A PUF-based Keyless Authentication Paradigm for Secure IoT Systems

Abstract

The Internet of Things (IoT) drives innovation at individual and industrial scales, introducing massive interconnecting devices with varying security requirements. Authenticating these devices has emerged as a critical challenge, especially for constrained devices. In this context, Physically Unclonable Functions (PUFs) have gained popularity as promising hardware security primitives that offer lightweight and efficient solutions. Despite PUFs’ potential, they are susceptible to modeling attacks, leading researchers to explore new design approaches to increase their resiliency.

This research addresses these challenges by developing different Arbiter PUF (APUF) solutions applicable to various applications from constrained devices to those requiring high security and post-quantum protection. First, a taxonomy of consumer IoT ( CIoT) and industrial IoT (IIoT) was presented to identify their distinguishing aspects. Addressing IoT security effectively requires considering the specific needs of different types of IoT applications, mainly consumer and industrial IoT. Second, a detailed analysis of APUF-based designs was conducted, measuring each design’s security scalability. This work evaluates the area and security of studied designs and defines an efficiency metric as security gain per area. Therefore, it showcases how the security of each of the studied design approaches scales in terms of area versus security, providing a guideline and insight for developers and for future improvement.

Third, obfuscating techniques were introduced to secure APUF against modeling attacks. The methods implement transformation functions to obscure and safeguard the responses from modeling attacks. The first technique incorporates weak PUFs to fortify strong PUFs. The second technique encodes the challenges into constant weight vectors before generating the response. In addition, Dynamic Feedforward PUF was introduced to enhance the original Feedforward PUF. The method has two levels of configuration and incorporates randomness in the response generation process.

Finally, a post-quantum PUF-driven authentication and message exchange framework (McPQ-PUF) was developed. This hybrid authentication and secret message exchange scheme utilizes two security primitives: APUF and McEliece, a post-quantum resilient Public Key Encryption (PKE). The McPQ-PUF framework is resilient against modeling and quantum attacks. This dissertation’s contribution should facilitate PUF-based authentication in an IoT environment. It provides secure and efficient solutions that address IoT ecosystems’ diverse security needs.