Challenging the security of “A PUF-based hardware mutual authentication protocol”

•We analyze the first independent security analysis of PHEMAP, a PUF based protocol.•We present the first third party security analysis of Salted PHEMAP.•We propose two basic/salted PUF based mutual authentication protocols.•We analyze the security of the proposed schemes through formal and informal...

Full description

Saved in:
Bibliographic Details
Published in:Journal of parallel and distributed computing Vol. 169; pp. 199 - 210
Main Authors: Adeli, Morteza, Bagheri, Nasour, Martín, Honorio, Peris-Lopez, Pedro
Format: Journal Article
Language:English
Published: Elsevier Inc 01.11.2022
Subjects:
Authentication
IoT
PHEMAP
PUF
Security analysis
PUF
PHEMAP
Authentication
Security analysis
IoT
ISSN:0743-7315, 1096-0848
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:•We analyze the first independent security analysis of PHEMAP, a PUF based protocol.•We present the first third party security analysis of Salted PHEMAP.•We propose two basic/salted PUF based mutual authentication protocols.•We analyze the security of the proposed schemes through formal and informal methods. Recently, using Physical Unclonable Functions (PUF) to design lightweight authentication protocols for constrained environments such as the Internet of Things (IoT) has received much attention. In this direction, Barbareschi et al. recently proposed PHEMAP in Journal of Parallel and Distributed Computing, a PUF based mutual authentication protocol. Also, they extended it to the later designed Salted PHEMAP, for low-cost cloud-edge (CE) IoT devices. This paper presents the first third-party security analysis of PHEMAP and Salted PHEMAP to the best of our knowledge. Despite the designer's claim, we show that these protocols are vulnerable to impersonation, de-synchronization, and traceability attacks. The success probability of the proposed attacks is ‘1’, while the complexity is negligible. In addition, we introduce two enhanced lightweight authentication protocols based on PUF chains (called PBAP and Salted PBAP), using the same design principles as PHEMAP and Salted PHEMAP. With the performance evaluation and the security analysis, it is justified that the two proposed schemes are practically well suited for use in resource-constrained IoT environments.
ISSN:0743-7315
1096-0848
DOI:10.1016/j.jpdc.2022.06.018