Saudi Cultural Missions Theses & Dissertations
Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10
Browse
1 results
Search Results
Item Restricted LIGHTWEIGHT MUTUAL AUTHENTICATION PROTOCOLS FOR IOT SYSTEMS(University of Maryland Baltimore County, 2024) Alkanhal, Mona; Younis, MohamedThe Internet of Things (IoT) refers to the large-scale internetworking of diverse devices, many of them with very limited computational resources. Given the ad-hoc formation of the network and dynamic membership of nodes, device authentication is critical to prevent malicious devices from joining the network and impersonating legitimate nodes. The most popular authentication strategy in the literature is to pursue asymmetric cryptography. Such a solution is costly in terms of computing resources and power consumption and thus is not suitable for IoT devices which are often resource constrained. Moreover, due to the autonomous nature of the IoT nodes, relying on an intermediary server to manage the authentication process induces overhead and consequently decreases the network efficacy. Thus, the authentication process should be geared for nodes that operate autonomously. This dissertation opts to fulfill the aforementioned requirements by developing a library of lightweight authentication protocols that caterers for variant IoT applications. We consider a hardware-based security primitive, namely Physical Unclonable Functions (PUFs). A PUF benefits from the random and uncontrollable variations experienced during the manufacturing of integrated circuits in constructing a device signature that uniquely maps input bits, referred to as challenge, into an output bit(s) that reflects the PUF response. A fundamental issue with distributed authentication using PUFs is that the challenge-response exchange is among IoT nodes rather than the secure server and hence becomes subject to increased vulnerability to attacks. Particularly, eavesdroppers could intercept the inter-node interactions to collect sufficient challenge-response pairs (CRPs) for modeling the underlying PUF using machine learning (ML) techniques. Obfuscating the challenge and response through encryption is not practical since it requires network-wide management of secret keys and diminishes the advantages of PUFs. The dissertation tackles the aforementioned challenges. We first develop a novel authentication mechanism that is based on the incorporation of a PUF in each device. Our mechanism enables the challenge bit string intended by a verifier δy to be inferred by a prover δx rather than being explicitly sent. The proposed mechanism also obfuscates the shared information to safeguard it from eavesdroppers who strive to model the underlying PUF using machine learning techniques. Secondly, we further combine the advantage of PUFs, and the agility and configurability of physical-layer communication mechanisms, specifically the Multi-Input Multi Output (MIMO) method. We devise a protocol that utilizes an innovative method to counter attackers who might intercept the communication between δy and δx and uncover a set of CRPs to model δx’s PUF. Our protocol encodes the challenge bit using MIMO antennas array in a manner that is controlled by the verifier and that varies overtime. Additionally, we derive a two-factors authentication protocol by associating a Radio Frequency (RF) fingerprint with PUF. Such a unique combination obviates the need for traditional identification methods that rely on key storage for authentication. This identification mechanism enables the protocol to obfuscate the PUF response, circumventing the need for the incorporation of cryptographic primitives. Since both the PUF and the RF-fingerprint are based on unintended variations caused by manufacturing, we aim to increase robustness and mitigate the potential effect of noise by applying the fuzzy extractor. Such a protocol does not retain CRPs of a node during the enrollment phase, nor does it incorporate a cryptosystem. All the aforementioned techniques enable mutual authentication of two devices without the involvement of a trusted third party. The experimental results demonstrate the efficacy of the proposed protocols against modeling attacks and impersonation attempts.15 0