Building PUF Based Authentication and Key Exchange Protocol for IoT Without Explicit CRPs in Verifier Database

Chatterjee, Urbi; Govindan, Vidya; Sadhukhan, Rajat; Mukhopadhyay, Debdeep; Chakraborty, Rajat Subhra; Mahata, Debashis; Prabhu, M.

doi:10.1109/tdsc.2018.2832201

Cited by 209 publications

(133 citation statements)

References 27 publications

Supporting

Mentioning

124

Contrasting

Order By: Relevance

“…The authors applied the hash of firmware along with PUF response to detect software and hardware impersonation attacks. Chatterjee et al proposed an authentication scheme that combines the concepts of PUF, identity-based encryption (IBE), and keyed hash function to eliminate the need for explicitly storing CRPs [41]. Braeken et al [42] proved that this protocol is vulnerable to the man-in-the-middle (MITM) attack, impersonation, and replay attacks [43].…”

Section: Prior Workmentioning

confidence: 99%

A Robust, Low-Cost and Secure Authentication Scheme for IoT Applications

Mahmod

Guin

2020

Cryptography

View full text Add to dashboard Cite

The edge devices connected to the Internet of Things (IoT) infrastructures are increasingly susceptible to piracy. These pirated edge devices pose a serious threat to security, as an adversary can get access to the private network through these non-authentic devices. It is necessary to authenticate an edge device over an unsecured channel to safeguard the network from being infiltrated through these fake devices. The implementation of security features demands extensive computational power and a large hardware/software overhead, both of which are difficult to satisfy because of inherent resource limitation in the IoT edge devices. This paper presents a low-cost authentication protocol for IoT edge devices that exploits power-up states of built-in SRAM for device fingerprint generations. Unclonable ID generated from the on-chip SRAM could be unreliable, and to circumvent this issue, we propose a novel ID matching scheme that alleviates the need for enhancing the reliability of the IDs generated from on-chip SRAMs. Security and different attack analysis show that the probability of impersonating an edge device by an adversary is insignificant. The protocol is implemented using a commercial microcontroller, which requires a small code overhead. However, no modification of device hardware is necessary.

show abstract

Section: Prior Workmentioning

confidence: 99%

A Robust, Low-Cost and Secure Authentication Scheme for IoT Applications

Mahmod

Guin

2020

Cryptography

View full text Add to dashboard Cite

show abstract

“…RFID tags [3]. While a number of lightweight authentication protocols have been proposed in [4,5,6,7,8], none of them offers a complete security solution in the context of the key three qualities of lightweight mutual authentication, availability and tag unclonability. Therefore, none of them is truly secure solution in providing fraud protection, secure access and anti-counterfeiting.…”

Section: Introductionmentioning

confidence: 99%

“…On the other hand, Fu et al [5] employs a symmetric encryption to guarantee data confidentiality and integrity, but managing and storing the secret key is a major weakness, and the system could be vulnerable if this key is compromised [9]. There are other approaches which rely on the use of PUF technology, which enhances the resilience of RFID systems against tag cloning attacks [7,8]. Gope et al [7] proposed a mutual authentication protocol using a Hash function and a PUF.…”

Section: Introductionmentioning

confidence: 99%

“…Although it is claimed that the protocol satisfies all common security requirements including availability, this protocol cannot fully resolve the availability issue posed by desynchronisation attack. Chatterjee et al [8] proposed a mutual authentication protocol based on PUF and ECC. However, it still cannot protect the tags' anonymity and their availability and forward security have not been proved.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

ARMOR: An Anti-Counterfeit Security Mechanism for Low Cost Radio Frequency Identification Systems

Yılmaz

Halak

2021

IEEE Trans. Emerg. Topics Comput.

View full text Add to dashboard Cite

Counterfeited products are costing the global economy hundreds of billions of dollars annually. Radio frequency identification(RFID) technology provides a promising solution for this problem, wherein each product is fitted with a secure tag, which is difficult to forge. However, RFID technology is faced with numerous security threats, for example, if the communication link between the reader and the tag is compromised, then it will be possible for a malicious adversary to obtain the private data stored on the device. Tag cloning attacks have also been demonstrated to be feasible, which severely undermines the capabilities of the RFID technology to protect against counterfeiting. One solution to this problem is the use of authentication protocol; however, existing schemes do not support mutual authentication and are still vulnerable to tag cloning attacks. In this paper, a new security mechanism is proposed, which consists of a lightweight three-flights mutual authentication protocol and an anti-counterfeit tag design. The proposed solution is based on combining the Rabin public-key encryption scheme with physically unclonable functions (PUF) technology. The security of the proposed protocol is systematically analysed and compared with existing schemes. The implementation cost of the proposed security primitives, assuming the 1024-bit public key, is 10139 GEs, which is suitable for low-cost RFID tags. Our results show that the proposed design is up-to 50% more area-efficient compared to systems based on Elliptic Curve Cryptography (ECC).

show abstract

“…Therefore, the PUFs are unique to their device and can be used as a security primitive to enable device-based identification, and authentication. More importantly, PUFs can provide a low cost alternative solution for on-demand generation of cryptographic keys from the device rather than the conventional methods, where the secret keys are produced and distributed by the server and stored in the IoT device memories [8].…”

Section: Introductionmentioning

confidence: 99%

A Proof of Concept SRAM-based Physically Unclonable Function (PUF) Key Generation Mechanism for IoT Devices

Korenda

Afghah

Cambou

et al. 2019

2019 16th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON)

View full text Add to dashboard Cite

This paper provides a proof of concept for using SRAM based Physically Unclonable Functions (PUFs) to generate private keys for IoT devices. PUFs are utilized, as there is inadequate protection for secret keys stored in the memory of the IoT devices. We utilize a custom-made Arduino mega shield to extract the fingerprint from SRAM chip on demand. We utilize the concepts of ternary states to exclude the cells which are easily prone to flip, allowing us to extract stable bits from the fingerprint of the SRAM. Using the custom-made software for our SRAM device, we can control the error rate of the PUF to achieve an adjustable memory-based PUF for key generation. We utilize several fuzzy extractor techniques based on using different error correction coding methods to generate secret keys from the SRAM PUF, and study the trade-off between the false authentication rate and false rejection rate of the PUF.

show abstract

Building PUF Based Authentication and Key Exchange Protocol for IoT Without Explicit CRPs in Verifier Database

Cited by 209 publications

References 27 publications

A Robust, Low-Cost and Secure Authentication Scheme for IoT Applications

A Robust, Low-Cost and Secure Authentication Scheme for IoT Applications

ARMOR: An Anti-Counterfeit Security Mechanism for Low Cost Radio Frequency Identification Systems

A Proof of Concept SRAM-based Physically Unclonable Function (PUF) Key Generation Mechanism for IoT Devices

Contact Info

Product

Resources

About