern hardware cryptography, mainly: physical unclonable functions (PUFs) and true random number generators (TRNGs). The paper addresses numerous issues from untraceable identification to mutual authentication to one-time pad encryption. The communication security is considered to be a trade-off between the device's resources (processing ability, energy consumption, implementation size, response time), preparation complicity (initialization time, size of a server data storage) and the security capabilities and protection levels. Primitives can be included into the communication protocol based on particular needs and available hardware resources.

multidisciplinary sciences

Saeed Abdolinezhad,Vladimir Stavrov,Lukas Zimmermann,Axel Sikora

DOI: https://doi.org/10.1109/jsen.2024.3367735

IF: 4.3

2024-01-01

IEEE Sensors Journal

Abstract:With the expansion of Internet-of-Things (IoT) devices in many aspects of our life, the security of such systems has become an important challenge. Unlike conventional computer systems, any IoT security solution should consider the constraints of these systems such as computational capability, memory, connectivity, and energy consumption limitations. Physical unclonable functions (PUFs) with their special characteristics were introduced as hardware-based solutions to satisfy the security needs while respecting the mentioned constraints. They exploit the uncontrollable and reproducible variations of the underlying components for security applications such as identification, authentication, and secure boot. Since IoT devices are typically low cost, it is important to reuse existing elements in their hardware (for instance, sensors, analog-to-digital converters (ADCs), etc.) instead of adding extra costs for the PUF hardware. Micro-electromechanical system (MEMS) devices are widely used in IoT systems as sensors and actuators. In this work, for the first time, a lightweight MEMS-based circuit with a piezoresistive bridge is introduced as a weak PUF. The piezoresistive PUF leverages the uncontrollable variations in the parameters of the circuit elements to derive secure keys for cryptographic applications. The experimental results show that our proposed piezoresistive PUF is capable of generating enough entropy for a complex key generation, while its responses show stability in different environmental conditions. The manufactured piezoresistive PUF shows a uniqueness of 47.73% and a reliability of 94.19%. Moreover, the generated secret keys passed the National Institute of Standards and Technology (NIST) test suite for randomness.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Haji Akhundov,Erik van der Sluis,Said Hamdioui,Mottaqiallah Taouil

DOI: https://doi.org/10.5121/csit.2019.91328

2020-02-04

Abstract:Nowadays, Internet of Things (IoT) is a trending topic in the computing world. Notably, IoT devices have strict design requirements and are often referred to as constrained devices. Therefore, security techniques and primitives that are lightweight are more suitable for such devices, e.g., Static Random-Access Memory (SRAM) Physical Unclonable Functions (PUFs) and Elliptic Curve Cryptography (ECC). SRAM PUF is an intrinsic security primitive that is seeing widespread adoption in the IoT segment. ECC is a public-key algorithm technique that has been gaining popularity among constrained IoT devices. The popularity is due to using significantly smaller operands when compared to other public-key techniques such as RSA (Rivest Shamir Adleman). This paper shows the design, development, and evaluation of an application-specific secure communication architecture based on SRAM PUF technology and ECC for constrained IoT devices. More specifically, it introduces an Elliptic Curve Diffie-Hellman (ECDH) public-key based cryptographic protocol that utilizes PUF-derived keys as the root-of-trust for silicon authentication. Also, it proposes a design of a modular hardware architecture that supports the protocol. Finally, to analyze the practicality as well as the feasibility of the proposed protocol, we demonstrate the solution by prototyping and verifying a protocol variant on the commercial Xilinx Zynq-7000 APSoC device.

Cryptography and Security

Sensen Li,Yicai Huang,Bin Yu

DOI: https://doi.org/10.1016/j.comnet.2024.110426

IF: 5.493

2024-05-09

Computer Networks

Abstract:With the explosive development of the Internet of Things (IoT), its security has become a critical concern. As a lightweight hardware primitive, Physical Unclonable Function (PUF) provides a promising solution for IoT security. Nevertheless, as per the knowledge of the authors, most of the existing PUF-based anonymous authentication protocols for IoT are not suitable for end-to-end IoT applications due to their flexibility or security. Specifically, there are two main issues with existing related protocols: (1) the end-to-end anonymous authentication between IoT devices requires the participation of a trusted third party, which seriously affects the flexibility of interaction; (2) most related protocols provide weak anonymity, that is, they are anonymous against only eavesdroppers. To solve these problems, a new PUF-based end-to-end anonymous authentication protocol is proposed. Without needing the real-time participation of the third party, the proposed protocol realizes end-to-end direct mutual authentication and session key agreement while maintaining strong anonymity. It also provides an online dynamic updating mechanism for security parameters. The security analysis shows that the proposed protocol has perfect forward secrecy while resisting various known attacks including physical attacks and modeling attacks. Meanwhile, it outperforms related protocols in terms of protocol rounds and communication costs.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yansong Gao,Yang Su,Wei Yang,Shiping Chen,Surya Nepal,Damith C. Ranasinghe

DOI: https://doi.org/10.48550/arXiv.1902.03031

2019-02-08

Abstract:A securely maintained key is the premise upon which data stored and transmitted by ubiquitously deployed resource limited devices, such as those in the Internet of Things (IoT), are protected. However, many of these devices lack a secure non-volatile memory (NVM) for storing keys because of cost constraints. Silicon physical unclonable functions (PUFs) offering unique device specific secrets to electronic commodities are a low-cost alternative to secure NVM. As a physical hardware security primitive, reliability of a PUF is affected by thermal noise and changes in environmental conditions; consequently, PUF responses cannot be directly employed as cryptographic keys. A fuzzy extractor can turn noisy PUF responses into usable cryptographic keys. However, a fuzzy extractor is not immediately mountable on (highly) resource constrained devices due to its implementation overhead. We present a methodology for constructing a lightweight and secure PUF key generator for resource limited devices. In particular, we focus on PUFs constructed from pervasively embedded SRAM in modern microcontroller units and use a batteryless computational radio frequency identification (CRFID) device as a representative resource constrained IoT device in a case study.

Cryptography and Security

Zhao Huang,Liang Li,Yin Chen,Zeyu Li,Quan Wang,Xiaohong Jiang

DOI: https://doi.org/10.3390/electronics10233039

IF: 2.9

2021-01-01

Electronics

Abstract:With the advancement of the Internet of Things (IoTs) technology, security issues have received an increasing amount of attention. Since IoT devices are typically resource-limited, conventional security solutions, such as classical cryptography, are no longer applicable. A physically unclonable function (PUF) is a hardware-based, low-cost alternative solution to provide security for IoT devices. It utilizes the inherent nature of hardware to generate a random and unpredictable fingerprint to uniquely identify an IoT device. However, despite existing PUFs having exhibited a good performance, they are not suitable for effective application on resource-constrained IoT devices due to the limited number of challenge-response pairs (CRPs) generated per unit area and the large hardware resources overhead. To solve these problems, this article presents an ultra-lightweight reconfigurable PUF solution, which is named RPPUF. Our method is built on pico-PUF (PPUF). By incorporating configurable logics, one single RPPUF can be instantiated into multiple samples through configurable information K. We implement and verify our design on the Xilinx Spartan-6 field programmable gate array (FPGA) microboards. The experimental results demonstrate that, compared to previous work, our method increases the uniqueness, reliability and uniformity by up to 4.13%, 16.98% and 10.5%, respectively, while dramatically reducing the hardware resource overhead by 98.16% when a 128-bit PUF response is generated. Moreover, the bit per cost (BPC) metric of our proposed RPPUF increased by up to 28.5 and 53.37 times than that of PPUF and the improved butterfly PUF, respectively. This confirms that the proposed RPPUF is ultra-lightweight with a good performance, making it more appropriate and efficient to apply in FPGA-based IoT devices with constrained resources.

Surbhi Chhabra,Kusum Lata

DOI: https://doi.org/10.1007/s42979-022-01194-x

2022-05-24

SN Computer Science

Abstract:Intellectual Property (IP) core has evolved into a primary component of System-on-Chip (SoC). They address and implement a wide range of hardware functionalities within a chip core logic. Hence, IP reuse plays a prominent role in enhancing performance and reducing resource utilization in SoC, used in Internet-of-Things (IoT) devices. Unfortunately, continued growth and development in IoT devices raise a severe concern about the security of these IPs and require urgent authentication and encryption. The conventional cryptography methods may not be appropriate to secure IoT devices because of the rise in malicious hardware attacks. Physical Unclonable Functions (PUFs) are a promising approach used in IoT devices that prevent the IP against reverse-engineering, insertion of malicious activities or Trojans, piracy, cloning, and other threats. In this article, in particular, we integrated PUF with the traditional approach of Key-based Hardware Obfuscation to take advantage of PUF properties by generating secret keys that are unique and unclonable. We tested the PUF in terms of reliability, uniqueness, and uniformity. We also explore PUFs as a potential seed for Pseudo-Random Number Generators (PRNGs) to maximize obfuscation while minimizing area and power overhead. Furthermore, the PUF-based obfuscated model is applied to the Advanced Encryption Standard (AES) IP core to provide enhanced authentication as well as data encryption in IoT devices. Experimental results and NIST analysis show that the proposed model is resilient against reverse-engineering and compelling SAT and side-channel attacks. The proposed model is implemented on Basys3 FPGAs with minimum resource utilization, also compared with the current approaches.

Urbi Chatterjee,Vidya Govindan,Rajat Sadhukhan,Debdeep Mukhopadhyay,Rajat Subhra Chakraborty,Debashis Mahata,Mukesh M. Prabhu

DOI: https://doi.org/10.1109/tdsc.2018.2832201

2019-05-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Physically Unclonable Functions (PUFs) promise to be a critical hardware primitive to provide unique identities to billions of connected devices in Internet of Things (IoTs). In traditional authentication protocols a user presents a set of credentials with an accompanying proof such as password or digital certificate. However, IoTs need more evolved methods as these classical techniques suffer from the pressing problems of password dependency and inability to bind access requests to the “things” from which they originate. Additionally, the protocols need to be lightweight and heterogeneous. Although PUFs seem promising to develop such mechanism, it puts forward an open problem of how to develop such mechanism without needing to store the secret challenge-response pair (CRP) explicitly at the verifier end. In this paper, we develop an authentication and key exchange protocol by combining the ideas of Identity based Encryption (IBE), PUFs and Key-ed Hash Function to show that this combination can help to do away with this requirement. The security of the protocol is proved formally under the Session Key Security and the Universal Composability Framework. A prototype of the protocol has been implemented to realize a secured video surveillance camera using a combination of an Intel Edison board, with a Digilent Nexys-4 FPGA board consisting of an Artix-7 FPGA, together serving as the IoT node. We show, though the stand-alone video camera can be subjected to man-in-the-middle attack via IP-spoofing using standard network penetration tools, the camera augmented with the proposed protocol resists such attacks and it suits aptly in an IoT infrastructure making the protocol deployable for the industry.

computer science, information systems, software engineering, hardware & architecture

Vishalini R. Laguduva,Sheikh Ariful Islam,Sathyanarayanan Aakur,Srinivas Katkoori,Robert Karam

DOI: https://doi.org/10.48550/arXiv.1909.07891

2019-09-17

Abstract:Advances in technology have enabled tremendous progress in the development of a highly connected ecosystem of ubiquitous computing devices collectively called the Internet of Things (IoT). Ensuring the security of IoT devices is a high priority due to the sensitive nature of the collected data. Physically Unclonable Functions (PUFs) have emerged as critical hardware primitive for ensuring the security of IoT nodes. Malicious modeling of PUF architectures has proven to be difficult due to the inherently stochastic nature of PUF architectures. Extant approaches to malicious PUF modeling assume that a priori knowledge and physical access to the PUF architecture is available for malicious attack on the IoT node. However, many IoT networks make the underlying assumption that the PUF architecture is sufficiently tamper-proof, both physically and mathematically. In this work, we show that knowledge of the underlying PUF structure is not necessary to clone a PUF. We present a novel non-invasive, architecture independent, machine learning attack for strong PUF designs with a cloning accuracy of 93.5% and improvements of up to 48.31% over an alternative, two-stage brute force attack model. We also propose a machine-learning based countermeasure, discriminator, which can distinguish cloned PUF devices and authentic PUFs with an average accuracy of 96.01%. The proposed discriminator can be used for rapidly authenticating millions of IoT nodes remotely from the cloud server.

Cryptography and Security

Chandranshu Gupta,Gaurav Varshney

2023-11-07

Abstract:The Internet of Things (IoT) has improved people's lives by seamlessly integrating into many facets of modern life and facilitating information sharing across platforms. Device Authentication and Key exchange are major challenges for the IoT. High computational resource requirements for cryptographic primitives and message transmission during Authentication make the existing methods like PKI and IBE not suitable for these resource constrained devices. PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE. PUF provides an unclonable and tamper sensitive unique signature based on the PUF chip by using manufacturing process variability. Therefore, in this study, we use lightweight bitwise XOR, hash function, and PUF to Authenticate IoT devices. Despite several studies employing the PUF to authenticate communication between IoT devices, to the authors' knowledge, existing solutions require intermediary gateway and internet capabilities by the IoT device to directly interact with a Server for Authentication and hence, are not scalable when the IoT device works on different technologies like BLE, Zigbee, etc. To address the aforementioned issue, we present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself. The results of a thorough security study are validated against adversarial attacks and PUF modeling attacks. For formal security validation, the AVISPA verification tool is also used. Performance study recommends this protocol's lightweight characteristics. The proposed protocol's acceptability and defenses against adversarial assaults are supported by a prototype developed with ESP32.

Cryptography and Security

Kun Wang,Jianwei Shi,Wenxuan Lai,Qiang He,Jun Xu,Zhenyi Ni,Xinfeng Liu,Xiaodong Pi,Deren Yang

DOI: https://doi.org/10.1038/s41467-024-47479-y

IF: 16.6

2024-04-14

Nature Communications

Abstract:Integrated circuit anti-counterfeiting based on optical physical unclonable functions (PUFs) plays a crucial role in guaranteeing secure identification and authentication for Internet of Things (IoT) devices. While considerable efforts have been devoted to exploring optical PUFs, two critical challenges remain: incompatibility with the complementary metal-oxide-semiconductor (CMOS) technology and limited information entropy. Here, we demonstrate all-silicon multidimensionally-encoded optical PUFs fabricated by integrating silicon (Si) metasurface and erbium-doped Si quantum dots (Er-Si QDs) with a CMOS-compatible procedure. Five in-situ optical responses have been manifested within a single pixel, rendering an ultrahigh information entropy of 2.32 bits/pixel. The position-dependent optical responses originate from the position-dependent radiation field and Purcell effect. Our evaluation highlights their potential in IoT security through advanced metrics like bit uniformity, similarity, intra- and inter-Hamming distance, false-acceptance and rejection rates, and encoding capacity. We finally demonstrate the implementation of efficient lightweight mutual authentication protocols for IoT applications by using the all-Si multidimensionally-encoded optical PUFs.

multidisciplinary sciences

Xinrui Guo,Xiaoyang Ma,Franz Muller,Kai Ni,Thomas Kampfe,Yongpan Liu,Vijaykrishnan Narayanan,Xueqing Li

DOI: https://doi.org/10.48550/arXiv.2208.14678

2022-08-31

Abstract:Hardware security has been a key concern in modern information technologies. Especially, as the number of Internet-of-Things (IoT) devices grows rapidly, to protect the device security with low-cost security primitives becomes essential, among which Physical Unclonable Function (PUF) is a widely-used solution. In this paper, we propose the first FeFET-based strong PUF exploiting the cycle-to-cycle (C2C) variation of FeFETs as the entropy source. Based on the experimental measurements, the proposed PUF shows satisfying performance including high uniformity, uniqueness, reconfigurability and reliability. To resist machine-learning attack, XOR structure was introduced, and simulations show that our proposed PUF has similar resistance to existing attack models with traditional arbiter PUFs. Furthermore, our design is shown to be power-efficient, and highly robust to write voltage, temperature and device size, which makes it a competitive security solution for Internet-of-Things edge devices.

Emerging Technologies

Sameh Khalfaoui,Jean Leneutre,Arthur Villard,Ivan Gazeau,Jingxuan Ma,Pascal Urien

DOI: https://doi.org/10.3390/s21248415

IF: 3.9

2021-12-16

Sensors

Abstract:The demand for Internet of Things services is increasing exponentially, and consequently a large number of devices are being deployed. To efficiently authenticate these objects, the use of physical unclonable functions (PUFs) has been introduced as a promising solution for the resource-constrained nature of these devices. The use of machine learning PUF models has been recently proposed to authenticate the IoT objects while reducing the storage space requirement for each device. Nonetheless, the use of a mathematically clonable PUFs requires careful design of the enrollment process. Furthermore, the secrecy of the machine learning models used for PUFs and the scenario of leakage of sensitive information to an adversary due to an insider threat within the organization have not been discussed. In this paper, we review the state-of-the-art model-based PUF enrollment protocols. We identity two architectures of enrollment protocols based on the participating entities and the building blocks that are relevant to the security of the authentication procedure. In addition, we discuss their respective weaknesses with respect to insider and outsider threats. Our work serves as a comprehensive overview of the ML PUF-based methods and provides design guidelines for future enrollment protocol designers.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Sangjae Lee,Mi-Kyung Oh,Yousung Kang,Dooho Choi

DOI: https://doi.org/10.3390/s20020404

2020-01-10

Abstract:Keeping IoT devices secure has been a major challenge recently. One of the possible solutions to secure IoT devices is to use a physically unclonable function (PUF). A PUF is a security primitive that can generate device-specific cryptographic information by extracting the features of hardware uncertainty. Because PUF instances are very difficult to replicate even by the manufacturer, the generated bit sequence can be used as cryptographic keys or as a unique identifier for the device. Regarding the implementation of PUF, the majority of PUFs introduced over the past decade are in the form of active components and have been implemented as separate chips or embedded as a part of a chip, making it difficult to use them in low-cost IoT devices due to cost and design flexibility. One approach to easily adopt PUFs in resource-constrained IoT devices is to use passive components such as resistors and capacitors (RC) that can be configured at low cost. The main feature of this RC-based PUF is that it extracts the small difference caused by charging and discharging of RC circuits and uses it as a response. In this paper, we extend the previous research and show the possibility to secure IoT devices by using the RC-based PUF.