Sort:
Open Access Issue
ePUF: A Lightweight Double Identity Verification in IoT
Tsinghua Science and Technology 2020, 25(5): 625-635
Published: 16 March 2020
Abstract PDF (2.7 MB) Collect
Downloads:60

Remote authentication is a safe and verifiable mechanism. In the Internet of Things (IoT), remote hosts need to verify the legitimacy of identity of terminal devices. However, embedded devices can hardly afford sufficient resources for the necessary trusted hardware components. Software authentication with no hardware guarantee is generally vulnerable to various network attacks. In this paper, we propose a lightweight remote verification protocol. The protocol utilizes the unique response returned by Physical Unclonable Function (PUF) as legitimate identity basis of the terminal devices and uses quadratic residues to encrypt the PUF authentication process to perform a double identity verification scheme. Our scheme is secure against middleman attacks on the attestation response by preventing conspiracy attacks from forgery authentication.

Open Access Issue
SIV: A Structural Integrity Verification Approach of Cloud Components with Enhanced Privacy
Tsinghua Science and Technology 2019, 24(5): 557-574
Published: 29 April 2019
Abstract PDF (1 MB) Collect
Downloads:35

Private data leakage is a threat to current integrity verification schemes of cloud components. To address this issue, this work proposes a privacy-enhancing Structural Integrity Verification (SIV) approach. It is made up of three processes: proof organization, proof transformation, and integrity judgement. By introducing a Merkle tree technique, the integrity of a constituent part of a cloud component on a node is represented by a root value. The value is then masked to cipher texts in proof transformation. With the masked proofs, a structural feature is extracted and validated in an integrity judgement by a third-party verification provider. The integrity of the cloud component is visually displayed in the output result matrix. If there are abnormities, the corrupted constituent parts can be located. Integrity is verified through the encrypted masked proofs. All raw proofs containing sensitive information stay on their original nodes, thus minimizing the attack surface of the proof data, and eliminating the risk of leaking private data at the source. Although some computations are added, the experimental results show that the time overhead is within acceptable bounds.

Total 2