New PUF-based Protocol for Improved Data Security and Authentication
Researchers from Kansas State University have developed an improved PUF-based protocol known as the reliable and lightweight authentication protocol (PUF-RLA).
The proposed scheme makes the system more reliable against errors and adversarial attacks, using the following features:
- Obfuscation of identity (Challenge-Response Pairs or CRPs) of the devices. The adversary cannot obtain CRPs by utilizing passive or active attacks, and hence no model could be generated for any device.
- Unlike most previous approaches, this PUF circuit is not directly accessible. This prevents the device from side channel analysis attacks, as well as machine learning attacks.
- The control logic keeps the PUF secure from brute force and modelling attacks.
- The response accuracy is also expected to be superior to previous approaches as the server contains the error correction codes (helper data)
Advantages
- Superior Security Features: The proposed scheme utilizes an exponential increase in challenge-response pairs. This, along with the lack of server’s involvement in storing this information, helps overcome a major security drawback in existing Arbiter PUFs
- Stronger Resilience: It aims to provide stronger resilience against security attacks, including both passive and active attacks during authentication phase.
- Robust Protection: The PUF-RLA is expected to be robust against brute force, replay, and modeling attacks.
- Protection from Server Breach:No partial/full CRPs or soft models associated to a PUF within a device are stored, generated, transmitted, or received by the server during authentication events. Hence, the system would not be vulnerable to possible server breaches.
- Super Response Accuracy:It is expected to provide a response accuracy of 99.9% with error correction coding on the server.
- Lightweight: As opposed to previous approaches which utilize cryptographic hash functions with high hardware overhead within the device, PUF-RLA scheme provides an extremely lightweight, low hardware cost, dynamic obfuscation mechanism without compromising the security. Moreover, PUF-RLA employs error correction scheme in the server instead of the device thus enabling the device to be lightweight while also enhancing the reliability of the PUF responses.
Commercial Application:
Applicable towards all PUF-based data security and authentication solutions, such as RFID tags and IoT devices.
Additional Details
Owner: Kansas State University
IP Protection Status: Pending Patent