A lightweight PUF-based authentication protocol
Yu Zhuang, Gaoxiang Li
TL;DR
This work tackles the challenge of achieving lightweight, secure authentication for resource-constrained IoT devices by co-designing a PUF-based primitive with a challenge obfuscation interface. By integrating an Arbiter PUF with a zero-transistor, ghost-bit challenge interface, the authors show both theoretically (Theorem 1) and experimentally that increasing ghost bits yields a highly nonlinear, hard-to-learn mapping, significantly improving resistance to conventional ML attacks. The protocol enforces freshness of device-supplied challenges (R0/R1) and leverages a server-side soft PUF model during enrollment, enabling a simple mutual authentication flow with low device overhead. Experimental results indicate that interface configurations with sufficient ghost bits can render modeling attacks ineffective (0% success for $m\geq21$ in tested scenarios), highlighting a practical path to secure, lightweight IoT authentication with minimal hardware complexity.
Abstract
Lightweight authentication is essential for resource-constrained Internet-of-Things (IoT). Implementable with low resource and operable with low power, Physical Unclonable Functions (PUFs) have the potential as hardware primitives for implementing lightweight authentication protocols. The arbiter PUF (APUF) is probably the most lightweight strong PUF capable of generating exponentially many challenge-response pairs (CRPs), a desirable property for authentication protocols, but APUF is severely weak against modeling attacks. Efforts on PUF design have led to many PUFs of higher resistance to modeling attacks and also higher area overhead. There are also substantial efforts on protocol development, some leverage PUFs' strength in fighting modeling attacks, and some others employ carefully designed protocol techniques to obfuscate either the challenges or the responses with modest increase of area overhead for some or increased operations for some others. To attain both low resource footprint and high modeling attack resistance, in this paper we propose a co-design of PUF and protocol, where the PUF consists of an APUF and a zero-transistor interface that obfuscates the true challenge bits fed to the PUF. The obfuscated PUF possesses rigorously proven potential and experimentally supported performance against modeling attacks when a condition is met, and the protocol provides the condition required by the PUF and leverages the PUF's modeling resistance to arrive at low resource overhead and high operational simplicity, enabling lightweight authentications while resisting modeling attacks.