The cloud-based Internet of Things (IoT) enables the creation of innovative computer applications based on sensing, analyzing, and controlling the physical world. IoT deployments, however, are at a particular risk of counterfeiting, through which an adversary can corrupt the entire ecosystem. Therefore, entity authentication of edge devices is considered an essential part of the security of IoT systems. This research addresses the challenge of generating a unique ID in IoT devices. Unique IDs allow the IoT system maker to identify each edge device, and to ensure that only genuine devices can upload data to the cloud. Traditional ID mechanisms are not feasible in IoT, due to the edge device’s constrained runtime environment, or the additional costs and the deployment difficulties that they introduce. In this work, we present JULIET-PUF, a novel PUF-based method for IoT identification, which relies on SRAM content retrieval after power glitches with time differences. Our scheme comes with no added hardware cost on the edge device. We evaluate JULIET-PUF using a dataset of 24 units of a popular commercial IoT device, and show that it is on average 95.58 times more secure than the common use of SRAM-PUF.
Read full abstract