Joint Heterogeneous PUF-Based Security-Enhanced IoT Authentication

Abstract

This study proposes a novel authentication scheme that provides enhanced security for Internet of Things (IoT) applications by integrating a radio frequency (RF) physical unclonable function (PUF) with a device PUF. While traditional PUF-based authentication methods are lightweight, they are vulnerable to replay attacks because challenge-response pairs (CRPs) are exposed to adversaries over wireless channels. To prevent CRP exposure, we propose a joint scheme that integrates the physical layer features of wireless channels with those of the device PUF. Our authentication process consists of two stages: an enrollment stage and an authentication stage. During the enrollment stage, the physical features of the static random-access memory (SRAM) in the IoT devices are shared with the server, which generates a hashing model using the amplitudes of channel state information (CSI) as the RF-PUF and transfers it to the IoT device. In the authentication stage, the server and IoT devices exchange pilot signals to estimate the shared CSI. Both parties then generate the challenge information using the hashing model, which depends on the CSI. The challenge information is mapped to the response of the device PUF as the cryptographic key. If both parties are legitimate, the proposed model is updated through CSI amplitudes. We evaluated the proposed authentication protocol using a testbed based on Raspberry Pi and acquired a CSI dataset and SRAM-PUF using universal software radio peripheral and Arduino, respectively. Numerical results demonstrate that our method effectively defends against diverse attacks, even in critical CRP exposure scenarios.