Researchers from Kansas State University have developed an improved PUF-based protocol known as the reliable and lightweight authentication protocol (PUF-RLA).
The proposed scheme makes the system more reliable against errors and adversarial attacks, using the following features:
- Obfuscation of identity (Challenge-Response Pairs or CRPs) of the devices. The adversary cannot obtain CRPs by utilizing passive or active attacks, and hence no model could be generated for any device.
- Unlike most previous approaches, this PUF circuit is not directly accessible. This prevents the device from side channel analysis attacks, as well as machine learning attacks.
- The control logic keeps the PUF secure from brute force and modelling attacks.
- The response accuracy is also expected to be superior to previous approaches as the server contains the error correction codes (helper data)
- Superior Security Features: The proposed scheme utilizes an exponential increase in challenge-response pairs. This, along with the lack of server’s involvement in storing this information, helps overcome a major security drawback in existing Arbiter PUFs
- Stronger Resilience: It aims to provide stronger resilience against security attacks, including both passive and active attacks during authentication phase.
- Robust Protection: The PUF-RLA is expected to be robust against brute force, replay, and modeling attacks.
- Protection from Server Breach:No partial/full CRPs or soft models associated to a PUF within a device are stored, generated, transmitted, or received by the server during authentication events. Hence, the system would not be vulnerable to possible server breaches.
- Super Response Accuracy:It is expected to provide a response accuracy of 99.9% with error correction coding on the server.
- Lightweight: As opposed to previous approaches which utilize cryptographic hash functions with high hardware overhead within the device, PUF-RLA scheme provides an extremely lightweight, low hardware cost, dynamic obfuscation mechanism without compromising the security. Moreover, PUF-RLA employs error correction scheme in the server instead of the device thus enabling the device to be lightweight while also enhancing the reliability of the PUF responses.
Applicable towards all PUF-based data security and authentication solutions, such as RFID tags and IoT devices.
Owner: Kansas State University
IP Protection Status: Pending Patent