Abstract
The Internet of things (IoT) is an indispensable part of our daily lives, bringing us many conveniences, including e-commerce and m-commerce services. Unfortunately, IoT networks suffer from several security issues, such as privacy, access control, and authentication. However, due to the limited computation resources, remote authentication between IoT devices and servers is vulnerable to being attacked over an insecure communication channel. Many authentication schemes have been proposed, but generally, they are based on traditional cryptographic techniques. Unfortunately, most of them are vulnerable to physical attacks since they rely mainly on a stored secret key in the device’s local memory. However, recently Physically unclonable functions (PUFs) have been classified as solid security primitives that could guarantee the three pillars of security (confidentiality, authenticity, and privacy) of sent or received information by IoT devices. PUFs extract unique information from the physical characteristics of the IoT device. Nevertheless, a Fuzzy extractor (FE) should be considered to extract correct and reproducible cryptographic keys from a noisy source. This paper proposes a mutual authentication and a session key establishment protocol for IoT devices based on Silicon PUFs using Arbiter chips. We also validate our developed protocol regarding its resistance to attack scenarios. By relying on formal verification using VerifPal, we found that the proposed authentication mechanism is secure and suitable for resource-constrained IoT devices. Furthermore, our scheme is more efficient than the existing ones in terms of attack robustness. Finally, the experiments have been validated on an Arbiter PUF dataset.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ahmed HI, Nasr AA, Abdel-Mageid S, Aslan HK (2019) A survey of iot security threats and defenses. Int J Adv Comput Res 9(45):325–350
Aman MN, Chaudhry SA, Al-Turjman F (2020) Rapidauth: fast authentication for sustainable iot. In: International conference on forthcoming networks and sustainability in the IoT era, vol 353. Springer, pp 82–95
Ameri MH, Delavar M, Mohajeri J (2019) Provably secure and efficient puf-based broadcast authentication schemes for smart grid applications. Int J Commun Syst 32(8):e3935
Barbosa M, Barthe G, Bhargavan K, Blanchet B, Cremers C, Liao K, Parno B (2021) Sok: computer-aided cryptography. In: 2021 IEEE symposium on security and privacy (SP), vol 1393. IEEE, pp 777–795
Bengtson J, Bhargavan K, Fournet C, Gordon AD, Maffeis S (2011) Refinement types for secure implementations. ACM Trans Program Lang Syst (TOPLAS) 33(2):1–45
Cheval V, Blanchet B (2013) Proving more observational equivalences with proverif. In: International conference on principles of security and trust, vol 7796. Springer, pp 226–246
Cheval V, Kremer S, Rakotonirina I (2018) Deepsec: deciding equivalence properties in security protocols theory and practice. In: 2018 IEEE symposium on security and privacy (SP), vol 10982. IEEE, pp 529–546
Cremers CJ (2008) The scyther tool: verification, falsification, and analysis of security protocols. In: International conference on computer aided verification, vol 5123. Springer, pp 414–418
Doghmi SF, Guttman JD, Thayer FJ (2007) Searching for shapes in cryptographic protocols. In: International conference on tools and algorithms for the construction and analysis of systems, vol 4424. Springer, pp 523–537
Escobar S, Meadows C, Meseguer J (2009) Maude-npa: cryptographic protocol analysis modulo equational properties. In: Foundations of security analysis and design V: FOSAD 2007/2008/2009 tutorial lectures. Springer, pp 1–50
Gope P, Sikdar B (2018) Privacy-aware authenticated key agreement scheme for secure smart grid communication. IEEE Trans Smart Grid 10(4):3953–3962
Guan Z, Liu H, Qin Y (2019) Physical unclonable functions for iot device authentication. J Commun Inf Netw 4(4):44–54
Hu YW, Zhang TP, Wang CF, Liu KK, Sun Y, Li L, Lv CF, Liang YC, Jiao FH, Zhao WB et al (2021) Flexible and biocompatible physical unclonable function anti-counterfeiting label. Adv Funct Mater 31:2102108
Idriss TA, Idriss HA, Bayoumi MA (2021) A lightweight puf-based authentication protocol using secret pattern recognition for constrained iot devices. IEEE Access 9:80546–80558
Katagi M, Moriai S (2011) The 128-bit blockcipher clefia. In: IETF RFC 6114, vol 4593. Springer, pp 181–195
Kaveh M, Aghapour S, Martin D, Mosavi MR (2020) A secure lightweight signcryption scheme for smart grid communications using reliable physically unclonable function. In: 2020 IEEE International Conference on environment and electrical engineering and 2020 IEEE Industrial and Commercial Power Systems Europe (EEEIC/I &CPS Europe), IEEE, pp 1–6
Kim B, Yoon S, Kang Y, Choi D (2019) Puf based iot device authentication scheme. In: 2019 International Conference on information and communication technology convergence (ICTC), IEEE, pp 1460–1462
Kobeissi N, Nicolas G, Tiwari M (2020) Verifpal: cryptographic protocol analysis for the real world. In: International Conference on cryptology in India, vol 12578. Springer, pp 151–202
Lim D, Lee JW, Gassend B, Suh GE, Van Dijk M, Devadas S (2005) Extracting secret keys from integrated circuits. IEEE Trans Very Large Scale Integr (VLSI) Syst 13(10):1200–1205
Meng J, Zhang X, Cao T, Xie Y (2021) Lightweight and anonymous mutual authentication protocol for iot devices with physical unclonable functions. Secur Commun Netw 2022:1–11
Mostafa A, Lee SJ, Peker YK (2020) Physical unclonable function and hashing are all you need to mutually authenticate iot devices. Sensors 20(16):4361
Muhal MA, Luo X, Mahmood Z, Ullah A (2018) Physical unclonable function based authentication scheme for smart devices in internet of things. In: 2018 IEEE International Conference on smart Internet of Things (SmartIoT), IEEE, pp 160–165
Najafi F, Kaveh M, Martín D, Reza Mosavi M (2021) Deep puf: A highly reliable dram puf-based authentication for iot networks using deep convolutional neural networks. Sensors 21(6):2009
Nandy T, Idris MYIB, Noor RM, Kiah LM, Lun LS, Juma’at NBA, Ahmedy I, Ghani NA, Bhattacharyya S (2019) Review on security of internet of things authentication mechanism. IEEE Access 7:151054–151089
Pu C, Li Y (2020) Lightweight authentication protocol for unmanned aerial vehicles using physical unclonable function and chaotic system. In: 2020 IEEE International Symposium on local and metropolitan area networks (LANMAN, IEEE), pp 1–6
Schmidt B, Meier S, Cremers C, Basin D (2012) Automated analysis of Diffie-Hellman protocols and advanced security properties. In: 2012 IEEE 25th Computer Security Foundations Symposium, IEEE, pp 78–94
Yanambaka VP, Mohanty SP, Kougianos E, Puthal D (2019) Pmsec: physical unclonable function-based robust and lightweight authentication in the internet of medical things. IEEE Trans Consum Electron 65(3):388–397
Zerrouki F, Ouchani S, Bouarfa H (2021a) A generation and recovery framework for silicon pufs based cryptographic key. In: International Conference on model and data engineering, vol 1481. Springer, pp 121–137
Zerrouki F, Ouchani S, Bouarfa H (2021b) A low-cost authentication protocol using arbiter-puf. In: International Conference on model and data engineering, vol 12732. Springer, pp 101–116
Zerrouki F, Ouchani S, Bouarfa H (2022) A survey on silicon pufs. J Syst Arch 127:102514
Zhang J, Rajendran S, Sun Z, Woods R, Hanzo L (2019) Physical layer security for the internet of things: authentication and key generation. IEEE Wirel Commun 26(5):92–98
Zheng Y, Liu W, Gu C, et al (2021) Puf-based mutual authentication and key-exchange protocol for peer-to-peer iot applications
Zhou Q, He Y, Yang K, Chi T (2021) 12.3 exploring puf-controlled pa spectral regrowth for physical-layer identification of iot nodes. In: 2021 IEEE International Solid-State Circuits Conference (ISSCC), IEEE, vol 64, pp 204–206
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Verifpal code
Verifpal code
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Zerrouki, F., Ouchani, S. & Bouarfa, H. PUF-based mutual authentication and session key establishment protocol for IoT devices. J Ambient Intell Human Comput 14, 12575–12593 (2023). https://doi.org/10.1007/s12652-022-04321-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-022-04321-x