PUF-based Mutual Authentication and Key-Exchange Protocol For
Peer-to-Peer IoT Applications
Abstract
Peer to Peer (P2P) or direct connection IoT has become increasingly
popular owing to its lower latency and higher privacy compared to
database-driven or server-based IoT. However, wireless vulnerabilities
raise severe concerns on IoT device-to-device communication. This is
further aggravated by the challenge to achieve lightweight direct mutual
authentication and secure key exchange between IoT peer nodes in P2P IoT
applications. Physical unclonable function (PUF) is a key enabler to
lightweight, low-power and secure authentication of resource-constrained
devices in IoT. Nevertheless, current PUF-enabled authentication
protocols, with or without the challenge-response pairs (CRPs) of each
of its interlocutors stored in the verifier’s side, are incompatible for
P2P IoT scenarios due to the security, storage and computing power
limitations of IoT devices. To solve this problem, a new lightweight
PUF-based mutual authentication and key-exchange protocol is proposed.
It allows two resource-constrained PUF embedded endpoint devices to
authenticate each other directly without the need for local storage of
CRP or any private secrets, and simultaneously establish the session key
for secure data exchange without resorting to public-key algorithm. The
proposed protocol is evaluated using the Mao and Boyd logic as well as
the automatic security analysis tool ProVerif to corroborate its mutual
authenticity, secrecy, and resistance against replay and
man-in-the-middle attacks. Using two Avnet Ultra96-V2 boards to emulate
the two IoT endpoint devices of a network, a physical prototype system
is also constructed to demonstrate and validate the feasibility of the
proposed secure P2P connection scheme.