Challenging the security of “A PUF-based hardware mutual authentication protocol”

•We analyze the first independent security analysis of PHEMAP, a PUF based protocol.•We present the first third party security analysis of Salted PHEMAP.•We propose two basic/salted PUF based mutual authentication protocols.•We analyze the security of the proposed schemes through formal and informal...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of parallel and distributed computing Jg. 169; S. 199 - 210
Hauptverfasser: Adeli, Morteza, Bagheri, Nasour, Martín, Honorio, Peris-Lopez, Pedro
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Elsevier Inc 01.11.2022
Schlagworte:
Authentication
IoT
PHEMAP
PUF
Security analysis
PUF
PHEMAP
Authentication
Security analysis
IoT
ISSN:0743-7315, 1096-0848
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:•We analyze the first independent security analysis of PHEMAP, a PUF based protocol.•We present the first third party security analysis of Salted PHEMAP.•We propose two basic/salted PUF based mutual authentication protocols.•We analyze the security of the proposed schemes through formal and informal methods. Recently, using Physical Unclonable Functions (PUF) to design lightweight authentication protocols for constrained environments such as the Internet of Things (IoT) has received much attention. In this direction, Barbareschi et al. recently proposed PHEMAP in Journal of Parallel and Distributed Computing, a PUF based mutual authentication protocol. Also, they extended it to the later designed Salted PHEMAP, for low-cost cloud-edge (CE) IoT devices. This paper presents the first third-party security analysis of PHEMAP and Salted PHEMAP to the best of our knowledge. Despite the designer's claim, we show that these protocols are vulnerable to impersonation, de-synchronization, and traceability attacks. The success probability of the proposed attacks is ‘1’, while the complexity is negligible. In addition, we introduce two enhanced lightweight authentication protocols based on PUF chains (called PBAP and Salted PBAP), using the same design principles as PHEMAP and Salted PHEMAP. With the performance evaluation and the security analysis, it is justified that the two proposed schemes are practically well suited for use in resource-constrained IoT environments.
ISSN:0743-7315
1096-0848
DOI:10.1016/j.jpdc.2022.06.018