||Lightweight Revocable Anonymous PUF-based Authentication in IoT environment
||Institute of Computer Science and Information Engineering
The Internet of Things (IoT) represents all physical devices that can be connected to the Internet. With low computational power and limited memory space, billions of IoT devices provide great amount of information and services. However, the dramatically increasing number of the IoT devices cause various security and privacy concerns to the users. Hence, several lightweight user authentication schemes have been proposed recently to achieve two imperative privacy features, user anonymity and message confidentiality. Unfortunately, most of these proposals employ only on trusted third party (TTP) to maintain both features, which let the adversary obtain private information of both identity and content for all users by breaking into the TTP. Although other proposals distribute of user identities into several parties to support anonymity, the following massive cost makes them not attractive to be implemented in IoT environment. Here, we propose that identity protection can be an independent service provided with only a semi-trusted TP (STTP) in IoT environment. This paper proposes a lightweight revocable anonymous authentication scheme using only lightweight cryptographic primitives such as Physically Unclonable Function (PUF), one-way hash function, exclusive-or operations. Through decentralized trust, the proposed scheme fulfills stronger security and privacy guarantee compared to the previous works.
List of Tables vi
List of Figures vii
Chapter 1 Introduction 1
1.1 Overview 1
1.2 Motivation and Contribution 2
1.3 Thesis Structure 5
Chapter 2 Preliminaries 6
2.1 Physical Unclonable Function (PUF) 6
Chapter 3 System Model and Assumptions 7
3.1 System Model 7
3.2 Assumptions 8
3.3 Security Requirement 9
3.4 Attack Model 9
Chapter 4 Proposed Scheme 10
4.1 Protocol Overview 10
4.2 Proposed protocol 11
5.1 Mutual Authentication 20
5.2 Informal Analysis 37
5.2.1 User Anonymity and Untraceablility 37
5.2.2 Forward and backward secrecy 38
5.2.3 Resistance to IoT device compromise 39
5.2.4 Resistance to anonymity server compromise 39
5.2.5 Protection against Replay Attacks 39
Chapter 6 Performance and Security Comparison. 40
Chapter 7 Conclusion. 43
 Y. Lindell, "Anonymous authentication," Journal of Privacy and Confidentiality, 2(2):4, 2007..
 D. Goldschlag, M.Reed and P. Syverson, "Onion Routing for Anonymous and Private Internet Connections," Communications of the ACM, 1999, pp. 39-41
 P. Syverson G.Tsudik, M.Reed and C. Landwehr, "Towards an Analysis of Onion Routing Security, " Workshop on Design Issues in Anonymity and Unobservability, 2000
 M.K. Reiter and A.D. Rubin, "Crowds: Anonymity for Web Transactions, " ACM Transactions on Information and System Security, 1998, PP66-92.
 P. Venkitasubramaniam and A. Mishra, "Anonymity of memory limited Chaum mixes under timing analysis: An information theoretic perspective", IEEE Trans. Inf. Theory, vol. 61, no. 2, pp. 996-1009, Feb. 2015.
 R.L. Rivest, A. Shamir and Y. Tauman, "How to Leak a Secret, "ASIACRYPT 2001, Springer-Verlag(LNCS 2248), 2001, pp. 552-565.
 David Chaum and Eug`ene Van Heyst, "Group signatures," In D.W. Davies, editor, Advances in Cryptology — Eurocrypt ’91, pages 257–265, Berlin, 1991. SpringerVerlag. Lecture Notes in Computer Science No. 547
 U. Chatterjee, R. S. Chakraborty, and D. Mukhopadhyay, “A PUF-based secure communication protocol for IoT,” ACM Trans. Embedded Comput. Syst., vol. 16, no. 3, p. 67, 2017.
 A. Braeken, “PUF based authentication protocol for IoT,” Symmetry,vol. 10, no. 8, p. 352, 2018.
 S. Garg, K. Kaur, G. Kaddoum and K.-K. R. Choo, "Towards secure and provable authentication for Internet of Things: Realizing industry 4.0", IEEE Internet Things J
 S. Janbabaei, H. Gharaee and N. Mohammadzadeh, "Lightweight, anonymous and mutual authentication in IoT infrastructure," 2016 8th International Symposium on Telecommunications (IST), Tehran, 2016, pp. 162-166, doi: 10.1109/ISTEL.2016.7881802.
 A. J. Paverd, A. Martin, and I. Brown, “Modelling and Automatically Analysing Privacy Properties for Honest-but-Curious Adversaries,” Tech. Rep., 2014. [Online]. Available: https://www.cs.ox.ac.uk/people/ andrew.paverd/casper/ca -sper-privacy-report.pdf.
 Charles Herder, Meng-Day (Mandel) Yu, Farinaz Koushanfar, and Srinivas Devadas, "Physical Unclonable Functions and Applications: A Tutorial," Proceedings of the IEEE, vol. 102, Aug. 2014, pp. 1126-1141.
 G. E. Suh, and S. Devadas, "Pysical Unclonable Functions for Device Authentication and Secret Key Generation," Proceedings of IEEE/ACM DAC, June 2007, pp. 9-14.
 V. T. Kilari, S. Misra and G. Xue, "Revocable anonymity based authentication for vehicle to grid (V2G) communications," 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm), Sydney, NSW, 2016, pp. 351-356, doi: 10.1109/SmartGridComm.2016.7778786.
 H. Xiong and Z. Qin, "Revocable and Scalable Certificateless Remote Authentication Protocol With Anonymity for Wireless Body Area Networks," in IEEE Transactions on Information Forensics and Security, vol. 10, no. 7, pp. 1442-1455, July 2015, doi: 10.1109/TIFS.2015.2414399.
 M. Aman, K. Chua, C. Kee and B. Sikdar, "Mutual Authentication in IoT Systems using Physical Unclonable Functions", IEEE Internet of Things Journal, vol. PP, no. 99, pp. 1-1, May 2017
 N.N. Anandakumar, M.S. Hashmi and S.K. Sanadhya, "Compact Implementations of FPGA based PUFs with Enhanced Performance", 2017 30th International Conference on VLSI Design and 2017 16th International Conference on Embedded Systems (VLSID), pp. 161-166, 2017..
 M Majzoobi, R University, Houston et al., Automated Design Implementation and Evaluation of Arbiter-based PUF on FPGA using Programmable Delay Lines, [online] Available: eprint.iacr.org
 Durga Prasad Sahoo, Debdeep Mukhopadhyay, Rajat Subhra Chakraborty, and Phuong Ha Nguyen. A Multiplexer-Based Arbiter PUF Composition with Enhanced Reliability and Security. IEEE Transactions on Computers, 67(3):403–417, 2018.
 M. Burrows, M. Abadi, and R. Needham, “A logic of authentication”, ACM Transactions on Computer Systems, 8, February 1990.
 W. Mao and C. Boyd, “Towards formal analysis of security protocols”, Proc. Computer Security Foundations Workshop VI, pp. 147-158, June 1993.
 D. Dolev and A.C. Yao, "On the security of public-key protocols", IEEE Transactions on Information Theory, vol. 29, no. 8, pp. 198-208, August 1983.
 M. Kocheta, N. Sujatha, K. Sivakanya, R. Srikanth, S. Shetty and P. V. Ananda Mohan, "A review of some recent stream ciphers," 2013 International conference on Circuits, Controls and Communications (CCUBE), Bengaluru, 2013, pp. 1-6.
 F. De Santis, A. Schauer and G. Sigl, "ChaCha20-Poly1305 authenticated encryption for high-speed embedded IoT applications," Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017, Lausanne, 2017, pp. 692-697, doi: 10.23919/DATE.2017.7927078.
 Hwang, T-L., & Gope, P. (2015). IAR-CTR and IAR-CFB: Integrity aware real-time based counter and cipher feedback modes. Security and Communication Networks, 8(18), 3939-3952. https://doi.org/10.1002/sec.1312
 M. A. Kumar and R. Bhakthavatchalu, "FPGA based delay PUF implementation for security applications," 2017 International Conference on Technological Advancements in Power and Energy ( TAP Energy), Kollam, 2017, pp. 1-6.