Visible to the public Practical and Secure IoT Device Authentication Using Physical Unclonable Functions

TitlePractical and Secure IoT Device Authentication Using Physical Unclonable Functions
Publication TypeConference Paper
Year of Publication2016
AuthorsWallrabenstein, J. R.
Conference Name2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud)
ISBN Number 978-1-5090-4052-0
Keywordsauthentication, composability, cost-effective tamper resistance, cryptographic protocols, cryptography, decryption, device enrollment, digital signature generation, digital signatures, discrete logarithm problem, Elliptic curve cryptography, elliptic curve-based variant, Games, Hardware, input mapping, Internet of Things, output mapping, physical unclonable functions, practical IoT device authentication, private key cryptography, private key exposure, Protocols, pubcrawl, public key cryptography, PUF-based authentication protocol, resilience, Resiliency, secure IoT device authentication, Tamper resistance, tamper resistance solutions, tractable cryptographic protocols

Devices in the internet of things (IoT) are frequently (i) resource-constrained, and (ii) deployed in unmonitored, physically unsecured environments. Securing these devices requires tractable cryptographic protocols, as well as cost effective tamper resistance solutions. We propose and evaluate cryptographic protocols that leverage physical unclonable functions (PUFs): circuits whose input to output mapping depends on the unique characteristics of the physical hardware on which it is executed. PUF-based protocols have the benefit of minimizing private key exposure, as well as providing cost-effective tamper resistance. We present and experimentally evaluate an elliptic curve based variant of a theoretical PUF-based authentication protocol proposed previously in the literature. Our work improves over an existing proof-of-concept implementation, which relied on the discrete logarithm problem as proposed in the original work. In contrast, our construction uses elliptic curve cryptography, which substantially reduces the computational and storage burden on the device. We describe PUF-based algorithms for device enrollment, authentication, decryption, and digital signature generation. The performance of each construction is experimentally evaluated on a resource-constrained device to demonstrate tractability in the IoT domain. We demonstrate that our implementation achieves practical performance results, while also providing realistic security. Our work demonstrates that PUF-based protocols may be practically and securely deployed on low-cost resource-constrained IoT devices.

Citation Keywallrabenstein_practical_2016