A lightweight PUF-based authentication protocol

TL;DR

This paper introduces a co-designed lightweight authentication protocol for IoT devices using an obfuscated arbiter PUF, enhancing resistance to modeling attacks while maintaining low resource requirements.

Contribution

It presents a novel PUF and protocol co-design that obfuscates challenge bits, achieving high attack resistance with minimal resource overhead.

Findings

The obfuscated PUF resists modeling attacks under certain conditions.

The protocol effectively leverages PUF resistance to enhance security.

Experimental results support the protocol's low resource and high security claims.

Abstract

Lightweight authentication is essential for resource-constrained Internet-of-Things (IoT). Implementable with low resource and operable with low power, Physical Unclonable Functions (PUFs) have the potential as hardware primitives for implementing lightweight authentication protocols. The arbiter PUF (APUF) is probably the most lightweight strong PUF capable of generating exponentially many challenge-response pairs (CRPs), a desirable property for authentication protocols, but APUF is severely weak against modeling attacks. Efforts on PUF design have led to many PUFs of higher resistance to modeling attacks and also higher area overhead. There are also substantial efforts on protocol development, some leverage PUFs' strength in fighting modeling attacks, and some others employ carefully designed protocol techniques to obfuscate either the challenges or the responses with modest increase of area overhead for some or increased operations for some others. To attain both low resource footprint and high modeling attack resistance, in this paper we propose a co-design of PUF and protocol, where the PUF consists of an APUF and a zero-transistor interface that obfuscates the true challenge bits fed to the PUF. The obfuscated PUF possesses rigorously proven potential and experimentally supported performance against modeling attacks when a condition is met, and the protocol provides the condition required by the PUF and leverages the PUF's modeling resistance to arrive at low resource overhead and high operational simplicity, enabling lightweight authentications while resisting modeling attacks.