Back close

A Novel Lightweight PUF based Authentication Protocol for IoT without Explicit CRPs in Verifier Database

Publication Type : Journal Article

Thematic Areas : Amrita Center for Cybersecurity Systems and Networks

Publisher : Journal of Ambient Intelligence and Humanized Computing, Springer

Source : Journal of Ambient Intelligence and Humanized Computing, 2021, DOI: https://doi.org/10.1007/s12652-021-03421-4.

Url : https://link.springer.com/article/10.1007/s12652-021-03421-4

Campus : Amritapuri

School : School of Computing, Centre for Cybersecurity Systems and Networks

Center : Cyber Security

Department : cyber Security

Year : 2021

Abstract : Internet of Things (IoT) refers to a network of embedded devices attached to everyday objects or things for facilitating remote monitoring and response. However, security is a major concern for IoT as traditional security approaches may not be suitable for IoT devices. Studies show that many of the IoT devices are vulnerable owing to weak passwords, insecure default security settings and lack of encryption when devices communicate over the network. In addition, most of these devices are often deployed in hostile environments making them inherently prone to physical and cloning attacks. Leveraging physically unclonable functions (PUFs) for device authentication is a promising approach to safeguard these devices against such attacks. However, the conventional strategy of storing challenge response pairs (CRPs) of the PUF explicitly in the database may make it vulnerable to machine learning or modeling attacks. Hence, we develop a novel lightweight and secure PUF based authentication protocol for IoT that leverages geometric threshold secret sharing to avoid explicit storage of CRPs for verification. Besides, we prototype the proposed protocol on Arduino Uno to analyze the memory requirements and thereby demonstrate the viability of the proposed protocol on resource-constrained devices. Further, we formally validate the security of the proposed scheme using the widely used AVISPA tool. Our security analysis reveals that the proposed protocol is resilient to cloning attacks, probing attacks, side-channel attacks and machine learning attacks by utilizing secret sharing. Finally, a comparison with existing schemes and security analysis of the proposed protocol reveals that our scheme is highly secure, lightweight, and suitable for IoT environments.

Cite this Research Publication : Nimmy, K., Sankaran, S. & Achuthan, K., “A Novel Lightweight PUF based Authentication Protocol for IoT without Explicit CRPs in Verifier Database”, Journal of Ambient Intelligence and Humanized Computing, 14, 6227–6242 (2023), DOI: https://doi.org/10.1007/s12652-021-03421-4.

Admissions Apply Now