PUF-based Authentication Scheme for IoT Devices

Yoon, Seung-Yong; Kim, Byoungkoo; Kang, Young-Shik; Choi, Dooho

doi:10.1109/ictc49870.2020.9289260

Cited by 13 publications

(2 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many studies have been conducted on using PUF to authenticate IoT applications [41][42][43][44]. One of the important reasons is that the use of PUF provides a solution to the problem of storing keys in IoT devices vulnerable to tampering.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

P/Key: PUF based second factor authentication

Uysal

Akgün

2023

PLoS ONE

View full text Add to dashboard Cite

One-time password (OTP) mechanisms are widely used to strengthen authentication processes. In time-based one-time password (TOTP) mechanisms, the client and server store common secrets. However, once the server is compromised, the client’s secrets are easy to obtain. To solve this issue, hash-chain-based second-factor authentication protocols have been proposed. However, these protocols suffer from latency in the generation of OTPs on the client side because of the hash-chain traversal. Secondly, they can generate only a limited number of OTPs as it depends on the length of the hash-chain. In this paper, we propose a second-factor authentication protocol that utilizes Physically Unclonable Functions (PUFs) to overcome these problems. In the proposed protocol, PUFs are used to store the secrets of the clients securely on the server. In case of server compromise, the attacker cannot obtain the seeds of clients’ secrets and can not generate valid OTPs to impersonate the clients. In the case of physical attacks, including side-channel attacks on the server side, our protocol has a mechanism that prevents attackers from learning the secrets of a client interacting with the server. Furthermore, our protocol does not incur any client-side delay in OTP generation.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Thanks to the PUF, instead of storing the key in the device, when authentication is required, the key is generated in the PUF. Yoon et al proposed an authentication mechanism based on the usage of PUF on the client-side [41]. In [42], a PUF-based key agreement scheme has been presented for IoT devices.…”

Section: Related Workmentioning

confidence: 99%