Biblio

Recently, as the use of Internet of Things (IoT) devices has expanded, security issues have emerged. As a solution to the IoT security problem, PUF (Physical Unclonable Function) technology has been proposed, and research on key generation or device authentication using it has been actively conducted. In this paper, we propose a method to apply PUF-based device authentication technology to the Open Connectivity Foundation (OCF) open platform. The proposed method can greatly improve the security level of IoT open platform by utilizing PUF technology.

This paper aims to identify Wi-SUN devices using physical layer fingerprint. We first extract physical layer features based on the received Wi-SUN signals, especially focusing on device-specific clock skew and frequency deviation in FSK modulation. Then, these physical layer fingerprints are used to train a machine learning-based classifier and the resulting classifier finally identifies the authorized Wi-SUN devices. Preliminary experiments on Wi-SUN certified chips show that the authenticator with the proposed physical layer fingerprints can distinguish Wi-SUN devices with 100 % accuracy. Since no additional computational complexity for authentication is involved on the device side, our approach can be applied to any Wi-SUN based IoT devices with security requirements.

Recently, it is predicted that interworking between heterogeneous devices will be accelerated due to the openness of the IoT (Internet of Things) platform, but various security threats are also expected to increase. However, most IoT open platforms remain at the level that utilizes existing security technologies. Therefore, a more secure security technology is required to prevent illegal copying and leakage of important data through stealing, theft, and hacking of IoT devices. In addition, a technique capable of ensuring interoperability with existing standard technologies is required. This paper proposes an IoT device authentication method based on PUF (Physical Unclonable Function) that operates on an IoT open platform. By utilizing PUF technology, the proposed method can effectively respond to the threat of exposure of the authentication key of the existing IoT open platform. Above all, the proposed method can contribute to compatibility and interoperability with existing technologies by providing a device authentication method that can be effectively applied to the OCF Iotivity standard specification, which is a representative IoT open platform.

As the amount of information distributed and processed through IoT(Internet of Things) devices is absolutely increased, various security issues are also emerging. Above all, since IoT technology is directly applied to our real life, there is a growing concern that the dangers of the existing cyberspace can be expanded into the real world. In particular, leaks of keys necessary for authentication and data protection of IoT devices are causing economic and industrial losses through illegal copying and data leakage. Therefore, this paper introduces the research trend of hardware and software based key hiding technology to respond to these security threats, and proposes IoT device authentication techniques using them. The proposed method fundamentally prevents the threat of exposure of the authentication key due to various security vulnerabilities by properly integrating hardware and software based key hiding technologies. That is, this paper provides a more reliable IoT device authentication scheme by using key hiding technology for authentication key management.

In many industry Internet of Things applications, resources like CPU, memory, and battery power are limited and cannot afford the classic cryptographic security solutions. Silicon physical unclonable function (PUF) is a lightweight security primitive that exploits manufacturing variations during the chip fabrication process for key generation and/or device authentication. However, traditional weak PUFs such as ring oscillator (RO) PUF generate chip-unique key for each device, which restricts their application in security protocols where the same key is required to be shared in resource-constrained devices. In this article, in order to address this issue, we propose a PUF-based key sharing method for the first time. The basic idea is to implement one-to-one input-output mapping with lookup table (LUT)-based interstage crossing structures in each level of inverters of RO PUF. Individual customization on configuration bits of interstage crossing structure and different RO selections with challenges bring high flexibility. Therefore, with the flexible configuration of interstage crossing structures and challenges, crossover RO PUF can generate the same shared key for resource-constrained devices, which enables a new application for lightweight key sharing protocols.

Physically Unclonable Functions (PUFs) promise to be a critical hardware primitive to provide unique identities to billions of connected devices in Internet of Things (IoTs). In traditional authentication protocols a user presents a set of credentials with an accompanying proof such as password or digital certificate. However, IoTs need more evolved methods as these classical techniques suffer from the pressing problems of password dependency and inability to bind access requests to the “things” from which they originate. Additionally, the protocols need to be lightweight and heterogeneous. Although PUFs seem promising to develop such mechanism, it puts forward an open problem of how to develop such mechanism without needing to store the secret challenge-response pair (CRP) explicitly at the verifier end. In this paper, we develop an authentication and key exchange protocol by combining the ideas of Identity based Encryption (IBE), PUFs and Key-ed Hash Function to show that this combination can help to do away with this requirement. The security of the protocol is proved formally under the Session Key Security and the Universal Composability Framework. A prototype of the protocol has been implemented to realize a secured video surveillance camera using a combination of an Intel Edison board, with a Digilent Nexys-4 FPGA board consisting of an Artix-7 FPGA, together serving as the IoT node. We show, though the stand-alone video camera can be subjected to man-in-the-middle attack via IP-spoofing using standard network penetration tools, the camera augmented with the proposed protocol resists such attacks and it suits aptly in an IoT infrastructure making the protocol deployable for the industry.

Internet of Things (IoT) device authentication is weighed as a very important step from security perspective. Privacy and security of the IoT devices and applications is the major issue. From security perspective, important issue that needs to be addressed is the authentication mechanism, it has to be secure from different types of attacks and is easy to implement. The paper gives general idea about how different authentication mechanisms work, and then secure and efficient multi-factor device authentication scheme idea is proposed. The proposed scheme idea uses digital signatures and device capability to authenticate a device. In the proposed scheme device will only be allowed into the network if it is successfully authenticated through multi-factor authentication otherwise the authentication process fails and whole authentication process will restart. By analyzing the proposed scheme idea, it can be seen that the scheme is efficient and has less over head. The scheme not only authenticates the device very efficiently through multi-factor authentication but also authenticates the authentication server with the help of digital signatures. The proposed scheme also mitigates the common attacks like replay and man in the middle because of nonce and timestamp.

Mechanism to-Rube Goldberg invention accord is normal habituated to for apartment phones and Internet of Things. Agree and central knowledge are open to meet an unfailing turning between twosome gadgets. In ignoble fracas, factual methodologies many a time eon wait on a prefabricated solitarily pronunciation database and bear the ill effects of serene age rate. We verifiable GeneWave, a brusque gadget inspection and root assention convention for item cell phones. GeneWave mischievous accomplishes bidirectional ingenious inspection office on the physical reaction meantime between two gadgets. To evade the resolution of interim in compliance, we overshadow overseas time fragility on ware gadgets skim through steep flag location and excess time crossing out. At zigzag goal, we success out the elementary acoustic channel reaction for gadget verification. We combination an extraordinary coding pointing for virtual key assention while guaranteeing security. Consequently, two gadgets heart signal couple choice and safely concur on a symmetric key.

We provide the first solution to an important question, "how a physical-layer RFID authentication method can defend against signal replay attacks". It was believed that if the attacker has a device that can replay the exact same reply signal of a legitimate tag, any physical-layer authentication method will fail. This paper presents Hu-Fu, the first physical layer RFID authentication protocol that is resilient to the major attacks including tag counterfeiting, signal replay, signal compensation, and brute-force feature reply. Hu-Fu is built on two fundamental ideas, namely inductive coupling of two tags and signal randomization. Hu-Fu does not require any hardware or protocol modification on COTS passive tags and can be implemented with COTS devices. We implement a prototype of Hu-Fu and demonstrate that it is accurate and robust to device diversity and environmental changes.

Device-to-device communication is widely used for mobile devices and Internet of Things. Authentication and key agreement are critical to build a secure channel between two devices. However, existing approaches often rely on a pre-built fingerprint database and suffer from low key generation rate. We present GeneWave, a fast device authentication and key agreement protocol for commodity mobile devices. GeneWave first achieves bidirectional initial authentication based on the physical response interval between two devices. To keep the accuracy of interval estimation, we eliminate time uncertainty on commodity devices through fast signal detection and redundancy time cancellation. Then, we derive the initial acoustic channel response for device authentication. We design a novel coding scheme for efficient key agreement while ensuring security. Therefore, two devices can authenticate each other and securely agree on a symmetric key. GeneWave requires neither special hardware nor pre-built fingerprint database, and thus it is easyto-use on commercial mobile devices. We implement GeneWave on mobile devices (i.e., Nexus 5X and Nexus 6P) and evaluate its performance through extensive experiments. Experimental results show that GeneWave efficiently accomplish secure key agreement on commodity smartphones with a key generation rate 10× faster than the state-of-the-art approach.

On battery-free IoT devices such as passive RFID tags, it is extremely difficult, if not impossible, to run cryptographic algorithms. Hence physical-layer identification methods are proposed to validate the authenticity of passive tags. However no existing physical-layer authentication method of RFID tags that can defend against the signal replay attack. This paper presents Hu-Fu, a new direction and the first solution of physical layer authentication that is resilient to the signal replay attack, based on the fact of inductive coupling of two adjacent tags. We present the theoretical model and system workflow. Experiments based on our implementation using commodity devices show that Hu-Fu is effective for physical-layer authentication.

The Internet of Things (IoT) has become ubiquitous in our daily life as billions of devices are connected through the Internet infrastructure. However, the rapid increase of IoT devices brings many non-traditional challenges for system design and implementation. In this paper, we focus on the hardware security vulnerabilities and ultra-low power design requirement of IoT devices. We briefly survey the existing design methods to address these issues. Then we propose an approximate computing based information hiding approach that provides security with low power. We demonstrate that this security primitive can be applied for security applications such as digital watermarking, fingerprinting, device authentication, and lightweight encryption.

The Center for Strategic and International Studies estimates the annual cost from cyber crime to be more than \$400 billion. Most notable is the recent digital identity thefts that compromised millions of accounts. These attacks emphasize the security problems of using clonable static information. One possible solution is the use of a physical device known as a Physically Unclonable Function (PUF). PUFs can be used to create encryption keys, generate random numbers, or authenticate devices. While the concept shows promise, current PUF implementations are inherently problematic: inconsistent behavior, expensive, susceptible to modeling attacks, and permanent. Therefore, we propose a new solution by which an unclonable, dynamic digital identity is created between two communication endpoints such as mobile devices. This Physically Unclonable Digital ID (PUDID) is created by injecting a data scrambling PUF device at the data origin point that corresponds to a unique and matching descrambler/hardware authentication at the receiving end. This device is designed using macroscopic, intentional anomalies, making them inexpensive to produce. PUDID is resistant to cryptanalysis due to the separation of the challenge response pair and a series of hash functions. PUDID is also unique in that by combining the PUF device identity with a dynamic human identity, we can create true two-factor authentication. We also propose an alternative solution that eliminates the need for a PUF mechanism altogether by combining tamper resistant capabilities with a series of hash functions. This tamper resistant device, referred to as a Quasi-PUDID (Q-PUDID), modifies input data, using a black-box mechanism, in an unpredictable way. By mimicking PUF attributes, Q-PUDID is able to avoid traditional PUF challenges thereby providing high-performing physical identity assurance with or without a low performing PUF mechanism. Three different application scenarios with mobile devices for PUDID and Q-PUDI- have been analyzed to show their unique advantages over traditional PUFs and outline the potential for placement in a host of applications.

In the future Internet of Things, it is envisioned that things are collaborating to serve people. Unfortunately, this vision could not be realised without relations between things and people. To solve the problem this paper proposes a user centric identity management system that incorporates user identity, device identity and the relations between them. The proposed IDM system is user centric and allows device authentication and authorization based on the user identity. A typical compelling use case of the proposed solution is also given.