1

PUF+ IBE: Blending Physically Unclonable Functions with

Identity Based Encryption for Authentication and Key
Exchange in IoTs
Urbi Chatterjee, Vidya Govindan, Rajat Sadhukhan, Debdeep Mukhopadhyay,
Rajat Subhra Chakraborty, Senior Member, IEEE, Debashis Mahata, and Mukesh M Prabhu

Abstract—Physically Unclonable Functions (PUFs) promise to be a critical hardware primitive to provide unique identities to billions of
connected devices in Internet of Things (IoTs). In traditional authentication protocols a user presents a set of credentials with an
accompanying proof such as password or digital certificate. However, IoTs need more evolved methods as these classical techniques
suffer from the pressing problems of password dependency and inability to bind access requests to the “things” from which they
originate. Additionally, the protocols need to be lightweight and heterogeneous. Although PUFs seem promising to develop such
mechanism, it puts forward an open problem of how to develop such mechanism without needing to store the secret
challenge-response pair (CRP) explicitly at the verifier end. In this paper, we develop an authentication and key exchange protocol by
combining the ideas of Identity based Encryption (IBE), PUFs and Key-ed Hash Function to show that this combination can help to do
away with this requirement. The security of the protocol is proved formally under the Session Key Security and the Universal
Composability Framework. A prototype of the protocol has been implemented to realize a secured video surveillance camera using a
combination of an Intel Edison board, with a Digilent Nexys-4 FPGA board consisting of an Artix-7 FPGA, together serving as the IoT
node. We show, though the stand-alone video camera can be subjected to man-in-the-middle attack via IP-spoofing using standard
network penetration tools, the camera augmented with the proposed protocol resists such attacks and it suits aptly in an IoT
infrastructure making the protocol deployable for the industry.

Index Terms—Physically Unclonable Functions, Elliptic Curve Cryptography, Identity based Encryption, Internet of Things, Device
Authentication, Key management.

1 I NTRODUCTION software platforms, secure storage of cryptographic secrets,

keyless secure communication etc. A Silicon PUF [3] is a
IoTs have opened up an ubiquitous sensing-
mapping γ : {0, 1}n → {0, 1}m , where the output m-bit
communicating-actuating network with information
“response” are unambiguously identified by both the n
sharing across platforms, blended seamlessly in various
“challenge” bits and the unclonable, instance-specific system
areas of modern day-to-day living. But as with most
behaviour. So, it can act as a hardware fingerprint generator
emerging technologies, innovation comes first, and
for the IC in which it is included. We can adopt this property
security is only an afterthought in reaction to discovered
to uniquely identify each devices in the IoT framework. A
vulnerabilities. The devices deployed in an IoT framework
specific challenge and its corresponding response together
usually generate large quantities of security-sensitive data.
form a Challenge-Response Pair (CRP) for a given PUF
One of the major security challenges in IoT framework
instance. PUF based authentication protocols rely on this
is the authentication and key management of potentially
“challenge-response authentication” mechanism, rather
billions of devices deployed in the network. We try to
than on a single secret cryptographic key. The response
address this problem and provide a lightweight and secure
generated on-the-fly by the challenge applied to a PUF
solution using PUFs and IBE [1]. A PUF circuit realization
instance can be used to generate session key for secure
can be thought to be an unconventional, lightweight
message encryption; thus offloads the complexity of
hardware security primitive [2] proposed in various
managing and storing the keys for IoT device. We make
security applications such as IC anti-counterfeiting, device
following contribution in this paper:
identification and authentication, binding hardware to
• We propose an authentication and key exchange pro-
• Urbi Chatterjee, Vidya Govindan, Rajat Sadhukhan, Debdeep tocol combining the concepts of PUF, IBE and Key-ed
Mukhopadhyay and Rajat Subhra Chakraborty are the members of
Secure Embedded Architecture Laboratory (SEAL), Department of
Hash Function. The protocol solves an open problem
Computer Science and Engineering, Indian Institute of Technology in the domain of PUF based protocols, alleviating the
Kharagpur,Kharagpur,India-721302. overhead from the verifier to store the CRP database of the
E-mail: [email protected], PUF and the dependency of imposing security mechanism
{vidya.govindan, rajat.sadhukhan}@iitkgp.ac.in, {debdeep,
rschakraborty}@cse.iitkgp.ernet.in to keep it secret. In traditional PUF based protocols, if
• Debashis Mahata and Mukesh Prabhu are the members of Wipro Techno- a verifier needs to authenticate k IoT nodes, let us
gies, India. assume that it stores l number of m-bit challenges
E-mail:{debashis.mahata, mukesh.prabhu}@wipro.com
and its corresponding n bit responses. Then the
 2

space complexity is: O((m + n) × l × k). Now, if 2 S YSTEM A SSUMPTIONS AND G OALS
we consider the IoT framework, the “smart” devices
(prover and verifier) are very resource constrained System Model. The setting assumed is that each IoT node
and more susceptible to be a target for active and tries to authenticate to a verifier and communicate with the
passive attacks. In many cases prover device is just a verifier or with another node. Each node is enabled with
sensor node and verifier device are mobile, bridge or a PUF and has the capability to perform two elliptic curve
router. Accessing CRP database by the smart devices operations, namely scalar multiplication and a pairing oper-
itself is a security risk because smart devices are easy ation along with a standard cryptographic hash function. On
target for attacker. In order to offload storage require- the other hand the verifier is assumed to have the capability
ment from verifier and to eliminate risk of getting to compute keyed hash function, where the key is stored in
CRP database compromised, we stores just a single a non-volatile memory.
key in the NVM of verifier for authentication of all Threat Assumptions. We assume the adversary can have
prover nodes under it using a key-ed hash function access to the communication channel and can not only be a
(space complexity: constant). This way it would be passive observer, but can tamper the channel with malicious
easier to protect a single key instead of securing a data as an active adversary. The goal of the adversary is
whole CRP database. Additionally instead of using to authenticate to the verifier on behalf of the legitimate
CRP database directly we generate a new security nodes, without possession of the node. For a PUF instance
association information between prover and verifier embedded in an IoT node, its challenge-response character-
that hides the correlation between the challenge and istics is an implicit property, and is thus not accessible to
response of the PUF and can be stored as public the adversary. Further, the attacker can corrupt the verifier
information. (as by a malware) and can obtain access to the databases
• We prove formally the security of the protocol in which the verifier possesses. However, we assume that the
the Session Key Security model and the Universal attacker cannot gain knowledge of the secret key stored on
Composability framework [4]. the verifier.
• We implement a prototype of the protocol to securely Attack Models: To formally proof the security of the proto-
authenticate a video surveillance camera, commer- col, we introduce two models which we will briefly discuss
cially purchased and devoid of any inbuilt security here.
feature. The prototype was implemented following
• Session Key Security Model: Here all parties in-
a hardware/software co-design, by connecting the
volved in the protocol are assumed to be trusted. The
camera to an Intel Edison board, providing the IP
attacker either (i) eavesdrops the communication link
and hosting the protocol operation, while the hard-
without any change or addition to the messages (e.g.
ware circuit of the PUF is implemented and unique
packet sniffing attack ) or, (ii) has full control over
ID is generated from a Artix-7 FPGA. But, PUF
the links and can modify the messages ( e.g. packet
responses are corrupted by noise and other envi-
injection or re-routing attack). In Section 5.1.3, it has
ronmental factors when deployed in an embedded
been shown that the protocol is secure against both
system. Hence helper data algorithm or fuzzy extrac-
of these attack variants.
tor [5] is used to generate cryptographic keys with
• Universally Composite Framework: This model en-
appropriate entropy from noisy and non-uniform
sures that the proposed key exchange protocol pro-
random PUF responses. To perform this task, we
vides the same security when used by any other
design a BCH encoder circuit to generate the helper
protocol to set up session keys between two parties,
data from the responses of the PUF. This helper
even when it runs in parallel with an arbitrary set
data along with a BCH decoder can then be used
of other protocols in a distributed communication
to re-generate the correct response from the actual
network. We have shown three different scenarios
response of a PUF for a specific challenge. It is to be
where: a) The verifier and the two communicating
noted that the BCH encoder and decoder circuit are
parties are honest (ideal case), b) The verifier is
implemented in Artix-7 FPGA.
corrupt, c) Either of the two communicating parties
• We first show a man-in-the-middle attack on the
or both are corrupt. In real life implementation, we
commercial video camera, and then show when the
can picture case (b) and (c) as the attacker can control
proposed protocol is enabled, the attack is subverted.
the internal functioning of the party and tries to send
We show that the protocol is lightweight, consumes
some malicious information to disrupt the system.
low power, and has a low latency, suiting the require-
ments of IoT. In this work, we do not address the subsequent encryption
The rest of the paper is organized as follows. In Section 2 of the messages between the nodes, but sketch that the
and 3, we provide the security assumptions and the back- public-private key pair established can be used to commu-
ground of the work. In Section 4, we present our proposed nicate using established protocols [1].
authentication and key exchange protocol. The correctness Design Goals. Next, we briefly discuss the design goals of
and security analyses of the proposed scheme are described the proposed PUF based Authentication and Key Exchange
in Section 5. The experimental setup, attack scenario and Protocol:
resource overhead results have been provided in Section 6.
We conclude the paper with future research directions in • No explicit key storage in ‘Things’: Instead of
Section 7. having explicit key storage, a PUF instance will be
 3

embedded in each IoT data node to provide unique In this paper, we have tried to overcome the above-
identity to the device. mentioned problems. In our scheme, the prover (resource-
• Lightweight and minimal overhead on execution constrained) node is PUF-enabled, but the verifier (less
time : The hardware overhead, power-consumption resource-constrained) node does not need to hold the subset
of the PUF enabled node and the latency to authen- of the CRP database or the model of the PUF instance.
ticate a legitimate node should be very less. Rather, it contains a keyed hash function which is used to
• No explicit storage of raw CRP with verifier and authenticate the PUF instance without knowing the actual
model building resistance: The verifier will not have response of a given challenge. We have assumed that the
access to the raw CRP database of the PUF of the key is stored in a secure non-volatile memory. However, the
prover node. This is to ensure that if the verifier prover does not need to explicitly store any key, rather the
gets compromised, no one should be able to math- secret is generated from the response of a PUF which is
ematically clone the PUF instances using the CRP embedded in the device.
databases.
• Unlimited authentications: The protocol will have
moderate input-output space and can have unlimited 3.2 Public Key Based Protocols
authentication rounds repeating same challenges. Authentication and key exchange have been traditionally
• Security association mapping for CRPs: A mapping handled by the use of public key encryption. The two
is done between the challenge and response for each conventional ways of handling encryption is by the use of
entries in the CRP database so that it can be stored Public Key Infrastructure (PKI) or by the use of Identity
publicly in a resourceful device ensuring its integrity. Based Encryptions (IBE). In [19], new protocols have been
The verifier can access it at the time of authentication proposed for the IP protection problem on FPGAs using
without any advantages to the attacker. PUFs and PKI based public key cryptography. But PKI has
• Efficient management of public/ private keys with- been plagued with several shortcomings of non-uniform
out central authority: There is no need to involve standards, and most importantly the difficulty of handling
central certificate authority to sign the public keys. certificates generated by a trusted third party, virtually
A verifier can easily verify the public key of the making it infeasible for IoT applications where billions of
prover as it holds information derived from the PUF devices are expected to communicate. As an alternative,
instance of the prover. The public-private key should identity based encryptions are attractive as they provide a
be suitably tied to the PUF instance of the node, and mechanism for generating public keys from publicly known
that serves as the root of trust. information. However, in classic IBE the secret keys of a
node are not tied to its physical identity, and the proof of
identity is usually in the form of a password or a digital
3 A LTERNATIVE A PPROACHES AND R ELATED certificate that include a user’s public key. Moreover, some
W ORK of these secrets need to be explicitly stored in the nodes.
In this section we discuss conventional protocols and their Further, classic IBE requires a Public Key Generator (PKG)
shortcomings for authentication and key exchange among which is used to generate private keys for the nodes and
the nodes of an IoT system. transfer through secured channels. This makes the key ex-
change unwieldy and difficult for real life deployment for
the scalability of IoT applications. In [20], Wallrabenstein has
3.1 PUF based Protocols proposed to use PUF based Elliptic Curve Cryptosystem for
Several lightweight PUF-based authentication protocols [6], IOT framework, but storing helper data for each challenge
[7], [8], [9], [10], [11], [12], [13], [14], [15], [16] have been in the node can lead to unacceptable memory overhead in
proposed in the past. But in [17], the authors demonstrated resource-constrained devices.
several vulnerabilities such as Denial-of-Service (DoS) at- In the proposed protocol, we have blended IBE with identity
tack, synchronization problem, replay attack, token/server generated by the PUF embedded in a node. It leads to a
impersonation,modelling attack, lack of integrity checking certificate-less protocol, where no explicit keys need to be
of the helper data, compromise of code and data at runtime, stored in the nodes, while IBE provides security based on
limited local authentication, single point of failure that have strong well-founded hard problems. The key exchange in
made these protocols unacceptable in their original form. the proposed protocol is made seamless by allowing the
The mutual authentication protocol proposed in [18] has nodes with the PUFs generating its keys, while the verifier
considerable hardware overhead; hence, it is not suitable simply checks its authenticity and passes a verified public
for resource-constrained devices. Moreover, in most of the key to another node for further communications.
PUF based authentication schemes, a verifier node granting Security of Commercial IoT Appliances. Surprisingly, even
authenticity to a prover node, has prior access to a subset with the growing importance of security, several IoT appli-
of CRP database or a model of the PUF instance embedded ances have very little to no support for it. As a use-case,
at the prover node. Now, if we map this setup in a hierar- in this paper we study video surveillance cameras, which
chical network of IoT framework, it may expand the attack are considered as a very popular IoT application. Till now,
surface substantially, as the integrity of CRP details at lower several passive and active attacks [21], [22] such as visual
level nodes may get compromised due to easy accessibility. layer attacks, abusing covert channel and data ex-filtration
Hence, we cannot adopt any of these protocols in its current attacks, jamming, Denial-of-service, and side channel at-
form. tacks have been proposed for video surveillance system.
 4

Security Credential Generator PUF enabled Prover

1.Provisioning Process
CRPDBs KEYDBs NVM enabled Verifier

(Secure Offline Database) 2. Security Association Generation Process

(Secure and Trusted Environment)

(Insecure Communication Network)

Security Association Provider
MAPDBs

Verifier ... Verifier ... Verifier

3. Authentication and
key exchange
Prover . . . Prover . . . Prover ... Prover . . . Prover . . . Prover

PUF based security for prover − to − prover and prover − to − verifier communication

Fig. 1. Hierarchical IoT architecture and proposed secure communication mechanism.

As a countermeasure, many public key infrastructure based selected secret key is assigned for each verifier and stored
user authentication protocols [23], [24] were proposed in in the NVM of the verifier as well as the key databases
literature. However the fact remains that many network- (KEYDBs) (marked as ‘1’). To resist against modelling attack
enabled camera vendors do not use data encryption, to of the PUF instance, the CRPDBs and KEYDBs are assumed
increase the throughput and to decrease memory and power to be stored in a secure “offline” database in a trusted
footprint. Additionally, some of the current video streaming environment, outside the reach of the typical IoT “node-to-
protocols such as RTP, RTSP and video steaming engines node” communication. These database entries are never directly
such as WOWZA, Mjpg-Streamer etc. do not even support used for authentication. Next, each verifier node is assigned to
secure network protocols such as SSL. This inspires us to de- authenticate a set of IoT prover nodes. In Security Association
velop PUF based authentication and key exchange protocol Generation Process a security relationship mapping between
which will ensure the device authentication irrespective of the IoT node and verifier node is created (marked as ‘2’) using
security level of the network protocol running on it. each CRP entry of the prover node, the secret key associated
with its corresponding verifier node and some randomly
4 P ROPOSED AUTHENTICATION AND K EY E X - selected entities by the SCG. It hides the challenge-response
correlation of the PUF instance. These mapping entries
CHANGE P ROTOCOL are stored in Mapping Databases (MAPDBs) in the SAP
In this section, we describe the authentication and key ex- maintained outside the trusted environment. MAPDBs are
change protocol that can be suitably implemented in an IoT generated in such a way that access to this database would
infrastructure. Fig. 1 represents the functional blocks of the not help the adversary to model the PUF instance, and the
proposed security architecture. The architecture consists of integrity of the entries are maintained so that the trusted party
four major components: the Security Credential Generator can verify any illegitimate modification during the protocol exe-
(SCG), the Security Association Provider (SAP), the Verifier cution. In the Authentication and key exchange phase, the
Node and the IoT Node. The IoT nodes, which play the role verifier uses challenges randomly selected from MAPDBs
of prover, reside at the lowest level of the architecture. In our and validates responses from the prover node dynamically
proposal, we assume these IoT nodes to be PUF-enabled, at the time of protocol execution. The protocol is designed
and having low hardware and software footprint and lim- in a way that both the prover and the verifier mutually authen-
ited computational abilities. They prove their authenticity ticate each other. Finally, the verifier node coordinates among
using respective embedded PUF instances to the immediate different prover nodes for generation and sharing of public
upper layer nodes, which play the role of verifier and are keys (marked as ‘3’).
relatively resourceful.
The proposed protocol has two main phases, enrolment
phase and authentication & key exchange phase. The Enrol- 4.1 Public Mathematical Parameters
ment phase consists of two sub processes and executes in a
secure and trusted environment. Once the manufacturing of Our scheme requires that the communicating parties must
the verifier and IoT prover nodes are done, the SCG executes agree on some mathematical parameters before initiating
a Provisioning Process. In this process, the characterization communication. For some large prime value q , we define an
of the PUF instance is done for each of the IoT nodes and elliptic curve and generate three groups G1 , G2 and G3 on
stored in CRP databases (CRPDBs). Similarly, a randomly the points of an elliptic curve to define cryptographic pair-
 5

Security Credential Generator IoT Node A Verifier S Security Association Provider

KS
For Verifier S, KS ∈R {0, 1}m and append < S, KS > in KEYDB. Stores KS in NVM.
Randomly chooses a Challenge CA. CA

RA RA = PUFA(CA)
HLPA = BCH Encoder(RA )
Append < CA, RA, HLPA > into CRPDB.
(Provisioning Process)

CS ∈R {0, 1}n , PA = H1(RA) and PS = H2KS (CS)

a ∈R Z∗q, B = PA − a · Ps Append < CA, CS, HLPA, a, B, d1 >
< CA, CS, a, HLPA, B, d1 > for Node A into MAPDB.
d1 = H3(H1(CA||CS||HLPA||a||H3(PS)) + B)
(Security Association Generation Process)
(This process is repeated for all IoT Nodes under Verifier S.)

Fig. 2. Enrolment phase of the proposed protocol.

ing. Pairing is an admissible bilinear map e: G1 × G2 → G3 this way, a new tuple < CA , CS , HLPA , a, B, d1 > is
which satisfies the following three properties: generated and stored in the MAPDBs of the Security
1) Bilinearity: ∀a, b ∈ Fq∗ , ∀P ∈ G1 , Q ∈ G2 : e(aP, bQ) = Association Provider (SAP). This procedure is repeated
e(P, Q)ab . according to the memory capacity of the SAP and the
2) Non-degeneracy: e(P, Q) 6= 1. SCG and for all IoT nodes under Verifier S.
3) Computability: There exist an efficient algorithm to
At the end of the enrolment phase for a given node A,
compute e.
the Verifier S supervising it will have only the secret key.
For further details, please refer to Section 2 of [25]. We also For authentication, the SAP will transfer an entry randomly
need to choose three secure cryptographic hash functions: from the mapping database of the node A to the Verifier
H1 : {0, 1}n → G∗1 , H2 : {0, 1}n × {0, 1}m → G∗2 , H3 : S. The Verifier S will calculate the response of the PUF on-
G2 → {0, 1}n , where n and m are the bit lengths of the PUF the-fly to authenticate node A. Here, we have assumed that
response and secret key, respectively, in our context. So, the the Verifier S will securely store the secret key for the keyed
public mathematical parameters are: <q , G1 , G2 , G3 , e, n, hash function in a non-volatile memory. We can achieve this
H1 , H2 , H3>. goal using the commercially available tamper-proof NVM
chips, e.g. those used in Trusted Platform Module (TPM) [26] .
4.2 Enrolment Phase
Before deploying the nodes in the communication network,
4.3 The Authentication and Key Exchange Phase
the enrolment phase is executed for each node in a secure and
trusted environment. The steps are shown in Fig. 2, and are The second phase of this protocol performing authentication
summarized as follows: and key sharing is described below as shown in Fig. 3. Con-
sider a situation where IoT node A wishes to communicate
• In the provisioning process, the SCG first randomly
with IoT node B , with both A and B being at the lowest
selects an m-bit key KS and assigns it to the NVM of
levels of the hierarchy.
Verifier S. It also stores KS in the KEYDBs.
• Then it sends a random challenge CA to the IoT Node • At first, IoT node A initiates a request <
A. Node A applies the challenge CA to its PUF, and IDA , IDB > (i.e. the public identifiers of the two
generates the output RA = P U F (CA ), and returns communicating nodes) to Verifier S for authentica-
it to the SCG. tion. Verifier S forwards the request to the SAP.
• The SCG generates the helper data HLPA = • The SAP randomly chooses an entry
BCH Encoder(RA ) and stores it along with < CA , CS , HLPA , a, B, d1 > from M AP DBAS
the challenge and response by appending < and sends it back to the Verifier S.
CA , RA , HLPA> to its CRPDBs. • Now, the Verifier S performs the following computa-
• Next, in Security Association Generation Process, the tions:
SCG randomly generates an n-bit challenge CS , and
PS = H2KS (CS )
then it calculates:
PS = H2KS (CS ), PA = H1(RA ) • If d1 == H3(H1(CA ||CS ||HLPA ||a||H3(PS )) + B),
then it calculates:
Then, the SCG randomly selects an element a from
Zq∗ and calculates: PA = a · PS + B
B = PA − a · P S , It can be noted that if the Verifier S gets compro-
d1 = H3(H1(CA ||CS ||HLPA ||a||H3(PS )) + B) mised, it can impersonate as Node A. To avoid this
scenario, we suggest to use Strong PUFs and the
def
Please note that Zq∗ = {x ∈ Zq : gcd(x, q) = 1} mapping entry used for an authentication round is
i.e. elements of Zq with multiplicative inverses. In deleted from M AP DBAS .
 6

• Next, the Verifier S randomly chooses a value x such 5 S ECURITY A NALYSIS

that x ∈R Zq∗ and computes: Next we will describe two different attack models in which
QA = PA + x · PS + H1(IDA ||IDB ), we will analyze the security of the proposed authentication
and key exchange protocol.
VA = e(PA , x · PS )
and sends this value to node A as the tuple <
5.1 Session-Key Security
IDB , CA , HLPA , QA >. Please note that the nonce
x is used to resist the replay attack and also acts as The definition of Session-Key Security (SK security) is based
a timestamp for that specific instance of the protocol on the approach called “security by indistinguishability”. To
run. Generally it is very hard to mitigate DoS attacks elaborate, this approach evaluates the security of a crypto-
at protocol level [27]. But in proposed protocol, we graphic system as follows. Suppose, two games Game1 and
took two approaches from the verifier and the node’s Game2 are constructed in which the adversary communi-
perspective. As the authentication request initiation cates with the protocol under consideration. If no feasible
is done by the node, it can keep track of exactly adversary can distinguish between whether she is interact-
how many requests have been sent by it. In case, ing with Game1 or Game2 , then the protocol is said to be
it is flooded with challenge requests, then it can indistinguishable and secure. Further, in order to ensure
temporarily shut down the protocol execution and that the proposed cryptographic scheme is secure against
can opt for approaches such as exponential back- differing capabilities of the attacker, usually two adversarial
off algorithms which is used for network congestion models are considered:
avoidance. On the verifier side, the timestamp x is • The Unauthenticated-link Adversarial Model
used to keep track that currently which nodes are (UM): Here, a probabilistic polynomial-time (PPT)
executing the protocol. Hence if new requests come attacker is considered who has full access/control
for the same pair, it can immediately rejects them. over the communication links, along with the
This way the frequency of each request type can be scheduling of all protocol events such as initiation
limited. of protocols and message delivery.
• On receiving the message, node A first applies CA to • The Authenticated-link Adversarial Model (AM):
its PUF instance P U FA and get the response Ractual . In this case, the attacker is restricted to only deliver
• Next using helper data HLPA and Ractual in messages truly generated by the parties without any
BCH Decoder, it retrieves the corrected response change or addition to them.
Rcorrected .
• It calculates the following: We prove that our protocol is secure against UM, which in
turn ensures that the protocol is secure against AM.
PA0 = H1(Rcorrected ), Consider the following experiment under UM: the attacker
PS0 = QA − PA0 − H1(IDA ||IDB ), Λ chooses to attack a session under test, and let κ be the
VA0 = e(PA0 , PS0 ) shared session key of the session. A random coin tossing
is performed, with its result encoded as a bit b. If b = 0,
• Next, node A randomly chooses two values t and YA the value κ is given to the attacker Λ, otherwise a random
such that t ∈R Zq∗ and YA ∈R G∗1 . Then it computes value r is chosen from the probability distribution of keys
the public and private key pair: generated by the protocol. The attacker outputs a bit b0 at
KAP U B = t · QA , KAP RV = t · YA the end.
Definition 1. Session Key Secure (SK-Secure) Protocol A
and it sends the Verifier S the tuple
key-exchange (KE) protocol π is called SK-secure if the
< VA0 , KAP U B , YA , H3(PS0 + KAP U B )||H3(YA ) >.
following properties hold for any KE-adversary Λ in the
• If VA equals VA0 and H3(PS0 + KAP U B )||H3(YA )
UM:
equals H3(x · PS + KAP U B )||H3(YA ), the Verifier
S accepts node A as an authenticated device, and 1) Protocol π satisfies the property that if two uncorrupted
accepts its public key. parties successfully complete a session then they both
• Since node A wishes to communicate with output the same key, and,
node B , it needs the Verifier S to authenticate 2) the probability that Λ guesses correctly the bit i.e., b0 =
node B . Hence, the Verifier S follows a similar b is more than 21 by only a negligible quantity.
procedure for node B as described above to
authenticate node B , and accepts its public key 5.1.1 Security Assumptions
KBP U B upon successful authentication. Finally, As mentioned previously, there are two security assump-
it sends node A the tuple < KBP U B , QB , YB , tions at the foundation of the secure communication proto-
H3(H1(PA )||H1(KBP U B )||H1(QB )||H1(YB )) >. col proposed. The first security assumption is the physical
On receiving it, if node A finds that and mathematical unclonability of PUFs by a polynomial-
H3(H1(PA )||H1(KBP U B )||H1(QB )||H1(YB )) time algorithm, which implies that it is computationally
equals H3(H1(PA0 )||H1(KBP U B )||H1(QB )||H1(YB infeasible to construct the challenge-response mapping of
)), then the Verifier S is authenticated, as only the an arbitrary PUF instance. Although most PUF variants
Verifier S can retrieve the value of PA using PS , and are physically unclonable at the current state-of-the-art (a
node A accepts the public key of node B . notable exception being the successful effort of SRAM PUF
 7

IoT Node A Verifier S Security Association Provider

IDA, IDB IDA, IDS
CA, CS, HLPA, a, B, d1 It randomly selects an entry
PS = H2KS (CS) < CA, CS, HLPA, a, B, d1 >
If H3(H1(CA||CS||HLPA from MAPDBAS
||a||H3(PS)) + B) = d1
then, it calculates the following :
PA = aPS + B, x ∈R Z∗q
IDB, CA, HLPA, QA QA = PA + x · PS + H1(IDA||IDB)
Ractual = PUFA(CA)
Rcorrected = BCHDecoder(Ractual, HLPA) VA = e(PA, xPS)
P′A = H1(Rcorrected)
P′S = QA − P′A − H1(IDA||IDB)
′ = e(P′ , P′ ) VA ′ , KA
VA A S PUB , YA,
t ∈R Z∗q, YA ∈R G∗1 H3(P′S + KAPUB)||H3(YA)
′ and
If VA == VA
KAPUB = t · QA, KAPRV = t · YA
H3(KAPUB + P′S)||H3(YA) =
KBPUB, QB, YB,
H3(H1(PA)||H1(KBPUB ) H3(KAPUB + xPS)||H3(YA)
If H3(H1(KBPUB)||H1(QB)||H1(YB) ||H1(QB)||H1(YB )) Node A is authenticated.
||H1(PA)) = H3(H1(KBPUB) Similarly, S authenticates Node B.
||H1(QB)||H1(YB)||H1(P′A))
S is authenticated and Node A
accepts the public key of Node B.

Fig. 3. The authentication and key exchange phase.

cloning reported in [28]), successful mathematical modeling denotes the set of points generated by adding P to itself
(“model-building attacks”) have been widely reported [29]. k times, for some integer k . The ECDLP problem is to
However, by choosing relatively secure PUF variants such as find the value of the scalar multiple k , given P and Q.
Lightweight Secure PUF or XOR PUF [29], we can avoid both ECDLP is considered computationally intractable at the
physical and mathematical cloning in practice. This security current state-of-the-art for proper choices of the curve
assumption is formalized in the definitions below: E(K).
Definition 2. (Decisional Uniqueness Problem (DUP) for
PUF) Given an n-bit output of an arbitrary PUF instance 5.1.2 Correctness Proof of the Proposed Scheme
P U FAdv , a challenge C and an n-bit string z ∈ {0, 1}n , We consider a setting with two parties, IoT node A and the
the DU P aims to decide whether z = P U FN (C) for a Verifier S monitoring the authentication procedure of node
PUF instance P U FN , or a random n-bit string. A. We denote the protocol by π . Recall that node A and the
verifier contain PUF instance P U FA and a secure NVM stor-
Definition 3. (Decisional Uniqueness Problem Assump- ing KS . Moreover, let outputnodeA,π (IDB , CA , HLPA , QA )
tion) The problem of fabricating a PUF instance P U FN and outputS,π (CA , CS , a, B) denote the respective outputs
using another instance P U FAdv is hard, and for all of node A and the Verifier S. We assume that this output
probabilistic, polynomial time algorithm A, there exists takes the form of an element of G∗3 that is supposed to be
a negligible function negl(·) such that: considered as the identity of node A, and should be shared
| P r[A(C, P U FAdv , z) = 1] − by node A and the verifier. Hence,
P r[A(C, P U FAdv , P U FN (C)) = 1] |6 negl(n) outputnodeA,π (IDB , CA , HLPA , QA )
where n is the number of response bits of the PUF = e(H1(BCH Decoder(P U FA (CA ), HLPA )),
instance. QA − H1(BCH Decoder(P U FA (CA ), HLPA ))
This implies that given an arbitrary challenge C and an −H1(IDA ||IDB ))
arbitrary PUF instance P U FAdv , the adversary A behaves and
almost identically, for a random element z ∈ {0, 1}n , and
the actual n-bit response P U FN (C). Another way of inter- outputS,π (CA , CS , a, B) =
preting the Decisional Uniqueness Problem Assumption is e(a · H2KS (CS ) + B, x · H2KS (CS ))
that the ensemble of tuples of type (C, P U FAdv , z) is com- Next, we present the definition of the correctness require-
putationally indistinguishable from the ensemble of tuples ment. It states that, except with negligible probability, node
of type (C, P U FAdv , P U FN (C)). A and the Verifier S will generate the same identity, and only
The second important security assumption is the com- node A will be authenticated to the Verifier S.
putational infeasibility of the Elliptic Curve Discrete Log-
Definition 5. (Correctness of Protocol) A protocol π for
arithm Problem (ECDLP):
authentication and key exchange is denoted as correct
Definition 4. (Elliptic Curve Discrete Logarithm Problem if there exists a negligible function negl(·), such that for
(ECDLP)) Let E(K) be a discrete elliptic curve over a every possible value of n:
finite field K ; let there exist points P, Q ∈ E(K) such
that Q ∈<P>, where P is a primitive point (capable of Pr[outputnodeA,π (CA , HLPA , QA ) 6=
generating any arbitrary point on E(K)), and < P > outputS,π (CA , CS , a, B)] 6 negl(n)
 8

Theorem 1. The authentication and key exchange protocol π

is secure in the presence of eavesdropping adversaries if
It can be observed that: the Decisional Uniqueness Problem Assumption holds.
e(a · H2KS (CS ) + B, x · H2KS (CS )) = e(PA , x · H2KS (CS proof 1. To prove this, we show that the protocol π is secure
)) = e(H1(BCH Decoder(P U FA (CA ), HLPA )), QA − H1( if the adversary succeeds in the experiment Authadv,π
with probability that is at most negligibly greater than
BCH Decoder(P U FA (CA ), HLPA )) − H1(IDA ||IDB )) 1
2 , i.e., for every probabilistic polynomial time adversary
This means that node A and the verifier will output the Adv, there exists a negligible function negl(·) such that:
same value, thereby proving the correctness of the scheme.
It may be noted that the rationale for the choices of the P r[Authadv,π = 1] 6 12 + negl(n)
public and private keys are based on [1]. The exact descrip- Let us assume that the adversary Adv has some non-
tion of the encryption process is beyond the scope of the negligible advantage ε in breaking the protocol π . Then
present work, but for the sake of completeness, we would we can construct an algorithm B which will have the
like to sketch that for encryption. For a random string w, same advantage ε in breaking the Uniqueness problem.
the node A can compute, a string λ = e(KBP U B , YB )w = Now, the algorithm B takes as input a random Unique-
e(t·QB , YB )w =e(QB , YB )t·w , which can be used to confide a ness Problem tuple (CA , P U FAdv , zA ) (where zA =
message to be sent to node B . The encryptor sends a hint for P U FA (CA ) or one random string belongs to {0, 1}∗ )
w to node B , which is w · QB . The decryptor node B using and proceeds as follows:
the hint and its private key can compute this string by calcu- 1) SetUp: Provide Adv with P U FAdv .
lating e(w ·QB , KBP RV )=e(w ·QB , t·YB )=e(QB , YB )t·w =λ. 2) Input tuple:
This explains briefly the choices for the public and private
a) First it randomly chooses PS and x.
keys in the proposed key exchange protocol.
b) It calculates PA = H1(zA ).
c) Then it calculates:
5.1.3 Security Proof of the Proposed Scheme
From the security perspective, an authentication and key QA = PA + x · PS + H1(IDA ||IDB )
exchange protocol is secure if the output VA gener- d) Then sets ζ =<CA , CS , HLPA , a, B, QA , IDA , IDB>,
ated by node A and the verifier are identical, and no which is perfectly random to the adversary Adv.
adversary can correctly guess VA for the challenge < e) Next, it randomly chooses b ∈ {0, 1}.
CA , CS , HLPA , a, B, d1 > and x chosen randomly. This f) It then calculates VAb = e(PA , x · PS ) and
has been formulated by giving an adversary the values VA1−b = h ∈R G∗3
< CA , CS , HLPA , a, B, d1 > from a protocol execution, g) The algorithm B finally provides Adv the input tuple
and observing whether she can distinguish between VA < ζ, VA0 , VA1 >. If zA = P U FA (CA ) , then VAb will
generated by node A, and the verifier, or a completely be equal to e(PA , x · PS ) and it will be a valid input
random element of G∗3 . tuple. Otherwise, VA0 , VA1 both will be some random
We would show that breaking the proposed protocol is element of G∗3 .
at least as difficult as solving the Decisional Uniqueness
3) Guess: The adversary Adv returns b0 , a guess of b. If
Problem for PUFs, i.e., a successful attack on the pro-
b = b0 , then the algorithm B returns 1, implying that zA
posed protocol implies a feasible solution to the Decisional
are the correct responses of CA . Otherwise, it returns 0.
Uniqueness Problem for PUFs. In order to demonstrate this,
an experiment has been presented next. Hence, it is proved that the adversary Adv has the same
Let Adv be a probabilistic, polynomial time adversary, and advantage ε as the adversary B . But, due to the hardness
the number of PUF response bits be n. Then, consider the of Uniqueness Problem, ε should be negligible. Hence,
1
following experiment: P r[Authadv,π = 1] 6 2 + negl(n)
The Eavesdropping Authentication and Key Exchange
Once the authentication is done successfully, node A se-
Experiment Authadv,π (n, ζ, PUFAdv , VA0 , VA1 ) :
lects a random value t ∈R Zq∗ . Then, it locally calcu-
1) The adversary Adv is provided: lates {public,private} key pair K1P U B = t · QA and
a) A PUF instance P U FAdv and ζ =< K1P RV = t · YA . It keeps K1P RV secret and sends K1P U B
CA , CS , HLPA , a, B, QA , IDA , IDB > where to the verifier over the authenticated link. Now assuming
QA = ((a · H2KS (CS ) + B) + (x · H2KS (CS ))) + the complexity of the Computational Discrete Log Problem, the
H1(IDA ||IDB ). probability that the adversary Adv can retrieve the value
b) Two identities VA0 and VA1 , calculated based on a of t from K1P U B , knowing the value of QA is negligible.
chosen random bit b ∈ {0, 1}: Hence the adversary Adv fails to calculate the correct value
of private key K1P RV .
VAb = e(a · H2KS (CS ) + B, x · H2KS (CS )) If we consider the AM adversarial model, the adversary
VA1−b = h ∈R G∗3 Adv is restricted to only deliver messages truly generated
by the parties without any change or addition to them;
2) The adversary Adv will output a value b0 . If b = b0 , the hence she fails to calculate the private key of node A. On the
adversary Adv succeeds in the experiment. other hand, in the UM adversarial model, any change in the
Next we prove the following theorem. message sent over the channel will end up with difference in
 9

Instance of PUF’s output. In this regard, it is the formal specification of the

B security requirements of the task.
Decisional Uniqueness Problem
4) Additionally, a new algorithmic object, called the “en-
Instance of vironment machine” E , is added in this computational
Protocol Π model, which is considered to consist of everything
AuthAdv,Π(n) external to the current protocol execution, such as other
Solution to PUF’s “Break” protocol executions and their adversaries, human users,
Decisional Uniqueness Problem
etc.
5) The adversary Λ can directly interact with E through-
Fig. 4. The view of Authadv,π when it is run as a sub-routine of B
out the execution of the protocol. They can exchange
( [30]). information after each message or output generated by
a party running the protocol. The environment E also
the hashed value of the message at the data node and sever has the permission to apply inputs to the communi-
node. From the result obtained in the previous theorem, we cation parties, and collect outputs from them. But the
conclude that: based on the complexity assumption of the environment E is constrained to collect outputs of the
Computational Discrete Log Problem, Decisional Unique- main program running in each party, and not the output
ness Problem and that the hash function is collision from the subroutines called from that main program.
resistant, the authentication and key-exchange protocol π 6) A protocol π securely realizes the task f if π emulates the
is SK-secure in AM as well as in UM model. ideal process F , i.e., if there exists an adversary Λ which
Hence, DUP ∧ ECDLP → π is SK-secure. attacks protocol π , there also exists a “simulator” S that
=⇒ π is not SK-secure → ¬ DUP ∨ ¬ ECDLP. achieves similar adversarial effect by interacting with
Additionally, the protocol is designed in such a way that the ideal process F . In addition, no environment E can
both prover and the verifier mutually authenticate each tell with non-negligible probability of success whether
other. If an legitimate node A tries to impersonate as another it is interacting with Λ and π , or with S and F for f .
legitimate node B under the same verifier using the same
challenge set < CA , CS >, it will fail to do so. As the 5.2.1 UC Security of the Proposed Key Exchange Phase
PUF’s response does not depend on the value of KS and The main concept of asymmetric key exchange ideal func-
it is only used regenerate the response, use of the same tionality FAKE is that: if both the communicating parties are
for two different nodes will not lead to masquerading attack. honest, the functionality provides them with two random
The proof is similar to that given above. Furthermore, SAP identities, which is written directly to the party’s input tape.
is a database holding the mapping entries. These entries The adversary cannot have access to the tape, hence the
(in MAPDB) are already encoded by Security Credential values are invisible to her. If one of the communicating
Generation process (refer to Sec 4.2) and kept publicly. parties is corrupt, then the adversary can easily determine
Only legitimate nodes can interpret information stored in the identity of the corrupt party. FAKE is parameterized
a MAPDB entry. Hence SAP does not need to authenticate by an integer N (the total number of permissible sessions),
the verifier. Next, we prove the compatibility of the scheme where a verifier runs with exactly t data nodes and the
with the universal composability framework. simulator S . The working principle of FAKE has been
shown the Fig. 5. Next we prove the security of FAKE .
5.2 Universal Composability Framework Theorem 2. Protocol π securely realizes functionality FAKE .

The basic objective of Universal Composability (UC) frame-

work is to guarantee that any key exchange protocol pro- proof 2.
vides the same security for any other protocol which wants Here we assume that (a) the adversary possesses a PUF
to set up session keys between two parties, even when it instance; (b) queries to the PUF are genuinely handed on
runs in parallel with an arbitrary set of other protocols in to the simulator S ’s PUF, and (c) the PUF’s answers are
a distributed communication network. We prove that the forwarded unmodified to the querying party throughout
method of key exchange as proposed in this work is also all the simulations. We consider different usage and
compatible with similar composability properties. It follows security scenarios in turn.
the approach referred as “security by emulation of an ideal Case-1: Verifier and node A are honest:
process”. The primary concept of this principle is as given • Setup: Whenever the function-
below [4]: ality FAKE receives message
1) The model of protocol execution consists of the commu- (establish − sessionAKE , sid, Node A, Verifier)
nicating parties running the protocol and the adversary. for the first time, the simulator S queries the PUF
They are further considered as interacting computing instance P U FA for k random challenges C1 , C2 ,...,
elements and modeled as Interactive Turing Machines Ck , and obtains responses RA1 , RA2 ,..., RAk . Then,
(ITMs). it creates a list LA of k challenge-response pairs.
2) We formulate an “ideal process” F that picks up the • It then hands over P U FA to node A.
task f of the desired functionality. • On receiving a message
3) In the ideal process F all communicating parties pro- (establish − sessionAKE , sid, Node A, Verifier),
vides inputs to an “idealized trusted party” which lo- FAKE increments p by one and the simulator S
cally performs the task, and sends each party its desired sends (deliverAKE , sid, V erif ier) to FAKE .
 10

START (N, n)

FAKE sets p = 1

FAKE waits for new message

New Message

message written No message written No

in the input tape of FAKE in the input tape of FAKE
Yes by Node A? by S?
Yes

Message == Message == Message ==

(establish − sessionAKE, sid, No
(choose − valueAKE, sid, Node A, (deliverAKE, sid, Node A,
No Node A, Verifier) ? Verifier, VA)? No
Verifier)?
Yes Yes
Yes
If there exists a tuple
If p > N (deliverAKE, sid, VA, Node A),
Yes then FAKE writes (deliverAKE, sid, VA, Node A)
No
in the input tape of Node A.
No Similarly for Verifier
If p > 1 and A ∈ t it writes (deliverAKE, sid, VA, Verifier)
on the input tape of Verifier.
Yes

FAKE deletes the tuples from the input tape

p=p−1
If there exists a tuple Yes
(establish − sessionAKE, sid,
Node A, Verifier?)

No
S writes on his input tape
(establish − sessionAKE, sid, Node A, Verifier)

Yes No
FAKE checks if all
parties are honest?

It draws a random value Stores the messages

VA in G∗3. (deliverAKE, sid, VA, Node A),
Stores the messages (deliverAKE, sid, VA, Verifier). STOP
(deliverAKE, sid, VA, Node A), p = p+1
(deliverAKE, sid, VA, Verifier).
p = p+1

Fig. 5. The asymmetric key exchange ideal functionality.

Fig. 6. Attack on video surveillance system and protection against it: (a) and (b) show the successful attack in the absence of PUF based
authentication mechanism, while (c) and (d) show the prevention of the attack in the presence of the proposed PUF based authentication system.

• FAKE then sends (deliverAKE , sid, VA , V erif ier) • Now the simulator S is activated again and it simu-
to the verifier. lates that the verifier sends (IDB , CA , HLPA , QA ) to
 11

• On receiving a message (establish −

sessionAKE , sid, N ode A, V erif ier), the
simulator S increments p by one and sends
(choose − valueAKE , sid, N ode A, V erif ier, VA )
to FAKE .
• It is activated again and sends
(deliverAKE , sid, V erif ier) to FAKE .
• Verifier writes the VA on its local tape and S is
activated again.
Fig. 7. Experimental setup for smart IoT node. • It simulates the verifier sending
(IDB , CA , HLPA , QA ) node A.
node A. • When the adversary Λ instructs to deliver
• When the adversary Λ instructs to send the lat- the latter message to node A, S sends
ter message to node A, the simulator S sends (deliverAKE , sid, VA , N ode A) to FAKE .
(deliverAKE , sid, VA , N ode A) to FAKE . • If Node is corrupted, then Λ can easily find out the
• The probability that the value of random value chosen from Zq∗ for calculating the
e(H1(BCH Decoder(P U FA (CA ), HLPA )), x · private and public keys, and hence the value of the
H2KS (CS )) is equal to VA is negligible (as proved in private keys are compromised.
Section 5.1.3).
Hence, the scheme securely realizes the ideal functionality
Case-2: Verifier is corrupt: FAKE .
• The simulator S let Verifier to instantiate P U FA , and
hands it over to node A. 6 E XPERIMENTAL S ETUP AND R ESULTS
• When the adversary Λ instructs to deliver message
(IDB , CA , HLPA , QA ), then the simulator S can eas- In this section, we describe an experimental evaluation of
ily evaluate VA = e(a·H2KS (CS )+B, x·H2KS (CS )), the effectiveness of the protocol on an IoT testbed, including
as the server is corrupt. But it is to be noted that S the incurred hardware and performance overheads.
does not have access to KS . It can only get the final
value of VA (refer to 5th point of Section 5.2). 6.1 Attack Scenario and Experimental Setup
• It next sends (choose − We consider a scenario whereby a video camera transmits
valueAKE , sid, N ode A, V erif ier, VA ) to unencrypted captured video over a network. An adver-
FAKE as it has already calculated the value of VA sary intercepts the network traffic to launch “man-in-the-
and F increments the value of p by one. middle attack” and “replay attack”, to potentially modify
• Finally, S sends the messages the information received at the receiver. To prevent this, the
(deliverAKE , sid, VA , N ode A) to FAKE . camera in conjunction with an embedded board and a PUF
• Hence in this case the ID provided by F and the mapped on a FPGA emulates as an IoT node. The scenario is
identity calculated from the challenges given by the illustrated in Fig. 6. The off-the-shelf hardware components
server is same. used in the setup are: an Intel Edison embedded develop-
• But node A later chooses a random value t ∈ Zq∗ ment platform, a Digilent Nexys-4 FPGA board containing
after getting the VA , and calculates the public and Xilinx Artix-7 FPGA, and a Logitech HD UVC camera as
private keys using them. Hence, the simulator S as shown in Fig. 7.
well as the adversary Λ cannot guess the asymmetric
In general scenario, the Logitech camera is connected to
key pairs for node A. This is due to fact that the
Intel Edison Board through a USB interface to form an IoT
security of elliptic curve cryptography rests on the
node. An mjpg-streamer software is run on the Edison board
assumption that the elliptic curve discrete logarithm
to capture video using the camera, and send to a PC (the
problem (ECDLP) is hard. Now as node A randomly
receiver) through WiFi. The PC then displays the received
selects the value of t and QA , YA are the points on the
video in a web browser using the IP address of the Edison
elliptic curve, it is assumed to be hard to predict the
board. Next, we use the hacking software tools enabled by
value of t by the simulator S and the adversary Λ.
Kali Linux and perform the following steps:
So, we can say that even if the server gets corrupted
for a limited time, the keys of the legitimate users • First, the attacker finds out the IP address of the
are not compromised which in turn ensures that the Edison board from the network ARP table using the
data communicated between two nodes cannot be arp command.
retrieved by the corrupted server. • The video packets are then sniffed using IP forward-
ing and ettercap tool and saved in the attacker’s
Case-3: node A is corrupt:
machine using the driftnet tool.
This case covers the situation if a party willingly hands
• The attacker starts scanning the network in monitor
over its PUF to the adversary Λ. So, in this case, we
mode to get the router’s BSSID and associated clients
show that the adversary Λ can easily retrieve the value
using the airmon-ng and airodump-ng tools.
of private key for that particular party.
• Next, it de-authenticates the Edison board from the
• The set up phase is same as given in Case-1. network using the deauth option in the aireplay-ng
 12

C C C C C

APUF 1 APUF 2 APUF 3 APUF 4 APUF 5

P1,T P1,B P2,T P2,B P3,T P3,B P4,T P4,B P5,T P5,B

... ... ...

... ... ...
Arbiter Arbiter Arbiter

Arbiter Arbiter
o1 Arbiter o5 Arbiter o10

o18 ... o20

o11 ... o8

o1 = Arbiter(P1,T, P2,T) o6 = Arbiter(P2,T, P4,T) o11 = Arbiter(P1, B, P2,B) o16 = Arbiter(P2,B, P4,B)
o2 = Arbiter(P1,T, P3,T) o7 = Arbiter(P2,T, P5,T) o12 = Arbiter(P1,B, P3,B) o17 = Arbiter(P2,B, P5,B)
o3 = Arbiter(P1,T, P4,T) o8 = Arbiter(P3, T, P4,T) o13 = Arbiter(P1,B, P4,B) o18 = Arbiter(P3,B, P4,B)
o4 = Arbiter(P1,T, P5,T) o9 = Arbiter(P3,T, P5,T) o14 = Arbiter(P1,B, P5,B) o19 = Arbiter(P3,B, P5,B)
o5 = Arbiter(P2,T, P3,T) o10 = Arbiter(P4,T, P5,T) o15 = Arbiter(P2,B, P3,B) o20 = Arbiter(P4,B, P5,B)
r0 = xor(o1, o2, o3, o4, o5)) r1 = xor(o6, o7, o8, o9, o10)) r2 = xor(o11, o12, o13, o14, o15)) r3 = xor(o16, o17, o18, o19, o20))

Fig. 8. Architectural overview of 5-4 DAPUF. It generates 4-bit output (r0, r1, r2, r3) to a given challenge, and ri depends on the outputs of five
consecutive arbiters.
TABLE 1
Hardware, storage and execution time overhead comparison with state-of-the-art PUF based Protocols

Hardware Overhead Error Correction Storage per end-to-end

Protocols
Reported CRP entry execution time
[8] 4454 Slices on FPGA not reported 63 bits not reported
[9] 652 LUTs and 278 registers in FPGA not reported 63 bits not reported
[12] 9207 LUTs and 2921 registers in FPGA not reported 68 bits not reported
[14] 2061 GE in ASIC reported 192 bits not reported
[18] 6034 LUTs and 1724 FFs in FPGA not reported 2112 bits 2.75 secs
[15] 1037 LUTs and 627 registers in FPGA not reported 129 bits not reported
[19] 64kB in SRAM not reported 984 bits not reported
[31] 807 slices, 124 registers and 995 LUTs in FPGA not reported 112 bits not reported
Proposed PUF: 456 slices, 283 registers and 887 LUTs; BCH reported 512 bits 480.11 ms
work Encoder: 41 slices, 35 registers and 19 LUTs; BCH
Decoder: 1236 slices, 1615 registers and 685 LUTs in
FPGA

tool. Once this is done, the video stream stops at PC’s instantiated, where the inputs to the arbiter are top paths
end for a short interval of time. of i-th and j -th APUFs. The process is repeated for the
• Then, the attacker spoofs the IP address of the Edison bottom paths. Hence, in total 20 arbiters are used in the
board and starts streaming the pre-captured video design. Four 5-input XOR gates are used to generate 4-bit
using the same mjpg-streamer tool. output from the outputs of 20 arbiters, to a given challenge.
• Now, the receiver PC actually gets data from the The Edison board, Artix-7 FPGA and the camera together
attacker’s computer, which can either be a replayed form a smart IoT node and can act as a prover. The receiver
or modified version of the video stream captured PC acts as the verifier that can generate and validate the
earlier. response of the PUF instance, and subsequently authenticate
To prevent this, we have adapted the idea of Double Arbiter the IoT node. Now, with the modified set up, the system
PUF [32], designed a 5-4 DAPUF as shown in Fig. 8 and works as follows: before streaming the video in the web
implemented it on Xilinx Artix- 7 FPGAs. The 5-4 DAPUF page, the PC first authenticates the Edison board using our
comprises of five 64-bit Arbiter PUF instances. Each APUF proposed protocol and validates the public keys. Later, if
instance consists of two identical delay paths, and let us the attacker de-authenticates the Edison board from the
denote the outputs of top and bottom paths as Pi,T and network, the video streaming will stop at PC’s end. Before
Pi,B , respectively, where i = 1, ..., 5. For i ∈ {1, ..., 5} reloading the web page, the PC again re-authenticates the
and j ∈ {i + 1, ..., 5}, an arbiter Arbiter(Pi,T , Pj,T ) is device of the video source. This is where the adversary fails
 13

99 • Order q=80000000000000000000000000000000000200
01
• The pairing uses an embedding degree of k =2, so the
Reliability (%)

-20 deg pairing e(P,Q) evaluates naturally as an element in

-5 deg
98 10 deg Fp2 . P is a point on the elliptic curve E(Fp ) and Q is
25 deg a point on E 0 (Fpk/2 ), or in this case E 0 (Fp ) where E 0
40 deg
55 deg is the twisted curve. Using compression the pairing
65 deg evaluates as an element in Fpk/2 , or just Fp in this
97 80 deg case.
1 2 3 4 5 6 7 8
We ported our implementations to the Edison platform.
Board Number
Overall, the executable took approximately 512 kB of mem-
ory on the Edison board. The latency overhead incurred
Fig. 9. Reliability of DAPUF across temperature variations.
running the end-to-end authentication scheme before the
video streaming was 480.11 ms on average. These over-
to authenticate herself as she does not possess the correct head results demonstrates that the proposed protocol can
PUF instance. be implemented while incurring acceptable resource and
performance overheads.
6.2 Experimental Results
7 C ONCLUSIONS
The PUF, BCH encoder and decoder design and implemen-
tation was performed using Xilinx ISE (v 14.2) design en- We have developed a secure PUF based authentication and
vironment. The power consumption of the circuit reported certificate-less identity based key exchange protocol. Formal
by Xilinx XPower Analyser CAD software tool was 0.044 W. security proofs for the protocol have been formulated under
We have tested the PUF circuit using CME Nano-Bench the SK security and UC framework. The asymmetric nature
Top Chamber (Sl. No. 120433) where 10000 CRPs of 8 PUF of the protocol overcomes the shortcomings of previously
instances are collected 15 times for the temperature variation proposed CRP based PUF authentication mechanism and
from -20◦ C to 80◦ C keeping the other reliability influencing suits appropriately in a distributed IoT framework. We
factors such as supply voltage unchanged. Fig. 9 shows the have also demonstrated an attack on a prototype video
reliability variation of 5-4 DAPUF across the temperatures surveillance system, and showed how the proposed scheme
after error correction, approximately from 97% to 99%. One can be useful in mitigating the security vulnerability at
strategy that can be taken to distinguish between a false low hardware and performance overheads. In future, our
negative and a true negative is: i) If the authentication passes research work will be directed towards optimization of
then it is correct largely. ii) If the authentication fails, there the resources for frame encryption and investigating side-
is a chance that it is a false negative. In that case, the verifier channel attacks on the proposed protocol implementation.
can repeat for n times. Let us assume that on average the 8 ACKNOWLEDGEMENT
reliability is 98%. Then probability of false negative for one This work was supported partially by Wipro Limited, Infor-
protocol run is = [1 − 0.98] = 0.02. If the verifier repeats mation security education Awareness Program (ISEA), DIT,
the protocol run for 3 times, then the probability of false India. Debdeep Mukhopadhyay would like to thank DST
negative= (0.02)3 = 0.00008, which is almost zero. Next, Swarnajayanti Fellowship.
the uniqueness of the deployed 5-4 DAPUF is reported as
44.16%. The modelling accuracy of the entire 4-bit response
of the PUF is approximately 39% using 2 × 105 raw CRPs.
R EFERENCES
Finally Table 1 provides a comparative study of hardware [1] D. Boneh and M. K. Franklin, “Identity-Based Encryption from the
Weil Pairing,” SIAM J. Comput., vol. 32, no. 3, pp. 586–615, 2003.
and performance overhead of previously discussed PUF- [2] D. Mukhopadhyay, “PUFs as Promising Tools for Security in
based authentication protocols with our scheme. Internet of Things,” IEEE Design & Test, vol. 33, no. 3, pp. 103–
For software implementation, we used the MIRACL Crypto 115, 2016.
SDK, which provides a C++ software library for elliptic [3] D. LIM, “Extracting Secret keys from Integrated Circuits,” USA,
2004.
curve cryptography. The specification of the Cocks-Pinch [4] R. Canetti, “Universally Composable Security: A New Paradigm
curve which has been used for Type 2 Tate pairing is as for Cryptographic Protocols,” in 42nd Annual Symposium on Foun-
follows: dations of Computer Science, FOCS 2001, 14-17 October 2001, Las
Vegas, Nevada, USA, 2001, pp. 136–145.
[5] J. Delvaux, D. Gu, I. Verbauwhede, M. Hiller, and M. M. Yu,
• The curve is non-supersingular. “Efficient fuzzy extraction of puf-induced secrets: Theory and
• 512 bit prime number p=8D5006492B424C09D2FEBE applications,” in Cryptographic Hardware and Embedded Systems -
717EE382A57EBE3A352FC383E1AC79F21DDB43706 CHES 2016 - 18th International Conference, Santa Barbara, CA, USA,
CFB192333A7E9CF644636332E83D90A1E56EFBAE8 August 17-19, 2016, Proceedings, 2016, pp. 412–431.
[6] B. Gassend, D. E. Clarke, M. van Dijk, and S. Devadas, “Controlled
715AA07883483F8267E80ED3 Physical Random Functions,” in 18th Annual Computer Security
• The equation of the curve is: y 2 = x3 +Ax+B where: Applications Conference (ACSAC 2002), 9-13 December 2002, Las
A=-3 and B =609993837367998001C95B87A6BA8721 Vegas, NV, USA, 2002, pp. 149–160.
35E26906DB4C192D6E038486177A3EDF6C50B9BB20 [7] E. Öztürk, G. Hammouri, and B. Sunar, “Towards Robust Low
Cost Authentication for Pervasive Devices,” in Sixth Annual IEEE
DF881F2BD05842F598F3E037B362DBF89F0A62E587 International Conference on Pervasive Computing and Communications
1D41D951BF8E (PerCom 2008), 17-21 March 2008, Hong Kong, 2008, pp. 170–178.
 14

[8] S. Katzenbeisser, Ü. Koçabas, V. van der Leest, A. Sadeghi, G. J. [27] N. Asokan, F. F. Brasser, A. Ibrahim, A. Sadeghi, M. Schunter,
Schrijen, and C. Wachsmann, “Recyclable PUFs: logically recon- G. Tsudik, and C. Wachsmann, “SEDA: scalable embedded device
figurable PUFs,” J. Cryptographic Engineering, vol. 1, no. 3, pp. 177– attestation,” in Proceedings of the 22nd ACM SIGSAC Conference on
186, 2011. Computer and Communications Security, Denver, CO, USA, October
[9] M. Majzoobi, M. Rostami, F. Koushanfar, D. S. Wallach, and S. De- 12-6, 2015, 2015, pp. 964–975.
vadas, “Slender PUF Protocol: A Lightweight, Robust, and Secure [28] C. Helfmeier, C. Boit, D. Nedospasov, and J.-P. Seifert, “Cloning
Authentication by Substring Matching,” in 2012 IEEE Symposium physically unclonable functions,” in Hardware-Oriented Security
on Security and Privacy Workshops, San Francisco, CA, USA, May and Trust (HOST), 2013 IEEE International Symposium on. IEEE,
24-25, 2012, 2012, pp. 33–44. 2013, pp. 1–6.
[10] Ü. Koçabas, A. Peter, S. Katzenbeisser, and A. Sadeghi, “Converse [29] U. Rührmair, F. Sehnke, J. Sölter, G. Dror, S. Devadas, and
PUF-Based Authentication,” in Trust and Trustworthy Computing - J. Schmidhuber, “Modeling attacks on physical unclonable func-
5th International Conference, 2012, Vienna, Austria, June 13-15, 2012. tions,” in Proceedings of the 17th ACM Conference on Computer and
Proceedings, 2012, pp. 142–158. Communications Security, CCS 2010, Chicago, Illinois, USA, October
[11] M. van Dijk and U. Rührmair, “Physical unclonable functions 4-8, 2010, 2010, pp. 237–249.
in cryptographic protocols: Security proofs and impossibility re- [30] J. Katz and Y. Lindell, Introduction to Modern Cryptography. Chap-
sults,” IACR Cryptology ePrint Archive, vol. 2012, p. 228, 2012. man and Hall/CRC Press, 2007.
[12] J. Kong, F. Koushanfar, P. K. Pendyala, A. Sadeghi, and C. Wachs- [31] U. Chatterjee, R. S. Chakraborty, and D. Mukhopadhyay, “A
mann, “Pufatt: Embedded platform attestation based on novel puf-based secure communication protocol for iot,” ACM Trans.
processor-based pufs,” in The 51st Annual Design Automation Con- Embedded Comput. Syst., vol. 16, no. 3, pp. 67:1–67:25, 2017.
ference 2014, DAC ’14, San Francisco, CA, USA, June 1-5, 2014, 2014, [32] Y. K. Lee, K. Sakiyama, L. Batina, and I. Verbauwhede, “Elliptic-
pp. 109:1–109:6. curve-based security processor for RFID,” IEEE Trans. Computers,
[13] S. Schulz, A. Schaller, F. Kohnhäuser, and S. Katzenbeisser, “Boot vol. 57, no. 11, pp. 1514–1527, 2008.
attestation: Secure remote reporting with off-the-shelf iot sensors,”
in Computer Security - ESORICS 2017 - 22nd European Symposium on
Research in Computer Security, Oslo, Norway, September 11-15, 2017, Urbi Chatterjee has been pursuing Ph.D. from
Proceedings, Part II, 2017, pp. 437–455. Indian Institute of Technology Kharagpur, India,
[14] Y. Lao, B. Yuan, C. H. Kim, and K. K. Parhi, “Reliable puf- since 2015. Before that, she worked as Assistant
based local authentication with self-correction,” IEEE Transactions Systems Engineer in TATA Consultancy Services
on Computer-Aided Design of Integrated Circuits and Systems, vol. 36, Limited, Kolkata. Her research interests are De-
no. 2, pp. 201–213, 2017. sign of PUF based Lightweight Authentication
[15] M. Barbareschi, P. Bagnasco, and A. Mazzeo, “Authenticating iot and Secure Communication Protocols, Crypt-
devices with physically unclonable functions models,” in 2015 10th analysis and Security Evaluation of PUFs.
International Conference on P2P, Parallel, Grid, Cloud and Internet
Computing (3PGCIC), 2015, pp. 563–567.
[16] M. Aman, K. C. Chua, and B. Sikdar, “Mutual authentication in
iot systems using physical unclonable functions,” IEEE Internet of
Things Journal, vol. PP, no. 99, pp. 1–1, 2017. Vidya Govindan is Master’s student in Com-
puter Science and Engineering Department at
[17] J. Delvaux, D. Gu, D. Schellekens, and I. Verbauwhede, “Secure
the Indian Institute of Technology Kharagpur, In-
Lightweight Entity Authentication with Strong PUFs: Mission Im-
dia. Prior to that she had worked as Hardware
possible?” in Cryptographic Hardware and Embedded Systems - CHES
Design Engineer at Tonbo Imaging Pvt Ltd, Ban-
2014 - 16th International Workshop, Busan, South Korea, September
galore, India. Her current research focuses on
23-26, 2014. Proceedings, 2014, pp. 451–475.
Security of IOT and Embedded Systems.
[18] W. Che, M. Martin, G. Pocklassery, V. K. Kajuluri, F. Saqib, and
J. Plusquellic, “A privacy-preserving, mutual puf-based authenti-
cation protocol,” Cryptography, vol. 1, no. 1, 2016.
[19] J. Guajardo, S. S. Kumar, G. J. Schrijen, and P. Tuyls, “Physical
Unclonable Functions, FPGAs and Public-Key Crypto for IP Pro-
tection,” in FPL 2007, International Conference on Field Programmable Rajat Sadhukhan has been pursuing PhD. from
Logic and Applications, Amsterdam, The Netherlands, 27-29 August Indian Institute of Technology-Kharagpur, India,
2007, 2007, pp. 189–195. since 2016. Prior to joining research programme
[20] J. R. Wallrabenstein, “Practical and secure iot device authentication he has worked with Intel Technology India Pvt.
using physical unclonable functions,” in 2016 IEEE 4th Interna- Ltd., Bangalore for seven years. His research
tional Conference on Future Internet of Things and Cloud (FiCloud), interest includes symmetric key cryptography,
2016, pp. 99–106. hardware security and VLSI design.
[21] A. Costin, “Security of CCTV and Video Surveillance Systems:
Threats, Vulnerabilities, Attacks, and Mitigations,” in Proceedings
of the 6th International Workshop on Trustworthy Embedded Devices.
ACM, 2016, pp. 45–54.
[22] H. Li, Y. He, L. Sun, X. Cheng, and J. Yu, “Side-channel infor- Debdeep Mukhopadhyay received the Ph.D.
mation leakage of encrypted video stream in video surveillance degree from the Department of Computer Sci-
systems,” in Computer Communications, IEEE INFOCOM 2016-The ence and Engineering, Indian Institute of Tech-
35th Annual IEEE International Conference on. IEEE, 2016, pp. 1–9. nology Kharagpur, India, in 2007, where he is
[23] U. L. Puvvadi, K. Di Benedetto, A. Patil, K.-D. Kang, and Y. Park, currently an Associate Professor. His research
“Cost-effective security support in real-time video surveillance,” interests include cryptography, VLSI of crypto-
IEEE Transactions on Industrial Informatics, vol. 11, no. 6, pp. 1457– graphic algorithms, hardware security, and side
1465, 2015. channel analysis.
[24] T.-S. Park and M.-S. Jun, “User authentication protocol for block-
ing malicious user in network CCTV environment,” in Computer
Sciences and Convergence Information Technology (ICCIT), 2011 6th
International Conference on. IEEE, 2011, pp. 18–24.
[25] U. Chatterjee, R. S. Chakraborty, H. Kapoor, and D. Mukhopad- Rajat Subhra Chakraborty is an Associate Pro-
hyay, “Theory and application of delay constraints in arbiter PUF,” fessor in the Department of Computer Science
ACM Trans. Embedded Comput. Syst., vol. 15, no. 1, pp. 10:1–10:20, and Engineering, Indian Institute of Technol-
2016. ogy Kharagpur, India. His area of research is
[26] Infenion, “Trusted Platform Module Fundamental,” http://cs. Hardware Security, VLSI Design (especially low-
unh.edu/∼it666/reading list/Hardware/tpm fundamentals.pdf, power and robust design) and Digital Content
2008. Protection through Watermarking. He is also a
Senior Member of IEEE and a Senior Member
of ACM.
 15

Debashis Mahata is a Distinguished Member

of Technical staff - Senior member, at Wipro
Technologies. He received his MSc degree in
Physics from Burdwan University, West Bengal
and M.Tech in Computer Science Indian Statisti-
cal Institute Kolkata. His current areas of interest
include connected devices security, Neural Net-
works, and Video Collaboration.

Mukesh M Prabhu is a Distinguished Member

of Technical staff and Head of IP & Innovation
of Product Engineering Services at Wipro Tech-
nologies. He received his MS from IIT Madras.
His current areas of interest include connected
devices security, augmented reality, Video Col-
laboration, designing end-to end systems and
applications addressing business challenges.