ABSTRACT
Within environment generated when deploying Internet of Things (IoT) solutions, there is a need to do it securely. Authentication of the devices against the applications deployed on the servers, which receive or send data to the IoT devices must be carried out. Standard IoT protocols, such as CoAP or MQTT, define secure communica- tions through protocols on transport, network or application layers. Nevertheless, a shortcoming when protocols using secret keys are used lies in the management of such keys, which is out of scope of the specifications. For this reason, this article presents an authenti- cation solution for OSCORE (Object Security for Constrained RESTful Environments) based on PUFs (Physical Unclonable Functions) that makes it possible to establish a secure mechanism for the exchange and management of keys. The performance of this proposal has been evaluated, showing its viability.
- A. Banks, E. Briggs, K. Borgendale, and R. Gupta. Mqtt version 5.0. Oasis standard, OASIS Standard, 2019.Google Scholar
- A. Braeken. PUF Based Authentication Protocol for IoT. Vrije Universiteit Brussel, 2018.Google ScholarCross Ref
- Busch, Katzenbeisser, and Baecher]BuschH. Busch, S. Katzenbeisser, and P. Baecher. Puf-based authentication protocols-ìrevisited. In In Proceedings of the International Workshop on Information Security Applications, Busan, Korea, Aug. 2009 a . Google ScholarDigital Library
- Busch, Katzenbeisser, and Baecher]HeikeH. Busch, S. Katzenbeisser, and P. Baecher. PUF-Based Authentication Protocols -ì Revisited. International Workshop on Information Security Applications, 2009 b . Google ScholarDigital Library
- B. Cambou and F. Afghah. Physically unclonable functions with multi-states and machine learning. In 14th International Workshop on Cryptographic Architectures Embedded in Logic Devices (CryptArchi), 2016.Google Scholar
- T. A. Idriss, H. A. Idriss, and M. A. Bayoumi. A Lightweight PUF-Based Authentication Protocol Using Secret Pattern Recognition for Constrained IoT Devices. IEEE Access ( Volume: 9), 2021.Google ScholarCross Ref
- B. Kim, S. Yoon, Y. Kang, and D. Choi. Puf based iot device authentication scheme. Technical report, 2019 International Conference on Information and Communication Technology Convergence (ICTC), 2019.Google Scholar
- A. Korenda, F. Afghah, and B. Cambou. A secret key generation scheme for inter- net of things using ternary-states reram-based physical unclonable functions. In 14th International Wireless Communications & Mobile Computing Conference (IWCMC), 2018.Google Scholar
- T. McGrath, I. E. Bagci, Z. M. Wang, U. Roedig, and R. Young. A puf taxonomy. Applied physics reviews, 6: 011303, 2019.Google Scholar
- M. A. Mughal, X. Luo, Z. Mahmood, and A. Ullah. Physical Unclonable Function Based Authentication Scheme for Smart Devices in Internet of Things. 2018 IEEE International Conference on Smart Internet of Things (SmartIoT), 2018.Google Scholar
- A. I. Newaz, A. K. Sikder, M. A. Rahman, and A. S. Uluagac. A survey on security and privacy issues in modern healthcare systems: Attacks and defenses. Technical report, ACM Transactions on Computing for Healthcare, 2021. Google ScholarDigital Library
- R. Pappu, B. Recht, J. Taylor, and N. Gershenfeld. Physical one-way functions. Science, 297 (5589): 2026--2030, 2002. ISSN 0036--8075. 10.1126/science.1074376. URL https://science.sciencemag.org/content/297/5589/2026.Google Scholar
- E. Rescorla. The transport layer security (tls) protocol version 1.3. Technical report, Internet Engineering Task Force (IETF), 2018.Google Scholar
- U. Ruhrmair, H. Busch, and S. Katzenbeisser. Strong PUFs: models, constructions, and security proofs. Towards Hardware-Intrinsic Security, Springer, 2010.Google Scholar
- G. Selander, J. Mattsson, and F. Palombini. Ephemeral diffie-hellman over cose (edhoc). Ietf, IETF, 2020.Google Scholar
- J. Selander, J. Mattsson, F. Palombini, and L. Seitz. Object security for constrained restful environments (oscore). RFC 8613, Internet Engineering Task Force (IETF), 2019.Google Scholar
- Z. Shelby, K. Hartke, and C. Bormann. The constrained application protocol (coap). RFC 7252, Internet Engineering Task Force (IETF), 2014.Google Scholar
Index Terms
- A PUF-based Authentication Mechanism for OSCORE
Recommendations
Integrating an optimised PUF-based authentication scheme in OSCORE
AbstractDue to the growth in the amount and type of connected devices, mainly IoT devices, new scalable, lightweight and security-aware protocols, e.g., CoAP and MQTT, have been defined. For the definition of these protocols, the axioms ...
REST-ful CoAP Message Authentication
SIOT '15: Proceedings of the 2015 International Workshop on Secure Internet of ThingsOne core technology for implementing and integrating the architectural principles of REST into the Internet of Things (IoT) is CoAP, a REST-ful application protocol for constrained networks and devices. Since CoAP defaults to UDP as transport protocol, ...
SecureSense
Constrained Application Protocol (CoAP) has become the de-facto web standard for the IoT. Unlike traditional wireless sensor networks, Internet-connected smart thing deployments require security. CoAP mandates the use of the Datagram TLS (DTLS) protocol ...
Comments