On the adoption of PUF for key agreement scheme in Internet of Things
Authors: 
Mario Barbareschi, Valentina Casola, Antonio Emmanuele, Daniele LombardiAuthors Info & Claims
Pages 17 - 24
Abstract
With the rapid proliferation of Internet of Things systems, ensuring secure communication for those applications that need to exchange sensitive and/or critical data is one of the major issues to be faced. Traditional security mechanisms are often impractical due to the constrained resources typically available on IoT devices. On the other hand, Physical Unclonable Functions are emerging as one of the most promising technologies to address security-related challenges. In this manuscript, we propose a novel scheme leveraging PUF-chains to facilitate key agreement between two devices. The scheme employs a trusted third party for secure communications; additionally, it facilitates seamless and continuous modification of the cryptographic key employed, by resulting really suitable in systems for moving target defense. To demonstrate the feasibility of our proposal, we take into account an implementation of the solution on resource-constrained devices, specifically ESP8266, and conducted a thorough analysis in terms of communication and computational costs, time orhead and formal security verification.
References
[1]
Morteza Adeli, Nasour Bagheri, Honorio Martín, and Pedro Peris-Lopez. 2022. Challenging the security of "A PUF-based hardware mutual authentication protocol". J. Parallel and Distrib. Comput. 169 (Nov. 2022), 199--210. https://doi.org/10.1016/j.jpdc.2022.06.018
[2]
Mario Barbareschi. 2017. Notions on silicon physically unclonable functions. In Hardware security and trust: Design and deployment of integrated circuits in a threatened environment, Nicolas Sklavos, Ricardo Chaves, Giorgio Di Natale, and Francesco Regazzoni (Eds.). Springer International Publishing, Cham, 189--209. https://doi.org/10.1007/978-3-319-44318-8_10
[3]
Mario Barbareschi, Valentina Casola, Alessandra De Benedictis, Erasmo La Montagna, and Nicola Mazzocca. 2021. On the Adoption of Physically Unclonable Functions to Secure IIoT Devices. IEEE Transactions on Industrial Informatics 17, 11 (Nov. 2021), 7781--7790. https://doi.org/10.1109/TII.2021.3059656 Conference Name: IEEE Transactions on Industrial Informatics.
[4]
Mario Barbareschi, Valentina Casola, and Daniele Lombardi. 2023. Lightweight Secure Keys Management Based on Physical Unclonable Functions. In 2023 9th International Workshop on Advances in Sensors and Interfaces (IWASI). IEEE, New York, NY, USA, 34--39. https://doi.org/10.1109/IWASI58316.2023.10164402 ISSN: 2836--7936.
[5]
Mario Barbareschi, Alessandra De Benedictis, Erasmo La Montagna, Antonino Mazzeo, and Nicola Mazzocca. 2019. A PUF-based mutual authentication scheme for Cloud-Edges IoT systems. Future Generation Computer Systems 101 (Dec. 2019), 246--261. https://doi.org/10.1016/j.future.2019.06.012
[6]
Mario Barbareschi, Alessandra De Benedictis, and Nicola Mazzocca. 2018. A PUF-based hardware mutual authentication protocol. J. Parallel and Distrib. Comput. 119 (Sept. 2018), 107--120. https://doi.org/10.1016/j.jpdc.2018.04.007
[7]
Ismail Butun, Patrik Osterberg, and Houbing Song. 2020. Security of the Internet of Things: Vulnerabilities, Attacks, and Countermeasures. IEEE Communications Surveys & Tutorials 22, 1 (2020), 616--644. https://doi.org/10.1109/COMST.2019.2953364
[8]
Christoph Böhm, Maximilian Hofer, and Wolfgang Pribyl. 2011. A microcontroller SRAM-PUF. In 2011 5th International Conference on Network and System Security. IEEE, New York, NY, USA, 269--273. https://doi.org/10.1109/ICNSS.2011.6060013
[9]
Jin-Hee Cho, Dilli P. Sharma, Hooman Alavizadeh, Seunghyun Yoon, Noam Ben-Asher, Terrence J. Moore, Dong Seong Kim, Hyuk Lim, and Frederica F. Nelson. 2020. Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense. IEEE Communications Surveys & Tutorials 22, 1 (2020), 709--745. https://doi.org/10.1109/COMST.2019.2963791
[10]
Cas J. F. Cremers. 2008. The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols. In Computer Aided Verification, Aarti Gupta and Sharad Malik (Eds.). Springer, Berlin, Heidelberg, 414--418. https://doi.org/10.1007/978-3-540-70545-1_38
[11]
Daihyun Lim, J.W. Lee, B. Gassend, G.E. Suh, M. Van Dijk, and S. Devadas. 2005. Extracting secret keys from integrated circuits. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 13, 10 (Oct. 2005), 1200--1205. https://doi.org/10.1109/TVLSI.2005.859470
[12]
D. Dolev and A. Yao. 1983. On the security of public key protocols. IEEE Transactions on Information Theory 29, 2 (March 1983), 198--208. https://doi.org/10.1109/TIT.1983.1056650
[13]
Mohammed El-hajj, Ahmad Fadlallah, Maroun Chamoun, and Ahmed Serhrouchni. 2019. A Survey of Internet of Things (IoT) Authentication Schemes. Sensors 19, 5 (Jan. 2019), 1141. https://doi.org/10.3390/s19051141 Number: 5 Publisher: Multidisciplinary Digital Publishing Institute.
[14]
Prosanta Gope, Jemin Lee, and Tony Q. S. Quek. 2018. Lightweight and Practical Anonymous Authentication Protocol for RFID Systems Using Physically Unclonable Functions. IEEE Transactions on Information Forensics and Security 13, 11 (Nov. 2018), 2831--2843. https://doi.org/10.1109/TIFS.2018.2832849 Conference Name: IEEE Transactions on Information Forensics and Security.
[15]
Charles Herder, Meng-Day Yu, Farinaz Koushanfar, and Srinivas Devadas. 2014. Physical Unclonable Functions and Applications: A Tutorial. Proc. IEEE 102, 8 (Aug. 2014), 1126--1141. https://doi.org/10.1109/JPROC.2014.2320516 Conference Name: Proceedings of the IEEE.
[16]
Hung-Yu Chien. 2007. SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity. IEEE Transactions on Dependable and Secure Computing 4, 4 (Oct. 2007), 337--340. https://doi.org/10.1109/TDSC.2007.70226
[17]
Tarek A. Idriss, Haytham A. Idriss, and Magdy A. Bayoumi. 2021. A Lightweight PUF-Based Authentication Protocol Using Secret Pattern Recognition for Constrained IoT Devices. IEEE Access 9 (2021), 80546--80558. https://doi.org/10.1109/ACCESS.2021.3084903
[18]
Waseem Iqbal, Haider Abbas, Mahmoud Daneshmand, Bilal Rauf, and Yawar Abbas Bangash. 2020. An In-Depth Analysis of IoT Security Requirements, Challenges, and Their Countermeasures via Software-Defined Security. IEEE Internet of Things Journal 7, 10 (Oct. 2020), 10250--10276. https://doi.org/10.1109/JIOT.2020.2997651
[19]
Latif U. Khan, Ibrar Yaqoob, Nguyen H. Tran, S. M. Ahsan Kazmi, Tri Nguyen Dang, and Choong Seon Hong. 2020. Edge-Computing-Enabled Smart Cities: A Comprehensive Survey. IEEE Internet of Things Journal 7, 10 (Oct. 2020), 10200--10232. https://doi.org/10.1109/JIOT.2020.2987070 Conference Name: IEEE Internet of Things Journal.
[20]
Sensen Li, Tikui Zhang, Bin Yu, and Kuan He. 2021. A Provably Secure and Practical PUF-Based End-to-End Mutual Authentication and Key Exchange Protocol for IoT. IEEE Sensors Journal 21, 4 (Feb. 2021), 5487--5501. https://doi.org/10.1109/JSEN.2020.3028872 Conference Name: IEEE Sensors Journal.
[21]
Wei Liang, Songyou Xie, Dafang Zhang, Xiong Li, and Kuan-ching Li. 2021. A Mutual Security Authentication Method for RFID-PUF Circuit Based on Deep Learning. ACM Transactions on Internet Technology 22, 2 (2021), 34:1--34:20. https://doi.org/10.1145/3426968
[22]
Karim Lounis and Mohammad Zulkernine. 2021. T2T-MAP: A PUF-Based Thing-to-Thing Mutual Authentication Protocol for IoT. IEEE Access 9 (2021), 137384--137405. https://doi.org/10.1109/ACCESS.2021.3117444 Conference Name: IEEE Access.
[23]
Abhranil Maiti and Patrick Schaumont. 2011. Improved Ring Oscillator PUF: An FPGA-friendly Secure Primitive. Journal of Cryptology 24, 2 (April 2011), 375--397. https://doi.org/10.1007/s00145-010-9088-4
[24]
Nicky Mouha, Bart Mennink, Anthony Van Herrewege, Dai Watanabe, Bart Preneel, and Ingrid Verbauwhede. 2014. Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers. In Selected Areas in Cryptography - SAC 2014, Antoine Joux and Amr Youssef (Eds.). Springer International Publishing, Cham, 306--323. https://doi.org/10.1007/978-3-319-13051-4_19
[25]
Yazdan Ahmad Qadri, Ali Nauman, Yousaf Bin Zikria, Athanasios V. Vasilakos, and Sung Won Kim. 2020. The Future of Healthcare Internet of Things: A Survey of Emerging Technologies. IEEE Communications Surveys & Tutorials 22, 2 (2020), 1121--1167. https://doi.org/10.1109/COMST.2020.2973314
[26]
Mahmood Azhar Qureshi and Arslan Munir. 2022. PUF-RAKE: A PUF-Based Robust and Lightweight Authentication and Key Establishment Protocol. IEEE Transactions on Dependable and Secure Computing 19, 4 (July 2022), 2457--2475. https://doi.org/10.1109/TDSC.2021.3059454
[27]
Ulrich Rührmair, Jan Sölter, Frank Sehnke, Xiaolin Xu, Ahmed Mahmoud, Vera Stoyanova, Gideon Dror, Jürgen Schmidhuber, Wayne Burleson, and Srinivas Devadas. 2013. PUF Modeling Attacks on Simulated and Silicon Data. IEEE Transactions on Information Forensics and Security 8, 11 (Nov. 2013), 1876--1891. https://doi.org/10.1109/TIFS.2013.2279798 Conference Name: IEEE Transactions on Information Forensics and Security.
[28]
Bruce Schneier. 2018. Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. W. W. Norton & Company, New York, NY, USA. Google-Books-ID: BGZSDwAAQBAJ.
[29]
Feng Zhu, Peng Li, He Xu, and Ruchuan Wang. 2019. A Lightweight RFID Mutual Authentication Protocol with PUF. Sensors 19, 13 (Jan. 2019), 2957. https://doi.org/10.3390/s19132957 Number: 13 Publisher: Multidisciplinary Digital Publishing Institute.
Index Terms
- On the adoption of PUF for key agreement scheme in Internet of Things
Recommendations
(k, n) threshold distributed key exchange for HIP based internet of things
MobiWac '12: Proceedings of the 10th ACM international symposium on Mobility management and wireless accessHost Identity Protocol (HIP) emerges as the most suitable identification protocol for the Internet of Things. HIP not only provides identifier/locator split but also a key agreement procedure named HIP Base Exchange, which bootstraps security ...
Implicit Lightweight Proxy Based Key Agreement for the Internet of Things (ILPKA)
AbstractDue to the heterogeneity of devices available in the Internet of Things and the limitations of the resources connected to it, simplifying and lightening the algorithms used in the Internet of Things is an interesting area of study for researchers. ...
A Multi-factor User Authentication and Key Agreement Protocol Based on Bilinear Pairing for the Internet of Things
AbstractThe Internet of Things (IoT) presents a new paradigm of the future internet that intends to provide interactive communication between various processing object via heterogeneous networks. By increasing the IoT usage, establishing the security of ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
May 2024
163 pages
ISBN:9798400704925
DOI:10.1145/3637543
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 July 2024
Accepted: 05 June 2009
Revised: 12 March 2009
Received: 20 February 2007
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
CF '24
Sponsor:
Acceptance Rates
Overall Acceptance Rate 273 of 785 submissions, 35%
Upcoming Conference
CF '25
- Sponsor:
- sigmicro
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 78Total Downloads
- Downloads (Last 12 months)78
- Downloads (Last 6 weeks)18
Reflects downloads up to 25 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in