Litcius/Paper detail

PUF-IPA: A PUF-based Identity Preserving Protocol for Internet of Things Authentication

Mahmood Azhar Qureshi, Arslan Munir

202047 citationsDOI

Abstract

Physically unclonable functions (PUFs) can be used for Internet of things (IoT) based identification, authentication and authorization. However, PUF based authentication systems are vulnerable to various attacks including, but not limited to, replay and modeling attacks. In this paper, we propose PUF-IPA, a PUF-based identity-preserving protocol for IoT device authentication. The PUF-IPA provides stronger resilience against security attacks as compared to previous approaches assuming a threat model where adversary can conduct not only passive or active attacks during authentication phase but can also breach the server storing PUF credentials. The proposed PUF-IPA is robust against brute force, replay, and modeling attacks. In PUF-IPA, no partial/full challenge-response pairs (CRPs) or soft models associated to a PUF within a device are stored, generated, transmitted, or received by the server during authentication events. The PUF-IPA improves the PUF response accuracy by enabling self-checking. Results reveal that the PUF-IPA improves the PUF response accuracy from 89% to 98% without the use of hardware-expensive error correction codes.

Topics & Concepts

Computer scienceReplay attackAuthentication (law)Authentication protocolComputer securityInternet of ThingsReflection attackResilience (materials science)Identification (biology)Protocol (science)Challenge–response authenticationEmbedded systemComputer networkBiologyAlternative medicinePathologyPhysicsBotanyThermodynamicsMedicinePhysical Unclonable Functions (PUFs) and Hardware SecurityAdvanced Memory and Neural ComputingNeuroscience and Neural Engineering