PUF-based mutual authentication and session key establishment protocol for IoT devices | Journal of Ambient Intelligence and Humanized Computing Skip to main content
Log in

PUF-based mutual authentication and session key establishment protocol for IoT devices

  • Original Research
  • Published:
Journal of Ambient Intelligence and Humanized Computing Aims and scope Submit manuscript

Abstract

The Internet of things (IoT) is an indispensable part of our daily lives, bringing us many conveniences, including e-commerce and m-commerce services. Unfortunately, IoT networks suffer from several security issues, such as privacy, access control, and authentication. However, due to the limited computation resources, remote authentication between IoT devices and servers is vulnerable to being attacked over an insecure communication channel. Many authentication schemes have been proposed, but generally, they are based on traditional cryptographic techniques. Unfortunately, most of them are vulnerable to physical attacks since they rely mainly on a stored secret key in the device’s local memory. However, recently Physically unclonable functions (PUFs) have been classified as solid security primitives that could guarantee the three pillars of security (confidentiality, authenticity, and privacy) of sent or received information by IoT devices. PUFs extract unique information from the physical characteristics of the IoT device. Nevertheless, a Fuzzy extractor (FE) should be considered to extract correct and reproducible cryptographic keys from a noisy source. This paper proposes a mutual authentication and a session key establishment protocol for IoT devices based on Silicon PUFs using Arbiter chips. We also validate our developed protocol regarding its resistance to attack scenarios. By relying on formal verification using VerifPal, we found that the proposed authentication mechanism is secure and suitable for resource-constrained IoT devices. Furthermore, our scheme is more efficient than the existing ones in terms of attack robustness. Finally, the experiments have been validated on an Arbiter PUF dataset.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

Notes

  1. https://github.com/salaheddinhetalani/PUF.

References

  • Ahmed HI, Nasr AA, Abdel-Mageid S, Aslan HK (2019) A survey of iot security threats and defenses. Int J Adv Comput Res 9(45):325–350

    Article  Google Scholar 

  • Aman MN, Chaudhry SA, Al-Turjman F (2020) Rapidauth: fast authentication for sustainable iot. In: International conference on forthcoming networks and sustainability in the IoT era, vol 353. Springer, pp 82–95

  • Ameri MH, Delavar M, Mohajeri J (2019) Provably secure and efficient puf-based broadcast authentication schemes for smart grid applications. Int J Commun Syst 32(8):e3935

    Article  Google Scholar 

  • Barbosa M, Barthe G, Bhargavan K, Blanchet B, Cremers C, Liao K, Parno B (2021) Sok: computer-aided cryptography. In: 2021 IEEE symposium on security and privacy (SP), vol 1393. IEEE, pp 777–795

  • Bengtson J, Bhargavan K, Fournet C, Gordon AD, Maffeis S (2011) Refinement types for secure implementations. ACM Trans Program Lang Syst (TOPLAS) 33(2):1–45

    Article  Google Scholar 

  • Cheval V, Blanchet B (2013) Proving more observational equivalences with proverif. In: International conference on principles of security and trust, vol 7796. Springer, pp 226–246

  • Cheval V, Kremer S, Rakotonirina I (2018) Deepsec: deciding equivalence properties in security protocols theory and practice. In: 2018 IEEE symposium on security and privacy (SP), vol 10982. IEEE, pp 529–546

  • Cremers CJ (2008) The scyther tool: verification, falsification, and analysis of security protocols. In: International conference on computer aided verification, vol 5123. Springer, pp 414–418

  • Doghmi SF, Guttman JD, Thayer FJ (2007) Searching for shapes in cryptographic protocols. In: International conference on tools and algorithms for the construction and analysis of systems, vol 4424. Springer, pp 523–537

  • Escobar S, Meadows C, Meseguer J (2009) Maude-npa: cryptographic protocol analysis modulo equational properties. In: Foundations of security analysis and design V: FOSAD 2007/2008/2009 tutorial lectures. Springer, pp 1–50

  • Gope P, Sikdar B (2018) Privacy-aware authenticated key agreement scheme for secure smart grid communication. IEEE Trans Smart Grid 10(4):3953–3962

    Article  Google Scholar 

  • Guan Z, Liu H, Qin Y (2019) Physical unclonable functions for iot device authentication. J Commun Inf Netw 4(4):44–54

    Article  Google Scholar 

  • Hu YW, Zhang TP, Wang CF, Liu KK, Sun Y, Li L, Lv CF, Liang YC, Jiao FH, Zhao WB et al (2021) Flexible and biocompatible physical unclonable function anti-counterfeiting label. Adv Funct Mater 31:2102108

    Article  Google Scholar 

  • Idriss TA, Idriss HA, Bayoumi MA (2021) A lightweight puf-based authentication protocol using secret pattern recognition for constrained iot devices. IEEE Access 9:80546–80558

    Article  Google Scholar 

  • Katagi M, Moriai S (2011) The 128-bit blockcipher clefia. In: IETF RFC 6114, vol 4593. Springer, pp 181–195

  • Kaveh M, Aghapour S, Martin D, Mosavi MR (2020) A secure lightweight signcryption scheme for smart grid communications using reliable physically unclonable function. In: 2020 IEEE International Conference on environment and electrical engineering and 2020 IEEE Industrial and Commercial Power Systems Europe (EEEIC/I &CPS Europe), IEEE, pp 1–6

  • Kim B, Yoon S, Kang Y, Choi D (2019) Puf based iot device authentication scheme. In: 2019 International Conference on information and communication technology convergence (ICTC), IEEE, pp 1460–1462

  • Kobeissi N, Nicolas G, Tiwari M (2020) Verifpal: cryptographic protocol analysis for the real world. In: International Conference on cryptology in India, vol 12578. Springer, pp 151–202

  • Lim D, Lee JW, Gassend B, Suh GE, Van Dijk M, Devadas S (2005) Extracting secret keys from integrated circuits. IEEE Trans Very Large Scale Integr (VLSI) Syst 13(10):1200–1205

    Article  Google Scholar 

  • Meng J, Zhang X, Cao T, Xie Y (2021) Lightweight and anonymous mutual authentication protocol for iot devices with physical unclonable functions. Secur Commun Netw 2022:1–11

    Article  Google Scholar 

  • Mostafa A, Lee SJ, Peker YK (2020) Physical unclonable function and hashing are all you need to mutually authenticate iot devices. Sensors 20(16):4361

    Article  Google Scholar 

  • Muhal MA, Luo X, Mahmood Z, Ullah A (2018) Physical unclonable function based authentication scheme for smart devices in internet of things. In: 2018 IEEE International Conference on smart Internet of Things (SmartIoT), IEEE, pp 160–165

  • Najafi F, Kaveh M, Martín D, Reza Mosavi M (2021) Deep puf: A highly reliable dram puf-based authentication for iot networks using deep convolutional neural networks. Sensors 21(6):2009

    Article  Google Scholar 

  • Nandy T, Idris MYIB, Noor RM, Kiah LM, Lun LS, Juma’at NBA, Ahmedy I, Ghani NA, Bhattacharyya S (2019) Review on security of internet of things authentication mechanism. IEEE Access 7:151054–151089

    Article  Google Scholar 

  • Pu C, Li Y (2020) Lightweight authentication protocol for unmanned aerial vehicles using physical unclonable function and chaotic system. In: 2020 IEEE International Symposium on local and metropolitan area networks (LANMAN, IEEE), pp 1–6

  • Schmidt B, Meier S, Cremers C, Basin D (2012) Automated analysis of Diffie-Hellman protocols and advanced security properties. In: 2012 IEEE 25th Computer Security Foundations Symposium, IEEE, pp 78–94

  • Yanambaka VP, Mohanty SP, Kougianos E, Puthal D (2019) Pmsec: physical unclonable function-based robust and lightweight authentication in the internet of medical things. IEEE Trans Consum Electron 65(3):388–397

    Article  Google Scholar 

  • Zerrouki F, Ouchani S, Bouarfa H (2021a) A generation and recovery framework for silicon pufs based cryptographic key. In: International Conference on model and data engineering, vol 1481. Springer, pp 121–137

  • Zerrouki F, Ouchani S, Bouarfa H (2021b) A low-cost authentication protocol using arbiter-puf. In: International Conference on model and data engineering, vol 12732. Springer, pp 101–116

  • Zerrouki F, Ouchani S, Bouarfa H (2022) A survey on silicon pufs. J Syst Arch 127:102514

    Article  Google Scholar 

  • Zhang J, Rajendran S, Sun Z, Woods R, Hanzo L (2019) Physical layer security for the internet of things: authentication and key generation. IEEE Wirel Commun 26(5):92–98

    Article  Google Scholar 

  • Zheng Y, Liu W, Gu C, et al (2021) Puf-based mutual authentication and key-exchange protocol for peer-to-peer iot applications

  • Zhou Q, He Y, Yang K, Chi T (2021) 12.3 exploring puf-controlled pa spectral regrowth for physical-layer identification of iot nodes. In: 2021 IEEE International Solid-State Circuits Conference (ISSCC), IEEE, vol 64, pp 204–206

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Fahem Zerrouki.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Verifpal code

Verifpal code

figure j

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zerrouki, F., Ouchani, S. & Bouarfa, H. PUF-based mutual authentication and session key establishment protocol for IoT devices. J Ambient Intell Human Comput 14, 12575–12593 (2023). https://doi.org/10.1007/s12652-022-04321-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12652-022-04321-x

Keywords

Navigation