Physically Unclonable Function (PUF) a Lightweight Security Primitive for IoT: Scope and Challenges

Abstract

Internet of Things (IoT) devices is constrained in memory, energy, and computation power. The security of IoT is often overlooked to cope with extreme resource constraints. Also, the high-end cryptographic primitives are less feasible for low-cost IoT devices due to the prohibitive resource demand. Moreover, the conventional cryptographic primitives are insufficient to ensure the desired security in an unmonitored environment. In this context, physically unclonable function (PUF), low-cost security primitive, can be adapted to ensure security from the hardware root. The distinctive features of PUF like tamper evidence property, unclonable, and on-the-fly key generation make it promising security primitive for IoT. With the ever-growing domain of IoT, PUF is simultaneously being adapted in different emerging applications. The PUF-enabled IoT device can facilitate low-cost, unique authentication and prevent attacks like tampering, and cloning. However, increasing computation power is making PUFs susceptible to model-building attacks. Also, the unmonitored nature of IoT devices increases the possibility of attacks on PUF when adapted to IoT. Different techniques are introduced in the literature to resist attacks on PUF considering IoT. However, these techniques need to be lightweight to support the constraints of IoT as well as should be able to prevent the attacks specific to IoT. In this work, we have discussed different PUF designs, their applications, limitations, and scope in the context of IoT. Also, we have reviewed recent PUF-based security protocols, their limitations, and their challenges.