Challenging the security of “A PUF-based hardware mutual authentication protocol”

•We analyze the first independent security analysis of PHEMAP, a PUF based protocol.•We present the first third party security analysis of Salted PHEMAP.•We propose two basic/salted PUF based mutual authentication protocols.•We analyze the security of the proposed schemes through formal and informal...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Journal of parallel and distributed computing Ročník 169; s. 199 - 210
Hlavní autori: Adeli, Morteza, Bagheri, Nasour, Martín, Honorio, Peris-Lopez, Pedro
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Elsevier Inc 01.11.2022
Predmet:
Authentication
IoT
PHEMAP
PUF
Security analysis
PUF
PHEMAP
Authentication
Security analysis
IoT
ISSN:0743-7315, 1096-0848
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:•We analyze the first independent security analysis of PHEMAP, a PUF based protocol.•We present the first third party security analysis of Salted PHEMAP.•We propose two basic/salted PUF based mutual authentication protocols.•We analyze the security of the proposed schemes through formal and informal methods. Recently, using Physical Unclonable Functions (PUF) to design lightweight authentication protocols for constrained environments such as the Internet of Things (IoT) has received much attention. In this direction, Barbareschi et al. recently proposed PHEMAP in Journal of Parallel and Distributed Computing, a PUF based mutual authentication protocol. Also, they extended it to the later designed Salted PHEMAP, for low-cost cloud-edge (CE) IoT devices. This paper presents the first third-party security analysis of PHEMAP and Salted PHEMAP to the best of our knowledge. Despite the designer's claim, we show that these protocols are vulnerable to impersonation, de-synchronization, and traceability attacks. The success probability of the proposed attacks is ‘1’, while the complexity is negligible. In addition, we introduce two enhanced lightweight authentication protocols based on PUF chains (called PBAP and Salted PBAP), using the same design principles as PHEMAP and Salted PHEMAP. With the performance evaluation and the security analysis, it is justified that the two proposed schemes are practically well suited for use in resource-constrained IoT environments.
ISSN:0743-7315
1096-0848
DOI:10.1016/j.jpdc.2022.06.018