CPAKA: Mutual Authentication and Key Agreement Scheme Based on Conditional PUF in Space-Air-Ground Integrated Network

The space-air-ground integrated network (SAGIN) has a stringent demand on the efficiency of authentication protocols deployed in the devices that have been launched into the air and space. In this article, we define the concept of the security model of conditional physical unclonable function (CPUF) that guarantees the security of the protocol while allowing the use of PUFs that can be modeled. We then propose a CPUF-based authentication and key agreement (AKA) scheme, named CPAKA, that addresses the challenges of device key leakage and inefficient authentication in resource-asymmetric environments. The CPAKA scheme embeds PUFs in weak nodes and deploys prediction models corresponding to the PUFs in strong nodes, eliminating the need to store challenge-response pairs or perform complex calculations. We formally prove the protocol's security under the decisional uniqueness assumption of CPUF and the universal composability framework, and we analyze its secrecy and authentication properties using the Tamarin prover. We also implement an Arbiter PUF on the ZYNQ-7020 FPGA, verify its accuracy through experiments, and show that CPAKA is secure, efficient, and suitable for SAGIN. Our CPAKA scheme greatly reduces computing and storage costs while improving authentication efficiency compared to traditional schemes.