A PUF-based provably secure message authentication algorithm and application

Abstract

Message authentication code (MAC), widely used in all kinds of information systems, is a symmetric cryptographic algorithm that checks message integrity and source authenticity. However, when the devices running MAC face physical invasion, the attacker can extract the keys inside and generate valid tags by directly reading the memory or adjusting the circuits. In this paper, we propose PUF-MAC, a new MAC algorithm based on the physically unclonable function (PUF), which is constructed from the hash function and PUF. The PUF is a kind of data mapping entity with unclonable internal structures and unpredictable outputs. The difference between mappings preserved by PUF entities originates from minor variations in the physical environment during production. The communicating parties can apply the PUF to form the shared secret key. Under the standard security model, this paper inductively proves that PUF-MAC satisfies the existential unforgeability under a chosen message attack, and the EUF-CMA security of PUF-MAC relies on the (weak) collision resistance of hash and the EUF-CMA security of PUF. Additionally, this paper recasts PUF-MAC into a key agreement protocol with forward/backward security, along with a bilateral authentication protocol by which its practicability is indicated. A comparison with other MAC reveals that PUF-MAC is indeed lightweight and easy to deploy, and PUF-MAC requires no pre-established PUF responses. The involvement of the PUF allows an attacker to forge a valid tag even after retrieving the key, thereby ensuring communication security.