Litcius/Paper detail

Designing secure PUF-based authentication protocols for constrained environments

Sang-Woong Lee, Masoumeh Safkhani, Quynh Ngoc Hoang Le, Omed Hassan Ahmed, Mehdi Hosseinzadeh, Amir Masoud Rahmani, Nasour Bagheri

2023Scientific Reports25 citationsDOIOpen Access PDF

Abstract

Physical Unclonable Functions (PUFs) are widely used in cryptographic authentication and key-agreement protocols due to their unique physical properties. This article presents a comprehensive cryptanalysis of two recently developed authentication protocols, namely PLAKE and EV-PUF, both relying on PUFs. Our analysis reveals significant vulnerabilities in these protocols, including susceptibility to impersonation and key leakage attacks, which pose serious threats to the security of the underlying systems. In the case of PLAKE, we propose an attack that can extract the shared secret key with negligible complexity by eavesdropping on consecutive protocol sessions. Similarly, we demonstrate an efficient attack against EV-PUF that enables the determination of the shared key between specific entities. Furthermore, we highlight the potential for a single compromised client in the EV-PUF protocol to compromise the security of the entire network, leaving it vulnerable to pandemic attacks. These findings underscore the critical importance of careful design and rigorous evaluation when developing PUF-based authentication protocols. To address the identified vulnerabilities, we present an improved PUF-based authentication protocol that ensures robust security against all the attacks described in the context of PLAKE and EV-PUF. Through this research, we contribute to the field by exposing vulnerabilities in existing PUF-based authentication protocols and offering an improved protocol that enhances security and safeguards against various attack vectors. This work serves as a valuable reference for researchers and practitioners involved in the design and implementation of secure authentication schemes for IoT systems and dynamic charging systems for electric vehicles.

Topics & Concepts

Computer scienceAuthentication protocolComputer securityAuthentication (law)Protocol (science)EavesdroppingChallenge–response authenticationCryptographic protocolKey (lock)Otway–Rees protocolCryptographyChallenge-Handshake Authentication ProtocolComputer networkPathologyAlternative medicineMedicinePhysical Unclonable Functions (PUFs) and Hardware SecurityUser Authentication and Security SystemsNeuroscience and Neural Engineering
Designing secure PUF-based authentication protocols for constrained environments | Litcius