PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications
Peer to Peer (P2P) or direct connection IoT has become increasingly popular owing to its lower latency and higher privacy compared to database-driven or server-based IoT. However, wireless vulnerabilities raise severe concerns on IoT device-to-device communication. This is further aggravated by the...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/162780 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-162780 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1627802022-11-09T03:01:45Z PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications Zheng, Yue Liu, Wenye Gu, Chongyan Chang, Chip Hong School of Electrical and Electronic Engineering Centre for Integrated Circuits and Systems Engineering::Electrical and electronic engineering Peer-to-Peer Internet of Things IoT Security Physical Unclonable Functions Peer-Entity Authentication Protocol Authenticated Key Exchange Protocol Man-in-the-Middle Attacks Peer to Peer (P2P) or direct connection IoT has become increasingly popular owing to its lower latency and higher privacy compared to database-driven or server-based IoT. However, wireless vulnerabilities raise severe concerns on IoT device-to-device communication. This is further aggravated by the challenge to achieve lightweight direct mutual authentication and secure key exchange between IoT peer nodes in P2P IoT applications. Physical unclonable function (PUF) is a key enabler to lightweight, low-power and secure authentication of resource-constrained devices in IoT. Nevertheless, current PUF-enabled authentication protocols, with or without the challenge-response pairs (CRPs) of each of its interlocutors stored in the verifier’s side, are incompatible for P2P IoT scenarios due to the security, storage and computing power limitations of IoT devices. To solve this problem, a new lightweight PUF-based mutual authentication and key exchange protocol is proposed. It allows two resource-constrained PUF embedded endpoint devices to authenticate each other directly without the need for local storage of CRPs or any private secrets, and simultaneously establish the session key for secure data exchange without resorting to the public-key algorithm. The proposed protocol is evaluated using the game-based formal security analysis method as well as the automatic security analysis tool ProVerif to corroborate its mutual authenticity, secrecy, and resistance against replay and man-in-the-middle (MITM) attacks. Using two Avnet Ultra96-V2 boards to emulate the two IoT endpoint devices, a physical prototype system is also constructed to demonstrate and validate the feasibility of the proposed secure P2P connection scheme. A comparative analysis shows that the proposed protocol outperforms related protocols in terms of security features, computational complexity as well as communication and storage costs. Ministry of Education (MOE) Submitted/Accepted version This research is supported by the Singapore Ministry of Education AcRF Tier 2 grant No. MOE-T2EP50220- 0003. 2022-11-09T03:01:45Z 2022-11-09T03:01:45Z 2022 Journal Article Zheng, Y., Liu, W., Gu, C. & Chang, C. H. (2022). PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications. IEEE Transactions On Dependable and Secure Computing. https://dx.doi.org/10.1109/TDSC.2022.3193570 1545-5971 https://hdl.handle.net/10356/162780 10.1109/TDSC.2022.3193570 en MOE-T2EP50220- 0003 IEEE Transactions on Dependable and Secure Computing © 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1109/TDSC.2022.3193570. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Electrical and electronic engineering Peer-to-Peer Internet of Things IoT Security Physical Unclonable Functions Peer-Entity Authentication Protocol Authenticated Key Exchange Protocol Man-in-the-Middle Attacks |
| spellingShingle |
Engineering::Electrical and electronic engineering Peer-to-Peer Internet of Things IoT Security Physical Unclonable Functions Peer-Entity Authentication Protocol Authenticated Key Exchange Protocol Man-in-the-Middle Attacks Zheng, Yue Liu, Wenye Gu, Chongyan Chang, Chip Hong PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications |
| description |
Peer to Peer (P2P) or direct connection IoT has become increasingly popular owing to its lower latency and higher privacy compared to database-driven or server-based IoT. However, wireless vulnerabilities raise severe concerns on IoT device-to-device communication. This is further aggravated by the challenge to achieve lightweight direct mutual authentication and secure key exchange between IoT peer nodes in P2P IoT applications. Physical unclonable function (PUF) is a key enabler to lightweight, low-power and secure authentication of resource-constrained devices in IoT. Nevertheless, current PUF-enabled authentication protocols, with or without the challenge-response pairs (CRPs) of each of its interlocutors stored in the verifier’s side, are incompatible for P2P IoT scenarios due to the security, storage and computing power limitations of IoT devices. To solve this problem, a new lightweight PUF-based mutual authentication and key exchange protocol is proposed. It allows two resource-constrained PUF embedded endpoint devices to authenticate each other directly without the need for local storage of CRPs or any private secrets, and simultaneously establish the session key for secure data exchange without resorting to the public-key algorithm. The proposed protocol is evaluated using the game-based formal security analysis method as well as the automatic security analysis tool ProVerif to corroborate its mutual authenticity, secrecy, and resistance against replay and man-in-the-middle (MITM) attacks. Using two Avnet Ultra96-V2 boards to emulate the two IoT endpoint devices, a physical prototype system is also constructed to demonstrate and validate the feasibility of the proposed secure P2P connection scheme. A comparative analysis shows that the proposed protocol outperforms related protocols in terms of security features, computational complexity as well as communication and storage costs. |
| author2 |
School of Electrical and Electronic Engineering |
| author_facet |
School of Electrical and Electronic Engineering Zheng, Yue Liu, Wenye Gu, Chongyan Chang, Chip Hong |
| format |
Article |
| author |
Zheng, Yue Liu, Wenye Gu, Chongyan Chang, Chip Hong |
| author_sort |
Zheng, Yue |
| title |
PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications |
| title_short |
PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications |
| title_full |
PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications |
| title_fullStr |
PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications |
| title_full_unstemmed |
PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications |
| title_sort |
puf-based mutual authentication and key exchange protocol for peer-to-peer iot applications |
| publishDate |
2022 |
| url |
https://hdl.handle.net/10356/162780 |
| _version_ |
1749179144632008704 |