Collusion-resistant PUF-based Distributed Device Authentication Protocol for Internet of Things

Abstract

The scale, unattended-operation and ad-hoc nature of an Internet-of-Things (IoT) make the network vulnerable to device impersonation, message replay, and Sybil attacks by either external actors or compromised nodes. This paper opts to tackle such vulnerability and presents a novel and effective solution for mutual authentication of IoT nodes. The proposed solution calls for embedding a Physically Unclonable Function (PUF) on each device, and employs a lightweight protocol for validating the identity of the individual devices based on querying the PUF. To authenticate a “prover” node, a verifier node will send a challenge bit-stream to the prover, where the latter provides the response of its PUF to such a challenge to be matched by what the verifier expects. To prevent the PUF of a prover from being modeled by an eavesdropper or a collusive set of compromised verifiers, the proposed protocol makes the response to a challenge dependent on the verifier. In addition, our protocol combines such an identity-based response generation with a simple Elliptic curve to thwart any attempts by a compromised verifier to reverse engineer the response generation process. The robustness of our PUF-based IoT Device Authentication (PIDA) protocol, is validated using data collected from an FPGA-based implementation.