A Study on Dynamic PUF-based IoT Authentication

Abstract

With the development of information and communication technology, numerous devices have been interconnected through the Internet of Things (IoT), ranging from electronic products to critical infrastructure. IoT devices have played a crucial role in controlling and monitoring intelligent systems. However, IoT devices can be easily exposed to cyberattacks because of the limited hardware resources, so the security of the overall network may deteriorate by an IoT device. To defend against cyberattacks, a physical unclonable function (PUF), which uses manufacturing variabilities inside a circuit as the cryptographic key, has been recently investigated as a lightweight key generator for IoT devices. The PUF is robust against cyberattacks since the PUF-based key is not stored in the memory of the IoT device. Nonetheless, security vulnerability may occur in PUF-based authentication schemes if an adversary eavesdrops on the challenge and response pair (CRP) associated with PUF through wireless channels. Therefore, this thesis proposes two approaches, integrating static PUF-based keys with dynamic physical information to block key compromises by eavesdropping. The first approach proposes a dynamic PUF key-based authentication scheme for IoT sensors, where the sensing data-based dynamic features are integrated into a static PUF-based key. The compressive autoencoders employed for compressing the time-series data can be customized to extract data-based features. The data-based features are quantized, and then combined with the PUF-based key for the dynamic key generation. The dynamic PUF key can be updated by the dynamic features of sensing data in real time. Thus, CRPs cannot be estimated, even if the adversary can obtain the dynamic key through eavesdropping. The second approach proposes an authentication scheme that integrates a radio frequency (RF)-PUF and a device-PUF for IoT applications to avoid CRP exposure. In the enrollment stage, the CRP table of device-PUF in the IoT devices is shared with the server. The server generates the hashing model by applying amplitudes of channel state information (CSI) as the RF-PUF and transfers it to the IoT device. In the authentication stage, the server and IoT devices exchange pilot signals to estimate the shared CSI. Subsequently, both parties generate the challenge information using a hashing model depending on the CSI. Then, the challenge information is mapped to the response of the device-PUF as the cryptographic key. Since both parties don't share challenge information through wireless channels, an adversary cannot estimate the CRP set of the IoT devices. Furthermore, the proposed approach enables mutual authentication between IoT devices and an authentication server by updating the authentication model through CSI. For numerical evaluation, we designed testbeds consisting of Arduino, Raspberry Pi, and universal software radio peripherals. The numerical results demonstrated that the proposed method effectively defended against diverse attacks even in critical CRP exposure scenarios.