Distributed Hardware-Assisted Authentication and Key Agreement Protocol for Internet of Things

Physically Unclonable Functions (PUFs) are lightweight hardware primitives that provide an effective secure-by-design solution for mutual authentication of the resource-constrained Internet of Things (IoT) devices. By embedding PUFs in the design of each IoT device, the identity of devices could be validated using unique device fingerprints, known as challenge and response pairs (CRPs). Unfortunately, PUF-based authentication protocols are susceptible to CRP disclosure which could be exploited to model the PUF and allow impersonation of the associated device by either an external adversary or compromised nodes. This paper presents a Distributed Unclonable Hardware-assisted Authentication and Key Agreement Protocol (DUHAP). DUHAP presents a novel and effective mitigation for CRP disclosure, PUF modeling, and device impersonation. In particular, the PUF responses are obfuscated using varying salt that is dependent on the verifier and the actual PUF response. Such an identity- and response-based obfuscation technique withstands CRPs disclosure attempts by a compromised node or multiple colluding nodes through reverse engineering. The security of DUHAP is analyzed using a prominent protocol validation tool, and its resiliency against modeling is validated using data collected from a popular PUF cryptanalysis toolbox.