1 research outputs found
Physical Unclonability Framework for the Internet of Things
Ph. D. ThesisThe rise of the Internet of Things (IoT) creates a tendency to construct unified architectures
with a great number of edge nodes and inherent security risks due to centralisation.
At the same time, security and privacy defenders advocate for decentralised solutions
which divide the control and the responsibility among the entirety of the network nodes.
However, spreading secrets among several parties also expands the attack surface.
This conflict is in part due to the difficulty in differentiating between instances of the
same hardware, which leads to treating physically distinct devices as identical. Harnessing
the uniqueness of each connected device and injecting it into security protocols can provide
solutions to several common issues of the IoT. Secrets can be generated directly from this
uniqueness without the need to manually embed them into devices, reducing both the risk
of exposure and the cost of managing great numbers of devices.
Uniqueness can then lead to the primitive of unclonability. Unclonability refers to
ensuring the difficulty of producing an exact duplicate of an entity via observing and
measuring the entity’s features and behaviour. Unclonability has been realised on a physical
level via the use of Physical Unclonable Functions (PUFs). PUFs are constructions
that extract the inherent unclonable features of objects and compound them into a usable
form, often that of binary data. PUFs are also exceptionally useful in IoT applications
since they are low-cost, easy to integrate into existing designs, and have the potential to
replace expensive cryptographic operations. Thus, a great number of solutions have been
developed to integrate PUFs in various security scenarios. However, methods to expand
unclonability into a complete security framework have not been thoroughly studied.
In this work, the foundations are set for the development of such a framework through
the formulation of an unclonability stack, in the paradigm of the OSI reference model. The
stack comprises layers propagating the primitive from the unclonable PUF ICs, to devices,
network links and eventually unclonable systems. Those layers are introduced, and work
towards the design of protocols and methods for several of the layers is presented.
A collection of protocols based on one or more unclonable tokens or authority devices
is proposed, to enable the secure introduction of network nodes into groups or neighbourhoods.
The role of the authority devices is that of a consolidated, observable root of
ownership, whose physical state can be verified. After their introduction, nodes are able
to identify and interact with their peers, exchange keys and form relationships, without
the need of continued interaction with the authority device.
Building on this introduction scheme, methods for establishing and maintaining unclonable
links between pairs of nodes are introduced. These pairwise links are essential for
the construction of relationships among multiple network nodes, in a variety of topologies.
Those topologies and the resulting relationships are formulated and discussed.
While the framework does not depend on specific PUF hardware, SRAM PUFs are
chosen as a case study since they are commonly used and based on components that
are already present in the majority of IoT devices. In the context of SRAM PUFs and
with a view to the proposed framework, practical issues affecting the adoption of PUFs in
security protocols are discussed. Methods of improving the capabilities of SRAM PUFs
are also proposed, based on experimental data.School of Engineering Newcastle Universit