PUF-based user access control scheme for IoT environment

Abstract

A very important part of any software or hardware associated with the Internet of Things (IoT) is the User Access Control. User Access Control deals with the important security features like authenticating a legitimate user, authorizing a user, etc. A very effective and secure way to ensure the user access control is: three factor user access control. Some three factor user authentication schemes have been developed in the past, brief details regarding them can be found in further sections of the paper. In this paper, we propose a new three factor user access control scheme. Our proposed scheme is based on Mandal et. al.’s user access control scheme published recently. Our scheme involves the use of lightweight cryptographic primitives like Physically Unclonable Function (PUF), one way cryptographic hash function and bitwise exclusive OR (XOR) operations. PUFs make the scheme very lightweight and efficient as compared to other schemes of similar nature. The three factors used in our scheme are: registered device of the user, personal biometrics of the user and password of the user. We present the informal security analysis to show that our scheme is safe from several known attacks.