PUF‐Based Authentication and Key Exchange for Internet of Things

Abstract

Key agreement between two constrained IoT devices that have never met each other is an essential feature to provide in order to establish trust among its users. Physical Unclonable Functions (PUFs) on a device represent a low-cost primitive exploiting the unique random patterns in the device allowing it to generate a unique response for a given challenge. These so-called challenge-response pairs (CRPs) are first shared with the verifier and later used in the authentication process. The advantage of a PUF at the IoT is that even when the key material is extracted, an attacker cannot take over the identity of the tampered device. However, in practical applications, the verifier, orchestrating the authentication among the two IoT nodes, represents a cluster node in the field, who might be vulnerable for corruption or attacks, leading to the leakage of the CRPs. Possessing a huge number of CRPs allows its usage in machine learning algorithms reveal the behaviour of the PUF. Therefore, in this chapter we propose a very efficient method to provide authentication between two IoT devices using PUFs and a common trusted cluster node, where the CRPs are not stored in an explicit way. Even when the attacker is able to get access to the database, the stored information related to the CRPs will not be usable input for any type of learning algorithm. The proposed scheme uses only elliptic curve multiplications and additions, instead of the compute intensive pairing operations as an alternative scheme recently proposed in the literature.