An Attack Resilient PUF-based Authentication Mechanism for Distributed Systems

TL;DR

This paper introduces a distributed PUF-based authentication protocol that enhances security and resilience against modeling, impersonation, and reverse engineering attacks by using node-specific challenge scrambling.

Contribution

It proposes a novel challenge scrambling method dependent on verifier and device, preventing PUF modeling even with collusive malicious nodes.

Findings

Effective in thwarting PUF modeling attacks by collusive actors.

Resilient against impersonation, Sybil, and reverse engineering attacks.

Validated with FPGA-based implementation data.

Abstract

In most PUF-based authentication schemes, a central server is usually engaged to verify the response of the device's PUF to challenge bit-streams. However, the server availability may be intermittent in practice. To tackle such an issue, this paper proposes a new protocol for supporting distributed authentication while avoiding vulnerability to information leakage where CRPs could be retrieved from hacked devices and collectively used to model the PUF. The main idea is to provision for scrambling the challenge bit-stream in a way that is dependent on the verifier. The scrambling pattern varies per authentication round for each device and independently across devices. In essence, the scrambling function becomes node- and packet-specific and the response received by two verifiers of one device for the same challenge bit-stream could vary. Thus, neither the scrambling function can be reverted, nor the PUF can be modeled even by a collusive set of malicious nodes. The validation results using data of an FPGA-based implementation demonstrate the effectiveness of our approach in thwarting PUF modeling attacks by collusive actors. We also discuss the approach resiliency against impersonation, Sybil, and reverse engineering attacks.