Privacy-Preserving Authentication Protocols for IoT Devices Using the SiRF PUF

IF 5.1 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Emerging Topics in Computing Pub Date : 2023-07-20 DOI:10.1109/TETC.2023.3296016

Jim Plusquellic;Eirini Eleni Tsiropoulou;Cyrus Minwalla

{"title":"Privacy-Preserving Authentication Protocols for IoT Devices Using the SiRF PUF","authors":"Jim Plusquellic;Eirini Eleni Tsiropoulou;Cyrus Minwalla","doi":"10.1109/TETC.2023.3296016","DOIUrl":null,"url":null,"abstract":"Authentication between IoT devices is important for maintaining security, trust and data integrity in an edge device ecosystem. The low-power, reduced computing capacity of the IoT device makes public-private, certificate-based forms of authentication impractical, while other lighter-weight, symmetric cryptography-based approaches, such as message authentication codes, are easy to spoof in unsupervised environments where adversaries have direct physical access to the device. Such environments are better served by security primitives rooted in the hardware with capabilities exceeding those available in cryptography-only frameworks. A key foundational hardware security primitive is the physical unclonable function or PUF. PUFs are well known for removing the need to store secrets in secure non-volatile memories, and for providing very large sets of authentication credentials. In this article, we describe two PUF-based mutual authentication protocols rooted in the entropy provided by a strong PUF. The security properties of the authentication protocols, called COBRA and PARCE, are evaluated in hardware experiments on SoC-based FPGAs, and under extended industrial-standard operating conditions. A codesign-based system architecture is presented in which the SiRF PUF and core authentication functions are implemented in the programmable logic as a secure enclave, while network and database operations are implemented in software on an embedded microprocessor.","PeriodicalId":13156,"journal":{"name":"IEEE Transactions on Emerging Topics in Computing","volume":"11 4","pages":"918-933"},"PeriodicalIF":5.1000,"publicationDate":"2023-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Emerging Topics in Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10189381/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Authentication between IoT devices is important for maintaining security, trust and data integrity in an edge device ecosystem. The low-power, reduced computing capacity of the IoT device makes public-private, certificate-based forms of authentication impractical, while other lighter-weight, symmetric cryptography-based approaches, such as message authentication codes, are easy to spoof in unsupervised environments where adversaries have direct physical access to the device. Such environments are better served by security primitives rooted in the hardware with capabilities exceeding those available in cryptography-only frameworks. A key foundational hardware security primitive is the physical unclonable function or PUF. PUFs are well known for removing the need to store secrets in secure non-volatile memories, and for providing very large sets of authentication credentials. In this article, we describe two PUF-based mutual authentication protocols rooted in the entropy provided by a strong PUF. The security properties of the authentication protocols, called COBRA and PARCE, are evaluated in hardware experiments on SoC-based FPGAs, and under extended industrial-standard operating conditions. A codesign-based system architecture is presented in which the SiRF PUF and core authentication functions are implemented in the programmable logic as a secure enclave, while network and database operations are implemented in software on an embedded microprocessor.

查看原文本刊更多论文

使用 SiRF PUF 的物联网设备隐私保护认证协议

物联网设备之间的身份验证对于维护边缘设备生态系统的安全性、信任度和数据完整性非常重要。物联网设备的低功耗和计算能力降低，使得基于公私证书的认证形式变得不切实际，而其他基于对称密码学的轻量级方法（如消息认证码）在对手可以直接物理访问设备的无监督环境中很容易被欺骗。在这种环境下，植根于硬件的安全基元更有优势，其功能超过了纯密码学框架。物理不可解密函数（PUF）是一种关键的基础硬件安全基元。PUF 因无需在安全的非易失性存储器中存储秘密和提供大量验证凭证而闻名。在本文中，我们将介绍两种基于 PUF 的相互验证协议，它们都植根于强 PUF 提供的熵。我们在基于 SoC 的 FPGA 硬件实验中，并在扩展的工业标准操作条件下，评估了名为 COBRA 和 PARCE 的认证协议的安全性能。介绍了一种基于代码设计的系统架构，其中 SiRF PUF 和核心认证功能在可编程逻辑中作为安全飞地实现，而网络和数据库操作则在嵌入式微处理器上通过软件实现。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Emerging Topics in Computing Computer Science-Computer Science (miscellaneous)

CiteScore

12.10

自引率

5.10%

发文量

113

期刊介绍： IEEE Transactions on Emerging Topics in Computing publishes papers on emerging aspects of computer science, computing technology, and computing applications not currently covered by other IEEE Computer Society Transactions. Some examples of emerging topics in computing include: IT for Green, Synthetic and organic computing structures and systems, Advanced analytics, Social/occupational computing, Location-based/client computer systems, Morphic computer design, Electronic game systems, & Health-care IT.