Abstract
Physically unclonable function (PUF) is an embedded hardware-based function in a device and cannot be cloned or reproduced on another device. Due to its unclonability, the PUF has been one of the hot issues in IoT devices over pervasive communication network. Recently, there have been attempts to combine a password with an input of PUF for more efficient authentication over insecure communication. In this paper, we firstly raise a question that “Is it really secure if a password is used for an input of PUF?”. Up to now, to the best of our knowledge, only two password-based PUF authentications have been introduced in the literature. We revisit two schemes in view of an off-line password guessing attack. Under a practical PUF assumption, however, we observe that two protocols are susceptible to an off-line dictionary attack. We also present a quite simple but powerful countermeasure.
This is a preview of subscription content, log in via an institution to check access.
Notes
Even, a test of membership in \(L_p\) beforehand is not required in case of PUF assumption, but in case of IPUF assumption, its test is necessarily required according to the definition.
References
Brzuska, C., Fischlin, M., Schroder, H., & Katzenbeisser, S. (2011). Physically unclonable functions inthe universal compositio framework. In CRYPTO 2011, LNCS (Vol. 6841, pp. 51–70).
Bellare, M., Pointcheval, D., & Rogaway, P. (2000). Authentincated key exchange secure against dictionaray attacks. In Proceedings of Eurocrypt 2000, LNCS (Vol. , pp. 139–155).
Dodis, Y., Reyzin, L., & Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In EUROCRYPT 2004, LNCS (Vol. 3027, pp. 523–540). Springer.
Eichhorn, I., Koeberl, P., & van der Leest, V. (2004). Logically reconfigurable PUFs: Memory-based secure key storage. In STC 2011 (pp. 59–64). Springer.
Frikken, K. B., Blanton, M., & Atallah, M. J. (2009). Robust authentication using physically unclonable functions. In ISC 2009, LNCS (Vol. 5735, pp. 262–277). Springer.
Katzenbeisser, S., Kocaba, U., van der Leest, V., Sadeghi, A.-R., Schrijen, G.-J., & Wachsmann, C. (2011). Recyclable PUFs: Logically reconfigurable PUFs. Journal of Cryptographic Engineering, 1, 177. https://doi.org/10.1007/s13389-011-0016-9.
Resende, A. C. D., Mochetti, K., & Aranha, D. F. (2015). PUF-based mutual multifactor entity and transaction authentication for secure banking. In LightSec 2015, LNCS (Vol. 9542, pp. 77–96).
Acknowledgements
This work was supported as part of Military Crypto Research Center (UD170109ED) funded by Defense Acquisition Program Administration(DAPA) and Agency for Defense Development (ADD).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Byun, J.W., Jeong, I.R. Comments on Physically Unclonable Function Based Two-Factor Authentication Protocols. Wireless Pers Commun 106, 1243–1252 (2019). https://doi.org/10.1007/s11277-019-06211-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-019-06211-6