Cargando…
On the Security of a PUF-Based Authentication and Key Exchange Protocol for IoT Devices
Recently, Roy et al. proposed a physically unclonable function (PUF)-based authentication and key exchange protocol for Internet of Things (IoT) devices. The PUF protocol is efficient, because it integrates both the Node-to-Node (N2N) authentication and the Node-to-Server (N2S) authentication into a...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2023
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10383870/ https://www.ncbi.nlm.nih.gov/pubmed/37514853 http://dx.doi.org/10.3390/s23146559 |
| _version_ | 1785081017207357440 |
|---|---|
| author | Sun, Da-Zhi Gao, Yi-Na Tian, Yangguang |
| author_facet | Sun, Da-Zhi Gao, Yi-Na Tian, Yangguang |
| author_sort | Sun, Da-Zhi |
| collection | PubMed |
| description | Recently, Roy et al. proposed a physically unclonable function (PUF)-based authentication and key exchange protocol for Internet of Things (IoT) devices. The PUF protocol is efficient, because it integrates both the Node-to-Node (N2N) authentication and the Node-to-Server (N2S) authentication into a standalone protocol. In this paper, we therefore examine the security of the PUF protocol under the assumption of an insider attack. Our cryptanalysis findings are the following. (1) A legitimate but malicious IoT node can monitor the secure communication among the server and any other IoT nodes in both N2N authentication and N2S authentication. (2) A legitimate but malicious IoT node is able to impersonate a target IoT node to cheat the server and any other IoT nodes in N2N authentication and the server in N2S authentication, respectively. (3) A legitimate but malicious IoT node can masquerade as the server to cheat any other target IoT nodes in both N2N authentication and N2S authentication. To the best of our knowledge, our work gives the first non-trivial concrete security analysis for the PUF protocol. In addition, we employ the automatic verification tool of security protocols, i.e., Scyther, to confirm the weaknesses found in the PUF protocol. We finally consider how to prevent weaknesses in the PUF protocol. |
| format | Online Article Text |
| id | pubmed-10383870 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2023 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-103838702023-07-30 On the Security of a PUF-Based Authentication and Key Exchange Protocol for IoT Devices Sun, Da-Zhi Gao, Yi-Na Tian, Yangguang Sensors (Basel) Article Recently, Roy et al. proposed a physically unclonable function (PUF)-based authentication and key exchange protocol for Internet of Things (IoT) devices. The PUF protocol is efficient, because it integrates both the Node-to-Node (N2N) authentication and the Node-to-Server (N2S) authentication into a standalone protocol. In this paper, we therefore examine the security of the PUF protocol under the assumption of an insider attack. Our cryptanalysis findings are the following. (1) A legitimate but malicious IoT node can monitor the secure communication among the server and any other IoT nodes in both N2N authentication and N2S authentication. (2) A legitimate but malicious IoT node is able to impersonate a target IoT node to cheat the server and any other IoT nodes in N2N authentication and the server in N2S authentication, respectively. (3) A legitimate but malicious IoT node can masquerade as the server to cheat any other target IoT nodes in both N2N authentication and N2S authentication. To the best of our knowledge, our work gives the first non-trivial concrete security analysis for the PUF protocol. In addition, we employ the automatic verification tool of security protocols, i.e., Scyther, to confirm the weaknesses found in the PUF protocol. We finally consider how to prevent weaknesses in the PUF protocol. MDPI 2023-07-20 /pmc/articles/PMC10383870/ /pubmed/37514853 http://dx.doi.org/10.3390/s23146559 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Sun, Da-Zhi Gao, Yi-Na Tian, Yangguang On the Security of a PUF-Based Authentication and Key Exchange Protocol for IoT Devices |
| title | On the Security of a PUF-Based Authentication and Key Exchange Protocol for IoT Devices |
| title_full | On the Security of a PUF-Based Authentication and Key Exchange Protocol for IoT Devices |
| title_fullStr | On the Security of a PUF-Based Authentication and Key Exchange Protocol for IoT Devices |
| title_full_unstemmed | On the Security of a PUF-Based Authentication and Key Exchange Protocol for IoT Devices |
| title_short | On the Security of a PUF-Based Authentication and Key Exchange Protocol for IoT Devices |
| title_sort | on the security of a puf-based authentication and key exchange protocol for iot devices |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10383870/ https://www.ncbi.nlm.nih.gov/pubmed/37514853 http://dx.doi.org/10.3390/s23146559 |
| work_keys_str_mv | AT sundazhi onthesecurityofapufbasedauthenticationandkeyexchangeprotocolforiotdevices AT gaoyina onthesecurityofapufbasedauthenticationandkeyexchangeprotocolforiotdevices AT tianyangguang onthesecurityofapufbasedauthenticationandkeyexchangeprotocolforiotdevices |