On the Security of a PUF-Based Authentication and Key Exchange Protocol for IoT Devices-Reference-Cited by-同舟云学术

On the Security of a PUF-Based Authentication and Key Exchange Protocol for IoT Devices

Published:2023-07-20 Issue:14 Volume:23 Page:6559
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Sun Da-Zhi¹^ORCID,Gao Yi-Na¹,Tian Yangguang²

Affiliation:

1. Tianjin Key Laboratory of Advanced Networking (TANK), College of Intelligence and Computing, Tianjin University, Tianjin 300350, China

2. Department of Computer Science, University of Surrey, Surrey GU2 7XH, UK

Abstract

Recently, Roy et al. proposed a physically unclonable function (PUF)-based authentication and key exchange protocol for Internet of Things (IoT) devices. The PUF protocol is efficient, because it integrates both the Node-to-Node (N2N) authentication and the Node-to-Server (N2S) authentication into a standalone protocol. In this paper, we therefore examine the security of the PUF protocol under the assumption of an insider attack. Our cryptanalysis findings are the following. (1) A legitimate but malicious IoT node can monitor the secure communication among the server and any other IoT nodes in both N2N authentication and N2S authentication. (2) A legitimate but malicious IoT node is able to impersonate a target IoT node to cheat the server and any other IoT nodes in N2N authentication and the server in N2S authentication, respectively. (3) A legitimate but malicious IoT node can masquerade as the server to cheat any other target IoT nodes in both N2N authentication and N2S authentication. To the best of our knowledge, our work gives the first non-trivial concrete security analysis for the PUF protocol. In addition, we employ the automatic verification tool of security protocols, i.e., Scyther, to confirm the weaknesses found in the PUF protocol. We finally consider how to prevent weaknesses in the PUF protocol.

Funder

National Natural Science Foundation of China

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry

Link

https://www.mdpi.com/1424-8220/23/14/6559/pdf

Reference29 articles.

1. A lightweight PUF-based authentication protocol using secret pattern recognition for constrained IoT devices;Idriss;IEEE Access,2021

2. Mukhopadhyay, D., Chakraborty, R.S., Nguyen, P.H., and Sahoo, D.P. (2015, January 3–7). Physically Unclonable Function: A Promising Security Primitive for Internet of Things. Proceedings of the 2015 IEEE 28th International Conference on VLSI Design (VLSID), Bangalore, India.

3. A design of cellular automata-based PUF and its implementation on FPGA;Goncu;Int. J. Circuit Theory Appl.,2020

4. Yoon, S., Kim, B., Kang, Y., and Choi, D. (2019, January 16–18). Security Enhancement for IoT Device Using Physical Unclonable Functions. Proceedings of the 10th International Conference on Information and Communication Technology Convergence (ICTC)-ICT Convergence Leading the Autonomous Future, Jeju, Republic of Korea.

5. Yilmaz, Y., Gunn, S.R., and Halak, B. (2018, January 2–4). Lightweight PUF-Based Authentication Protocol for IoT Devices. Proceedings of the 3rd IEEE International Verification and Security Workshop (IVSW), Catalonia, Spain.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Response-Feedback-Based Strong PUF with Improved Strict Avalanche Criterion and Reliability;Sensors;2023-12-23

2. FPGA-Based PUF Designs: A Comprehensive Review and Comparative Analysis;Cryptography;2023-11-01