Proof of Concept for IoT Device Authentication Based on SRAM PUFs Using ATMEGA 2560-MCU

Lipps, Christoph; Weinand, Andreas; Krummacker, Dennis; Fischer, Christoph; Schotten, Hans D.

doi:10.1109/icdis.2018.00013

Cited by 19 publications

(9 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In general, we note that other works have discussed in depth the ability of memory-based PUFs, such as SRAM PUFs [113,145,146,185,186], DRAM-based PUFs [79,82,85,86,88,143,144,158,159], and Flash-memory-based PUFs [161,162], to provide adequate security under nominal conditions.…”

Section: Memory-based Pufs Under Nominal Conditionsmentioning

confidence: 92%

“…In 2018, Lipps et al [113] presented a proof-of-concept implementation of an SRAM PUF-based protocol for IoT device authentication using a COTS device. The authors note that the large number of interconnected devices allows for an increased number of attacks against the IoT, and propose the usage of SRAM PUFs as security primitives for the implementation of symmetric key cryptography and device authentication.…”

Section: Work Relevant To the Role Of Pufs As Security Mechanisms For...mentioning

confidence: 99%

“…A number of works have already assessed the quality of the responses of memory-based PUFs under ambient temperature variations. In particular, SRAM PUFs [3,4,113,145,185,186,192], all types of DRAM-based PUFs [79,80,82,83,85,86,87,88,143,144,147,153,158,192], as well as Flash-memory-based PUFs [89,147,161,162,191,193], have been shown to be mildly or even heavily affected by variations of the relevant ambient temperature. Therefore, we can conclude that most, if not all, memory-based PUFs are somewhat dependent on the ambient temperature and are affected by changes of its value.…”

Section: Memory-based Pufs Under Ambient Temperature Variationsmentioning

confidence: 99%

See 2 more Smart Citations

Practical Lightweight Security: Physical Unclonable Functions and the Internet of Things

Anagnostopoulos¹

2022

Preprint

View full text Add to dashboard Cite

In this work, we examine whether Physical Unclonable Functions (PUFs) can act as lightweight security mechanisms for practical applications in the context of the Internet of Things (IoT). In order to do so, we first discuss what PUFs are, and note that memory-based PUFs seem to fit the best to the framework of the IoT. Then, we consider a number of relevant memory-based PUF designs and their properties, and evaluate their ability to provide security in nominal and adverse conditions. Finally, we present and assess a number of practical PUF-based security protocols for IoT devices and networks, in order to confirm that memory-based PUFs can indeed constitute adequate security mechanisms for the IoT, in a practical and lightweight fashion.More specifically, we first consider what may constitute a PUF, and we redefine PUFs as inanimate physical objects whose characteristics can be exploited in order to obtain a behaviour similar to a highly distinguishable (i.e., “(quite) unique”) mathematical function. We note that PUFs share many characteristics with biometrics, with the main difference being that PUFs are based on the characteristics of inanimate objects, while biometrics are based on the characteristics of humans and other living creatures. We also note that it cannot really be proven that PUFs are unique per instance, but they should be considered to be so, insofar as (human) biometrics are also considered to be unique per instance.We, then, proceed to discuss the role of PUFs as security mechanisms for the IoT, and we determine that memory-based PUFs are particularly suited for this function. We observe that the IoT nowadays consists of heterogeneous devices connected over diverse networks, which include both high-end and resource-constrained devices. Therefore, it is essential that a security solution for the IoT is not only effective, but also highly scalable, flexible, lightweight, and cost-efficient, in order to be considered as practical. To this end, we note that PUFs have been proposed as security mechanisms for the IoT in the related work, but the practicality of the relevant security mechanisms has not been sufficiently studied.We, therefore, examine a number of memory-based PUFs that are implemented using Commercial Off-The-Shelf (COTS) components, and assess their potential to serve as acceptable security mechanisms in the context of the IoT, not only in terms of effectiveness and cost, but also under both nominal and adverse conditions, such as ambient temperature and supply voltage variations, as well as in the presence of (ionising) radiation. In this way, we can determine whether memory-based PUFs are truly suitable to be used in the various application areas of the IoT, which may even involve particularly adverse environments, e.g., in IoT applications involving space modules and operations.Finally, we also explore the potential of memory-based PUFs to serve as adequate security mechanisms for the IoT in practice, by presenting and analysing a number of cryptographic protocols based on these PUFs. In particular, we study how memory-based PUFs can be used for key generation, as well as device identification, and authentication, their role as security mechanisms for current and next-generation IoT devices and networks, and their potential for applications in the space segment of the IoT and in other adverse environments. Additionally, this work also discusses how memory-based PUFs can be utilised for the implementation of lightweight reconfigurable PUFs that allow for advanced security applications. In this way, we are able to confirm that memory-based PUFs can indeed provide flexible, scalable, and efficient security solutions for the IoT, in a practical, lightweight, and inexpensive manner.

show abstract

Section: Memory-based Pufs Under Nominal Conditionsmentioning

confidence: 92%

Section: Work Relevant To the Role Of Pufs As Security Mechanisms For...mentioning

confidence: 99%

Section: Memory-based Pufs Under Ambient Temperature Variationsmentioning

confidence: 99%

See 1 more Smart Citation

Practical Lightweight Security: Physical Unclonable Functions and the Internet of Things

Anagnostopoulos¹

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…The results from both studies show that the SUVs have a good entropy that can uniquely distinguish each chip. Elsewhere, microcontrollers in Arduino platforms have been used for a proof-of-concept of internet-of-things (IoT) device authentication [17]- [19]. Besides, the on-chip SRAM in ATMega328P microcontroller devices have been used as a case study to perform invasive attacks as discussed in [20], [21].…”

Section: Related Workmentioning

confidence: 99%

Lightweight hardware fingerprinting solution using inherent memory in off-the-shelf commodity devices

Mispan

Jidin

Kamarudin

et al. 2022

IJEECS

View full text Add to dashboard Cite

An emerging technology known as Physical unclonable function (PUF) can provide a hardware root-of-trust in building the trusted computing system. PUF exploits the intrinsic process variations during the integrated circuit (IC) fabrication to generate a unique response. This unique response differs from one PUF to the other similar type of PUFs. Static random-access memory PUF (SRAM-PUF) is one of the memory-based PUFs in which the response is generated during the memory power-up process. Non-volatile memory (NVM) architecture like SRAM is available in off-the-shelf microcontroller devices. Exploiting the inherent SRAM as PUF could wide-spread the adoption of PUF. Therefore, in this study, we evaluate the suitability of inherent SRAM available in ATMega2560 microcontroller on Arduino platform as PUF that can provide a unique fingerprint. First, we analyze the start-up values (SUVs) of memory cells and select only the cells that show random values after the power-up process. Subsequently, we statistically analyze the characteristic of fifteen SRAM-PUFs which include uniqueness, reliability, and uniformity. Based on our findings, the SUVs of fifteen on-chip SRAMs achieve 42.64% uniqueness, 97.28% reliability, and 69.16% uniformity. Therefore, we concluded that the available SRAM in off-the-shelf commodity hardware has good quality to be used as PUF.

show abstract

“…When it comes to Machine-to-Machine (M2M) and Machine-to-Service(M2S) applications, the approaches are focused on certificates, Hardware Security Modules (HSMs) and Trusted Platform Modules (TPMs), as well as encryption in general. Besides there are approaches with respect to Physical Layer Security (PhySec) aiming to utilize various physical characteristics of semiconductors (Lipps, et al, 2018) and the wireless propagation channel (Lipps, et al, 2020b) to authenticate devices and to derive cryptographic primitives. For all humanrelated scenarios, by contrast, biometric methods are (actually exclusively) appropriate.…”

Section: The Industrial Internet Of Things and The Matter Of Authenti...mentioning

confidence: 99%

I Know You by Heart: Biometric Authentication based on Electrocardiogram (ECG) signals

Lipps¹,

Bergkemper²,

Herbst³

et al. 2022

iccws

Self Cite

View full text Add to dashboard Cite

Trust, confidence and trustworthiness are of fundamental importance in human societies, usually established and sustained through personal relationships. But, due to the globalization and ongoing interconnection of everything up to Cyber-Physical Productions Systems (CPPS) and the Internet of Everything (IoE), physical attendance is no longer necessary. (Remote) access to systems is possible from anywhere on the globe. Accompanied with the lack of personal relationship is the challenge to trust entities –humans or machines-, and proof the identity they are claiming to be. Whether it's payment transactions with smartwatches, logging in to systems, or accessing sensitive parts of buildings, the user's identity is the basic prerequisite. For human participants, for instance, the verification can be obtained through biometrics. These are distinguishable into physiological, biological and behavioral features, each characteristic but of varying difficulty to deduce them. Although using biometric features is not a new concept -indeed they are the oldest form of authentication-, modern approaches are shifting them back into focus. Improved sensor technology enables the identification of people by their gait, or to distinguish them by their characteristic gestures. This work highlights how the availability of (medical) data, and the possibilities of Artificial Intelligence (AI) contribute to the identification and authentication of humans. Therefore, Electrocardiogram (ECG) signals are recorded using a Microcontroller Unit (MCU) and ECG electrodes to derive a three-lead ECG. Using different Machine Learning (ML) algorithms: K-Nearest Neighbor (KNN), Support Vector Machines (SVM) and Gaussian Naïve Bayes (GNB); it is analyzed whether the ECG signals are able to distinguish individuals. Thereby, the ML algorithms are compared with each other, determining which one achieves the best results. The results of the evaluation indicate that ECG signals are capable to distinguish humans based on their heartbeat in such a manner that they can be used as Human - Physically Unclonable Functions (Human-PUFs). Furthermore, the results give reason to assume that the algorithms can also be used for medical applications, for example to recognize heart diseases.

show abstract

Proof of Concept for IoT Device Authentication Based on SRAM PUFs Using ATMEGA 2560-MCU

Cited by 19 publications

References 9 publications

Practical Lightweight Security: Physical Unclonable Functions and the Internet of Things

Practical Lightweight Security: Physical Unclonable Functions and the Internet of Things

Lightweight hardware fingerprinting solution using inherent memory in off-the-shelf commodity devices

I Know You by Heart: Biometric Authentication based on Electrocardiogram (ECG) signals

Contact Info

Product

Resources

About