Paper 2021/1509

More Lessons: Analysis of PUF-based Authentication Protocols for IoT

Karim Lounis and Mohammad Zulkernine

Abstract

Authentication constitutes the foundation and vertebrae of all security properties. It is the procedure in which communicating parties prove their identities to each other, and generally establish and derive secret keys to enforce other services, such as confidentiality, data integrity, non-repudiation, and availability. PUFs (Physical Unclonable Functions) has been the subject of many subsequent publications on lightweight, lowcost, and secure-by-design authentication protocols. This has turned our attention to investigate the most recent PUF-based authentication protocols for IoT. In [1], we reviewed the security of some PUF-based authentication protocols that were proposed between 2016 and October 2020, and drew important security lessons to consider by future authentication protocol designers. In this paper, we extend our previous work by reviewing the security of fifteen PUF-based authentication protocols that were recently published during the past two years (2020 and 2021). We first provide the necessary background on PUFs and how they are used for authentication. Then, we analyze the security of these authentication protocols to identify and report common security issues and design flaws. We draw lessons and recommendations for future authentication protocol designers

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
Physical Unclonable Functions (PUFs)PUFbased authenticationPUF securityand PUF attacks
Contact author(s)
karim lounis @ queensu ca
History
2021-11-15: received
Short URL
https://ia.cr/2021/1509
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1509,
      author = {Karim Lounis and Mohammad Zulkernine},
      title = {More Lessons: Analysis of {PUF}-based Authentication Protocols for {IoT}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/1509},
      year = {2021},
      url = {https://eprint.iacr.org/2021/1509}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.