A PUF-based unified identity verification framework for secure IoT hardware via device authentication

Abstract

In the era of Internet-of-Things (IoTs), millions of smart devices are interconnected and communicated through networks. To guarantee the security and reliability of data transmission in IoT, the underlying hardware of these devices must first be secure and trusted. However, due to the inherent mobility nature of current embedded devices, IoT hardware could be vulnerable to diverse security threats from multiple malicious participants. Among them, device theft is becoming one of the most challenging security issues that have incurred a serious impact on copyright. To effectively alleviate this threat, silicon physical unclonable function (PUF) has been presented and considered to be a reliable anti-piracy solution to complete the device authentication and key storage. However, current PUF solutions are mostly focused on chip-level verification and cannot provide systematic identification and authentication. To this end, this article proposes a unified identity verification framework which can provide fine-grained protection for embedded devices against theft attacks from the system level. This framework is established on a series of PUF circuits that have been implanted into each individual chip of the devices. We first improve the configurable ring oscillator (CRO) PUFs with the latch structure. Therefore, a unique sub-digital signature of each chip can be generated by performing the challenge-response strategy. We then reassemble all the sub-digital signatures and encode them to acquire the unique fingerprint of each embedded device, so as to achieve system-level device identification and authentication. Any substitution of an individual or all chips in the devices will result in the inconsistencies of the system-level fingerprint. We implement and verify the proposed scheme on the field programmable gate array (FPGA) platforms. Experimental results illustrate that the proposed framework can uniquely and accurately identify any or all of the thefts to the embedded system hardware at low silicon overhead.