Security primitives for memoryless IoT devices based on Physical Unclonable Functions and True Random Number Generators

Abstract

The article describes various security primitives for significantly resource-constrained devices, such as sensors or sensor networks, IoT devices, wearables, etc. — i.e., devices without programmable memory. It is dedicated to parts which cannot handle complex algorithms of modern secure cryptography, cannot be equipped with programmable memories, or their circuits or data in permanent memories can be easily reverse-engineered. Instead, all security techniques (e.g., identification, authentication, and encryption) are based on modern hardware cryptography, mainly: physical unclonable functions (PUFs) and true random number generators (TRNGs). The paper addresses numerous issues from untraceable identification to mutual authentication to one-time pad encryption. The communication security is considered to be a trade-off between the device’s resources (processing ability, energy consumption, implementation size, response time), preparation complicity (initialization time, size of a server data storage) and the security capabilities and protection levels. Primitives can be included into the communication protocol based on particular needs and available hardware resources.