Public-Key Based Authentication Architecture for IoT Devices Using PUF

Nowadays, Internet of Things (IoT) is a trending topic in the computing world. Notably, IoT devices have strict design requirements and are often referred to as constrained devices. Therefore, security techniques and primitives that are lightweight are more suitable for such devices, e.g., Static Random-Access Memory (SRAM) Physical Unclonable Functions (PUFs) and Elliptic Curve Cryptography (ECC). SRAM PUF is an intrinsic security primitive that is seeing widespread adoption in the IoT segment. ECC is a public-key algorithm technique that has been gaining popularity among constrained IoT devices. The popularity is due to using significantly smaller operands when compared to other public-key techniques such as RSA (Rivest Shamir Adleman). This paper shows the design, development, and evaluation of an application-specific secure communication architecture based on SRAM PUF technology and ECC for constrained IoT devices. More specifically, it introduces an Elliptic Curve Diffie-Hellman (ECDH) public-key based cryptographic protocol that utilizes PUF-derived keys as the root-of-trust for silicon authentication. Also, it proposes a design of a modular hardware architecture that supports the protocol. Finally, to analyze the practicality as well as the feasibility of the proposed protocol, we demonstrate the solution by prototyping and verifying a protocol variant on the commercial Xilinx Zynq-7000 APSoC device

A PUF-based hardware mutual authentication protocol

Physically Unclonable Functions (PUFs) represent a promising security primitive due to their unclonability, uniqueness and tamper-evident properties, and have been recently exploited for device identification and authentication, and for secret key generation and storage purposes. In this paper, we present PHEMAP (Physical Hardware-Enabled Mutual Authentication Protocol), that allows to achieve mutual authentication in a one-to-many communication scenario, where multiple devices are connected to a sink node. The protocol exploits the recursive invocation of the PUF embedded on the devices to generate sequences (chains) of values that are used to achieve synchronization among communicating parties. We demonstrate that, under reasonable assumptions, PHEMAP is secure and robust against man-in-the-middle attacks and other common physical attacks. We discuss PHEMAP performance in several operation conditions, by measuring the efficiency of the protocol when varying some of the underlying parameters. Finally, we present an implementation of PHEMAP on devices hosting an FPGA belonging to the Xilinx Zynq-7000 family and embedding an Anderson PUF architecture, and show that the computation and hardware overhead introduced by the protocol makes it feasible for commercial mid-range devices. © 2018 Elsevier Inc

Physical Unclonability Framework for the Internet of Things

Ph. D. ThesisThe rise of the Internet of Things (IoT) creates a tendency to construct unified architectures with a great number of edge nodes and inherent security risks due to centralisation. At the same time, security and privacy defenders advocate for decentralised solutions which divide the control and the responsibility among the entirety of the network nodes. However, spreading secrets among several parties also expands the attack surface. This conflict is in part due to the difficulty in differentiating between instances of the same hardware, which leads to treating physically distinct devices as identical. Harnessing the uniqueness of each connected device and injecting it into security protocols can provide solutions to several common issues of the IoT. Secrets can be generated directly from this uniqueness without the need to manually embed them into devices, reducing both the risk of exposure and the cost of managing great numbers of devices. Uniqueness can then lead to the primitive of unclonability. Unclonability refers to ensuring the difficulty of producing an exact duplicate of an entity via observing and measuring the entity’s features and behaviour. Unclonability has been realised on a physical level via the use of Physical Unclonable Functions (PUFs). PUFs are constructions that extract the inherent unclonable features of objects and compound them into a usable form, often that of binary data. PUFs are also exceptionally useful in IoT applications since they are low-cost, easy to integrate into existing designs, and have the potential to replace expensive cryptographic operations. Thus, a great number of solutions have been developed to integrate PUFs in various security scenarios. However, methods to expand unclonability into a complete security framework have not been thoroughly studied. In this work, the foundations are set for the development of such a framework through the formulation of an unclonability stack, in the paradigm of the OSI reference model. The stack comprises layers propagating the primitive from the unclonable PUF ICs, to devices, network links and eventually unclonable systems. Those layers are introduced, and work towards the design of protocols and methods for several of the layers is presented. A collection of protocols based on one or more unclonable tokens or authority devices is proposed, to enable the secure introduction of network nodes into groups or neighbourhoods. The role of the authority devices is that of a consolidated, observable root of ownership, whose physical state can be verified. After their introduction, nodes are able to identify and interact with their peers, exchange keys and form relationships, without the need of continued interaction with the authority device. Building on this introduction scheme, methods for establishing and maintaining unclonable links between pairs of nodes are introduced. These pairwise links are essential for the construction of relationships among multiple network nodes, in a variety of topologies. Those topologies and the resulting relationships are formulated and discussed. While the framework does not depend on specific PUF hardware, SRAM PUFs are chosen as a case study since they are commonly used and based on components that are already present in the majority of IoT devices. In the context of SRAM PUFs and with a view to the proposed framework, practical issues affecting the adoption of PUFs in security protocols are discussed. Methods of improving the capabilities of SRAM PUFs are also proposed, based on experimental data.School of Engineering Newcastle Universit