AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Powered by AMiner. Clicking this button will take you away from SciOpen.
Home Tsinghua Science and Technology Article
PDF (2.7 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

ePUF: A Lightweight Double Identity Verification in IoT

School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China.
School of Cyber Security and Computer, Hebei University, Baoding 071002, China.
Show Author Information

Abstract

Remote authentication is a safe and verifiable mechanism. In the Internet of Things (IoT), remote hosts need to verify the legitimacy of identity of terminal devices. However, embedded devices can hardly afford sufficient resources for the necessary trusted hardware components. Software authentication with no hardware guarantee is generally vulnerable to various network attacks. In this paper, we propose a lightweight remote verification protocol. The protocol utilizes the unique response returned by Physical Unclonable Function (PUF) as legitimate identity basis of the terminal devices and uses quadratic residues to encrypt the PUF authentication process to perform a double identity verification scheme. Our scheme is secure against middleman attacks on the attestation response by preventing conspiracy attacks from forgery authentication.

Keywords

Internet of Things (IoT)Identity-Based Encryption (IBE)Physically Unclonable Functions (PUFs)

References

[1]
M. A. Feki, F. Kawsar, M. Boussard, and L. Trappeniers, The internet of things: The next technological revolution, Computer, vol. 46, no. 2, pp. 24&25, 2013.
Crossref Google Scholar
[2]
R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, Internet of things (IoT) security: Current status, challenges and prospective measures, in 2015 10th Int. Conf. Internet Technology and Secured Transactions, London, UK, 2015, pp. 336-341.
Crossref
[3]
K. Zhao and L. Ge, A survey on the internet of things security, in 2013 9th Int. Conf. Computational Intelligence and Security, Leshan, China, 2013, pp. 663-667.
Crossref
[4]
S. Devadas, E. Suh, S. Paral, R. Sowell, T. Ziola, and V. Khandelwal, Design and implementation of PUF-based "unclonable" RFID ICs for anti-counterfeiting and security applications, in 2008 IEEE Int. Conf. RFID, Las Vegas, NV, USA, 2008, pp. 58-64.
Crossref
[5]
R. Pappu, B. Recht, J. Taylor, and N. Gershenfeld, Physical one-way functions, Science, vol. 297, no. 5589, pp. 2026-2030, 2002.
Crossref Google Scholar
[6]
M. Rostami, M. Majzoobi, F. Koushanfar, D. S. Wallach, and S. Devadas, Robust and reverse-engineering resilient PUF authentication and key-exchange by substring matching, IEEE Transactions on Emerging Topics in Computing, vol. 2, no. 1, pp. 37-49, 2014.
Crossref Google Scholar
[7]
U. Rührmair, J. Sölter, F. Sehnke, X. L. Xu, A. Mahmoud, V. Stoyanova, G. Dror, J. Schmidhuber, W. Burleson, and S. Devadas, PUF modeling attacks on simulated and silicon data, IEEE Transactions on Information Forensics and Security, vol. 8, no. 11, pp. 1876-1891, 2013.
Crossref Google Scholar
[8]
J. Tobisch and G. T. Becker, On the scaling of machine learning attacks on PUFs with application to noise bifurcation, in Proc. Int. Workshop on Radio Frequency Identification, New York, NY, USA, 2015, pp. 17-31.
Crossref
[9]
F. Ganji, S. Tajik, and J. P. Seifert, Why attackers win: On the learnability of XOR arbiter PUFs, in Int. Conf. Trust and Trustworthy Computing, Heraklion, Greece, 2015, pp. 22-39.
Crossref
[10]
G. E. Suh and S. Devadas, Physical unclonable functions for device authentication and secret key generation, in Proc. 44th Annu. Design Automation Conf., San Diego, CA, USA, 2007, pp. 9-14.
Crossref
[11]
H. Akhundov, Design & development of public-key based authentication architecture for IoT devices using PUF, Master dissertation, Delft University of Technology, Delft, Netherlands, 2017.
[12]
J. C. Choon and J. H. Cheon, An identity-based signature from gap Diffie-Hellman groups, in Int. Workshop on Public Key Cryptography, Miami, FL, USA, 2003, pp. 18-30.
Crossref
[13]
P. Koeberl, J. T. Li, A. Rajan, C. Vishik, and W. Wu, A practical device authentication scheme using SRAM PUFs, in Int. Conf. Trust and Trustworthy Computing, Pittsburgh, PA, USA, 2011, pp. 63-77.
Crossref
[14]
U. Chatterjee, R. S. Chakraborty, and D. Mukhopadhyay, A PUF-based secure communication protocol for IoT, ACM Transactions on Embedded Computing Systems, vol. 16, no. 3, p. 67, 2017.
Crossref Google Scholar
[15]
U. Rührmair, SIMPL systems as a keyless cryptographic and security primitive, in Cryptography and Security: From Theory to Applications, D. Naccache, ed. Berlin, Heidelberg: Springer, 2012, pp. 329-354.
Crossref
[16]
B. Gassend, D. Clarke, M. Van Dijk, and S. Devadas, Controlled physical random functions, in Proc. 18th Annu. Computer Security Applications Conf., Las Vegas, NV, USA, 2002, pp. 149-160.
Crossref
[17]
E. Özttextürk, G. Hammouri, and B. Sunar, Towards robust low cost authentication for pervasive devices, in 2008 6th Annu. IEEE Int. Conf. Pervasive Computing and Communications, Hong Kong, China, 2008, pp. 170-178.
[18]
S. Katzenbeisser, Ü. Kocabaş, V. Van Der Leest, A. R. Sadeghi, G. J. Schrijen, and C. Wachsmann, Recyclable PUFs: Logically reconfigurable PUFs, Journal of Cryptographic Engineering, vol. 1, no. 3, pp. 177-186, 2011.
Crossref Google Scholar
[19]
A. Van Herrewege, S. Katzenbeisser, R. Maes, R. Peeters, A. R. Sadeghi, I. Verbauwhede, and C. Wachsmann, Reverse fuzzy extractors: Enabling lightweight mutual authentication for PUF-enabled RFIDs, in Int. Conf. Financial Cryptography and Data Security, Kralendijk, Sint Eustatius and Saba, 2012, pp. 374-389.
Crossref
[20]
M. Majzoobi, M. Rostami, F. Koushanfar, D. S. Wallach, and S. Devadas, Slender PUF protocol: A lightweight, robust, and secure authentication by substring matching, in 2012 IEEE Symp. Security and Privacy Workshops, San Francisco, CA, USA, 2012, pp. 33-44.
Crossref
[21]
Ü. Kocabaş, A. Peter, S. Katzenbeisser, and A. R. Sadeghi, Converse PUF-based authentication, in Int. Conf. Trust and Trustworthy Computing, Vienna, Austria, 2012, pp. 142-158.
Crossref
[22]
D. Moriyama, S. Matsuo, and M. Yung, PUF-based RFID authentication secure and private under memory leakage, Cryptology ePrint Archive: Report 2013/712, 2013.
[23]
A. Aysu, E. Gulcan, D. Moriyama, P. Schaumont, and M. Yung, End-to-end design of a PUF-based privacy preserving authentication protocol, in Int. Workshop on Cryptographic Hardware and Embedded Systems, Saint Malo, France, 2015, pp. 556-576.
Crossref
[24]
J. Delvaux, D. W. Gu, D. Schellekens, and I. Verbauwhede, Secure lightweight entity authentication with strong PUFs: Mission impossible? in Int. Workshop on Cryptographic Hardware and Embedded Systems, Busan, Korea, 2014, pp. 451-475.
Crossref
[25]
G. Avoine, X. Carpent, and J. Hernandez-Castro, Pitfalls in ultralightweight authentication protocol designs, IEEE Transactions on Mobile Computing, vol. 15, no. 9, pp. 2317-2332, 2016.
Crossref Google Scholar
[26]
X. Tan, J. L. Zhang, Y. J. Zhang, Z. Qin, Y. Ding, and X. W. Wang, A PUF-based and cloud-assisted lightweight authentication for multi-hop body area network, Tsinghua Science and Technology, .
Crossref Google Scholar
[27]
B. Gassend, D. Clarke, M. Van Dijk, and S. Devadas, Silicon physical random functions, in Proc. 9th ACM Conf. Computer and Communications Security, Washington, DC, USA, 2002, pp. 148-160.
Crossref
[28]
Intrinsic ID, www.intrinsic-id.com/products/2010/, 2019.
[29]
Y. Dodis, L. Reyzin, and A. Smith, Fuzzy extractors: How to generate strong keys from biometrics and other noisy data, in Int. Conf. Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2004, pp. 523-540.
Crossref
[30]
A. R. Sadeghi, I. Visconti, and C. Wachsmann, PUF- enhanced RFID security and privacy, ResearchGate, .
Crossref Google Scholar
[31]
A. Shamir, Identity-based cryptosystems and signature schemes, in Workshop on the Theory and Application of Cryptographic Techniques, Santa Barbara, CA, USA, 1984, pp. 47-53.
Crossref
[32]
D. Boneh and M. Franklin, Identity-based encryption from the weil pairing, in Annu. Int. Cryptology Conf., Santa Barbara, CA, USA, 2001, pp. 213-229.
Crossref
[33]
C. Cocks, An identity based encryption scheme based on quadratic residues, in IMA Int. Conf. Cryptography and Coding, Cirencester, UK, 2001, pp. 360-363.
Crossref
[34]
I. Buhan, J. Doumen, P. Hartel, and R. Veldhuis, Fuzzy extractors for continuous distributions, in Proc. 2nd ACM Symp. Information, Computer and Communications Security, Singapore, 2007, pp. 353-355.
Crossref
[35]
A. Arakala, J. Jeffers, and K. J. Horadam, Fuzzy extractors for minutiae-based fingerprint authentication, in Int. Conf. Biometrics, Seoul, Korea, 2007, pp. 760-769.
Crossref
Tsinghua Science and Technology
Volume 25 Issue 5,
October 2020
Pages 625-635
DOI: 10.26599/TST.2019.9010072
Cite this article:
Zhao B, Zhao P, Fan P. ePUF: A Lightweight Double Identity Verification in IoT. Tsinghua Science and Technology, 2020, 25(5): 625-635. https://doi.org/10.26599/TST.2019.9010072

838

Views

60

Downloads

24

Crossref

N/A

Web of Science

27

Scopus

2

CSCD

Altmetrics
Received: 14 November 2019
Accepted: 19 November 2019
Published: 16 March 2020
© The author(s) 2020

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).
Return