3 research outputs found
Public-Key Based Authentication Architecture for IoT Devices Using PUF
Nowadays, Internet of Things (IoT) is a trending topic in the computing
world. Notably, IoT devices have strict design requirements and are often
referred to as constrained devices. Therefore, security techniques and
primitives that are lightweight are more suitable for such devices, e.g.,
Static Random-Access Memory (SRAM) Physical Unclonable Functions (PUFs) and
Elliptic Curve Cryptography (ECC). SRAM PUF is an intrinsic security primitive
that is seeing widespread adoption in the IoT segment. ECC is a public-key
algorithm technique that has been gaining popularity among constrained IoT
devices. The popularity is due to using significantly smaller operands when
compared to other public-key techniques such as RSA (Rivest Shamir Adleman).
This paper shows the design, development, and evaluation of an
application-specific secure communication architecture based on SRAM PUF
technology and ECC for constrained IoT devices. More specifically, it
introduces an Elliptic Curve Diffie-Hellman (ECDH) public-key based
cryptographic protocol that utilizes PUF-derived keys as the root-of-trust for
silicon authentication. Also, it proposes a design of a modular hardware
architecture that supports the protocol. Finally, to analyze the practicality
as well as the feasibility of the proposed protocol, we demonstrate the
solution by prototyping and verifying a protocol variant on the commercial
Xilinx Zynq-7000 APSoC device
A PUF-based hardware mutual authentication protocol
Physically Unclonable Functions (PUFs) represent a promising security primitive due to their unclonability, uniqueness and tamper-evident properties, and have been recently exploited for device identification and authentication, and for secret key generation and storage purposes. In this paper, we present PHEMAP (Physical Hardware-Enabled Mutual Authentication Protocol), that allows to achieve mutual authentication in a one-to-many communication scenario, where multiple devices are connected to a sink node. The protocol exploits the recursive invocation of the PUF embedded on the devices to generate sequences (chains) of values that are used to achieve synchronization among communicating parties. We demonstrate that, under reasonable assumptions, PHEMAP is secure and robust against man-in-the-middle attacks and other common physical attacks. We discuss PHEMAP performance in several operation conditions, by measuring the efficiency of the protocol when varying some of the underlying parameters. Finally, we present an implementation of PHEMAP on devices hosting an FPGA belonging to the Xilinx Zynq-7000 family and embedding an Anderson PUF architecture, and show that the computation and hardware overhead introduced by the protocol makes it feasible for commercial mid-range devices. © 2018 Elsevier Inc
Physical Unclonability Framework for the Internet of Things
Ph. D. ThesisThe rise of the Internet of Things (IoT) creates a tendency to construct unified architectures
with a great number of edge nodes and inherent security risks due to centralisation.
At the same time, security and privacy defenders advocate for decentralised solutions
which divide the control and the responsibility among the entirety of the network nodes.
However, spreading secrets among several parties also expands the attack surface.
This conflict is in part due to the difficulty in differentiating between instances of the
same hardware, which leads to treating physically distinct devices as identical. Harnessing
the uniqueness of each connected device and injecting it into security protocols can provide
solutions to several common issues of the IoT. Secrets can be generated directly from this
uniqueness without the need to manually embed them into devices, reducing both the risk
of exposure and the cost of managing great numbers of devices.
Uniqueness can then lead to the primitive of unclonability. Unclonability refers to
ensuring the difficulty of producing an exact duplicate of an entity via observing and
measuring the entity’s features and behaviour. Unclonability has been realised on a physical
level via the use of Physical Unclonable Functions (PUFs). PUFs are constructions
that extract the inherent unclonable features of objects and compound them into a usable
form, often that of binary data. PUFs are also exceptionally useful in IoT applications
since they are low-cost, easy to integrate into existing designs, and have the potential to
replace expensive cryptographic operations. Thus, a great number of solutions have been
developed to integrate PUFs in various security scenarios. However, methods to expand
unclonability into a complete security framework have not been thoroughly studied.
In this work, the foundations are set for the development of such a framework through
the formulation of an unclonability stack, in the paradigm of the OSI reference model. The
stack comprises layers propagating the primitive from the unclonable PUF ICs, to devices,
network links and eventually unclonable systems. Those layers are introduced, and work
towards the design of protocols and methods for several of the layers is presented.
A collection of protocols based on one or more unclonable tokens or authority devices
is proposed, to enable the secure introduction of network nodes into groups or neighbourhoods.
The role of the authority devices is that of a consolidated, observable root of
ownership, whose physical state can be verified. After their introduction, nodes are able
to identify and interact with their peers, exchange keys and form relationships, without
the need of continued interaction with the authority device.
Building on this introduction scheme, methods for establishing and maintaining unclonable
links between pairs of nodes are introduced. These pairwise links are essential for
the construction of relationships among multiple network nodes, in a variety of topologies.
Those topologies and the resulting relationships are formulated and discussed.
While the framework does not depend on specific PUF hardware, SRAM PUFs are
chosen as a case study since they are commonly used and based on components that
are already present in the majority of IoT devices. In the context of SRAM PUFs and
with a view to the proposed framework, practical issues affecting the adoption of PUFs in
security protocols are discussed. Methods of improving the capabilities of SRAM PUFs
are also proposed, based on experimental data.School of Engineering Newcastle Universit