Publication:
Challenging the security of "A PUF-based hardware mutual authentication protocol"

Loading...
Thumbnail Image
Identifiers
Publication date
2022-11
Defense date
Advisors
Tutors
Journal Title
Journal ISSN
Volume Title
Publisher
Elsevier
Impact
Google Scholar
Export
Research Projects
Organizational Units
Journal Issue
Abstract
Recently, using Physical Unclonable Functions (PUF) to design lightweight authentication protocols for constrained environments such as the Internet of Things (IoT) has received much attention. In this direction, Barbareschi et al. recently proposed PHEMAP in Journal of Parallel and Distributed Computing, a PUF based mutual authentication protocol. Also, they extended it to the later designed Salted PHEMAP, for low-cost cloud-edge (CE) IoT devices. This paper presents the first third-party security analysis of PHEMAP and Salted PHEMAP to the best of our knowledge. Despite the designer's claim, we show that these protocols are vulnerable to impersonation, de-synchronization, and traceability attacks. The success probability of the proposed attacks is `1', while the complexity is negligible. In addition, we introduce two enhanced lightweight authentication protocols based on PUF chains (called PBAP and Salted PBAP), using the same design principles as PHEMAP and Salted PHEMAP. With the performance evaluation and the security analysis, it is justified that the two proposed schemes are practically well suited for use in resource-constrained IoT environments.
Description
Keywords
Authentication, Iot, Phemap, Puf, Security analysis
Bibliographic citation
Adeli, M.; Bagheri, N., Martin, H., Peris-Lopez, P. (2022). Challenging the security of “A PUF-based hardware mutual authentication protocol”. Journal of Parallel and Distributed Computing 169, 199–210. (12 p.) https://doi.org/10.1016/j.jpdc.2022.06.018