PUF-Based Authentication and Authorization Protocol for IoT

PUF-Based Authentication and Authorization Protocol for IoT

연구 분야: Analysis

학회: International Conference on Information Security Applications

With the rapid development of technology, smart devices have become indispensable tools for people, and IoT devices are ubiquitous, playing an important role in our daily lives. When using IoT device applications and services, users must go through complex authentication processes, which are time-consuming and pose various security issues. Not only must users be authenticated, but the devices must also be identified to ensure security. Physically Unclonable Functions (PUF) can be considered as hardware fingerprints due to their randomness and unpredictability, used to identify the uniqueness of devices. Given the limited computational power of IoT devices, the need for lightweight mechanisms is even more pronounced. Therefore, this protocol proposes a three-party mutual authentication using a smartphone involving the user, the server, and the IoT device. The PUF within the device generates a session key to authorize the IoT device to use and access the service. Finally, the contributions of this mechanism are highlighted through security analysis and comparison with related works.