Comment on "SRAM-PUF Based Entities Authentication Scheme for Resource-constrained IoT Devices".

Michael Amar; Amit Kama; Kang Wang; Yossi Oren

Comment on "SRAM-PUF Based Entities Authentication Scheme for Resource-constrained IoT Devices".

Michael Amar, Amit Kama, Kang Wang, Yossi Oren

Department of Software and Information Systems Engineering

Research output: Contribution to journal › Article › peer-review

Abstract

The cloud-based Internet of Things (IoT) creates opportunities for more direct integration of the physical world and computer-based
systems, allowing advanced applications based on sensing, analyzing and controlling the physical world. IoT deployments, however, are at a particular risk of counterfeiting, through which an adversary can corrupt the entire ecosystem. Therefore, entity authentication of edge devices is considered an essential part of the security of IoT systems. A recent paper of Farha et al. suggested an entity authentication scheme suitable for low-resource IoT edge devices, which relies on SRAM-based physically
unclonable functions (PUFs). In this paper we analyze this scheme. We show that, while it claims to offer strong PUF functionality, the scheme creates only a weak PUF: an active attacker can completely read out the secret PUF response of the edge device after a very small amount of queries, converting the scheme into a weak PUF scheme which can then be counterfeited easily. After analyzing the scheme, we propose an alternative construction for an authentication method based on SRAM-PUF which better protects the secret SRAM startup state.

Original language	English
Pages (from-to)	292
Number of pages	1
Journal	IACR Cryptol. ePrint Arch.
Volume	2022
State	Published - 2022

Access to Document

Cite this

@article{31bf700498d944d29e034828e9497061,

title = "Comment on {"}SRAM-PUF Based Entities Authentication Scheme for Resource-constrained IoT Devices{"}.",

abstract = "The cloud-based Internet of Things (IoT) creates opportunities for more direct integration of the physical world and computer-basedsystems, allowing advanced applications based on sensing, analyzing and controlling the physical world. IoT deployments, however, are at a particular risk of counterfeiting, through which an adversary can corrupt the entire ecosystem. Therefore, entity authentication of edge devices is considered an essential part of the security of IoT systems. A recent paper of Farha et al. suggested an entity authentication scheme suitable for low-resource IoT edge devices, which relies on SRAM-based physicallyunclonable functions (PUFs). In this paper we analyze this scheme. We show that, while it claims to offer strong PUF functionality, the scheme creates only a weak PUF: an active attacker can completely read out the secret PUF response of the edge device after a very small amount of queries, converting the scheme into a weak PUF scheme which can then be counterfeited easily. After analyzing the scheme, we propose an alternative construction for an authentication method based on SRAM-PUF which better protects the secret SRAM startup state.",

author = "Michael Amar and Amit Kama and Kang Wang and Yossi Oren",

note = "DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.",

year = "2022",

language = "English",

volume = "2022",

pages = "292",

journal = "IACR Cryptol. ePrint Arch.",

}

TY - JOUR

T1 - Comment on "SRAM-PUF Based Entities Authentication Scheme for Resource-constrained IoT Devices".

AU - Amar, Michael

AU - Kama, Amit

AU - Wang, Kang

AU - Oren, Yossi

N1 - DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

PY - 2022

Y1 - 2022

N2 - The cloud-based Internet of Things (IoT) creates opportunities for more direct integration of the physical world and computer-basedsystems, allowing advanced applications based on sensing, analyzing and controlling the physical world. IoT deployments, however, are at a particular risk of counterfeiting, through which an adversary can corrupt the entire ecosystem. Therefore, entity authentication of edge devices is considered an essential part of the security of IoT systems. A recent paper of Farha et al. suggested an entity authentication scheme suitable for low-resource IoT edge devices, which relies on SRAM-based physicallyunclonable functions (PUFs). In this paper we analyze this scheme. We show that, while it claims to offer strong PUF functionality, the scheme creates only a weak PUF: an active attacker can completely read out the secret PUF response of the edge device after a very small amount of queries, converting the scheme into a weak PUF scheme which can then be counterfeited easily. After analyzing the scheme, we propose an alternative construction for an authentication method based on SRAM-PUF which better protects the secret SRAM startup state.

AB - The cloud-based Internet of Things (IoT) creates opportunities for more direct integration of the physical world and computer-basedsystems, allowing advanced applications based on sensing, analyzing and controlling the physical world. IoT deployments, however, are at a particular risk of counterfeiting, through which an adversary can corrupt the entire ecosystem. Therefore, entity authentication of edge devices is considered an essential part of the security of IoT systems. A recent paper of Farha et al. suggested an entity authentication scheme suitable for low-resource IoT edge devices, which relies on SRAM-based physicallyunclonable functions (PUFs). In this paper we analyze this scheme. We show that, while it claims to offer strong PUF functionality, the scheme creates only a weak PUF: an active attacker can completely read out the secret PUF response of the edge device after a very small amount of queries, converting the scheme into a weak PUF scheme which can then be counterfeited easily. After analyzing the scheme, we propose an alternative construction for an authentication method based on SRAM-PUF which better protects the secret SRAM startup state.

M3 - Article

VL - 2022

SP - 292

JO - IACR Cryptol. ePrint Arch.

JF - IACR Cryptol. ePrint Arch.

ER -

Comment on "SRAM-PUF Based Entities Authentication Scheme for Resource-constrained IoT Devices".

Abstract

Access to Document

Fingerprint

Cite this