Abstract
Nowadays, more constrained devices are becoming connected, building an extensive Internet of Things (IoT) network, but suffering from many security issues. In particular, authentication has become a severe research challenge for IoT systems. Furthermore, confidentiality, integrity, and availability are considered the core underpinnings of information security in general. Unfortunately, deploying conventional authentication protocols for IoT devices in practice is challenging for two main reasons. First, IoT devices have limited memory capacity, processing power, and energy resources. Second, these protocols store secret keys in the IoT devices’ volatile memory, making them vulnerable to physical attacks. Luckily, Physical Unclonable Functions (PUF) has emerged as promising low-cost security primitive. A PUF eliminates the need to store secret keys in device memory, making it a potential alternative to deploying more secure and low-cost authentication protocol schemes for IoT systems. Thing-to-Thing (T2T) or direct connection between IoT devices represents a promising technique to enable things to communicate directly without the need for a trusted third party. This paper proposes two novel lightweight Mutual Authentication and Key Exchange Protocols (MAKEP) for IoT devices using PUF. The first scheme, called T2S-MAKEP, ensures secure communication for Thing-to-Server (T2S). The second, called T2T-MAKEP, allows two endpoints of resource-constrained IoT devices, each with an embedded PUF circuit, to communicate securely. Both proposed protocols, T2T-MAKEP and T2S-MAKEP, allow for robust authentication without storing any information on the device’s memory and simultaneously establish the session key exchange. Our proposed protocols have been verified and validated using the automatic security analysis checker, Verifpal.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.