A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data

IF 6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2024-10-08 DOI:10.1016/j.iot.2024.101389

Roberto Román, Rosario Arjona, Iluminada Baturone

{"title":"A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data","authors":"Roberto Román, Rosario Arjona, Iluminada Baturone","doi":"10.1016/j.iot.2024.101389","DOIUrl":null,"url":null,"abstract":"<div><div>Physical Unclonable Functions (PUFs) are widely used to authenticate electronic devices because they take advantage of random variations in the manufacturing process that are unique to each device and cannot be cloned. Therefore, each device can be uniquely identified and counterfeit devices can be detected. Weak PUFs, which support a relatively small number of challenge-response pairs (CRPs), are simple and easy to construct. Device authentication with weak PUFs typically uses helper data to obfuscate and recover a cryptographic key that is then required by a cryptographic authentication scheme. However, these schemes are vulnerable to helper-data attacks and many of them do not protect conveniently the PUF responses, which are sensitive data, as well as are not resistant to attacks performed by quantum computers. This paper proposes an authentication scheme that avoids the aforementioned weaknesses by not using helper data, protecting the PUF response with a quantum-safe homomorphic encryption, and by using a two-server setup. Specifically, the CRYSTALS-Kyber public key cryptographic algorithm is used for its quantum resistance and suitability for resource-constrained Internet-of-Things (IoT) devices. The practicality of the proposal was tested on an ESP32 microcontroller using its internal SRAM as a SRAM PUF. For PUF responses of 512 bits, the encryption execution time ranges from 16.41 ms to 41.08 ms, depending on the desired level of security. In terms of memory, the device only needs to store between 800 and 1,568 bytes. This makes the solution post-quantum secure, lightweight and affordable for IoT devices with limited computing, memory, and power resources.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"28 ","pages":"Article 101389"},"PeriodicalIF":6.0000,"publicationDate":"2024-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660524003305","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Physical Unclonable Functions (PUFs) are widely used to authenticate electronic devices because they take advantage of random variations in the manufacturing process that are unique to each device and cannot be cloned. Therefore, each device can be uniquely identified and counterfeit devices can be detected. Weak PUFs, which support a relatively small number of challenge-response pairs (CRPs), are simple and easy to construct. Device authentication with weak PUFs typically uses helper data to obfuscate and recover a cryptographic key that is then required by a cryptographic authentication scheme. However, these schemes are vulnerable to helper-data attacks and many of them do not protect conveniently the PUF responses, which are sensitive data, as well as are not resistant to attacks performed by quantum computers. This paper proposes an authentication scheme that avoids the aforementioned weaknesses by not using helper data, protecting the PUF response with a quantum-safe homomorphic encryption, and by using a two-server setup. Specifically, the CRYSTALS-Kyber public key cryptographic algorithm is used for its quantum resistance and suitability for resource-constrained Internet-of-Things (IoT) devices. The practicality of the proposal was tested on an ESP32 microcontroller using its internal SRAM as a SRAM PUF. For PUF responses of 512 bits, the encryption execution time ranges from 16.41 ms to 41.08 ms, depending on the desired level of security. In terms of memory, the device only needs to store between 800 and 1,568 bytes. This makes the solution post-quantum secure, lightweight and affordable for IoT devices with limited computing, memory, and power resources.

查看原文本刊更多论文

使用同态加密和无辅助数据的弱物理不可克隆函数的物联网设备量子安全认证方案

物理不可克隆功能（PUF）被广泛用于验证电子设备，因为它利用了制造过程中的随机变化，这些变化对每个设备都是独一无二的，无法克隆。因此，每个设备都能被唯一识别，假冒设备也能被检测出来。弱 PUF 支持相对较少的挑战-响应对 (CRP)，其构造简单、容易。使用弱 PUF 进行设备验证时，通常会使用辅助数据来混淆和恢复加密密钥，而加密验证方案则需要该密钥。然而，这些方案很容易受到辅助数据攻击，而且许多方案不能方便地保护作为敏感数据的 PUF 响应，也无法抵御量子计算机的攻击。本文提出了一种验证方案，通过不使用辅助数据、使用量子安全同态加密保护 PUF 响应以及使用双服务器设置来避免上述弱点。具体来说，CRYSTALS-Kyber 公钥加密算法具有量子抗性，适合资源受限的物联网（IoT）设备。在 ESP32 微控制器上使用其内部 SRAM 作为 SRAM PUF 测试了该提案的实用性。对于 512 位的 PUF 响应，加密执行时间从 16.41 ms 到 41.08 ms 不等，具体取决于所需的安全级别。在内存方面，设备只需存储 800 到 1,568 字节。这使得该解决方案对于计算、内存和电力资源有限的物联网设备来说，具有后量子安全、轻便和经济实惠的特点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.