%0 Thesis %1 petzi2024pufbased %A Petzi, Lukas %D 2024 %I Master Thesis %K lukaspetzi sss-group thesis_supervised_by_SSS_member %T PUF-Based Device-to-Device Authentication in IoT without Trusted Intermediaries %X The Internet of Things (IoT) signifies a revolutionary shift wherein everyday objects are embedded with sensors, software, and connectivity capabilities, allowing them to communicate and exchange data with other devices and systems across the Internet. As these devices continuously collect and exchange data, and act upon the information received, the authentication of devices within our networks becomes crucial to prevent malicious actors from breaching the network. While sophisticated hardware security architectures like Intel SGX or Trusted Platform Modules are available for more powerful devices like laptops or smartphones, their cost often makes them impractical for the typically budgetsensitive IoT device manufacturers. As a result, IoT devices frequently rely on storing confidential information in non-volatile memory, which, as studies have shown, can be vulnerable to physical attacks thereby compromising device security. Physical Unclonable Functions (PUFs) present a cost-effective solution by generating a unique response, or ”hardware fingerprint,” to a given stimulus (challenge) based on the natural variations in electronic hardware components during manufacturing. This fingerprint, generated on demand and not stored on the device, remains secure against adversaries attempting to access non-volatile memory. Although previous research has demonstrated the utility of PUFs for device authentication, these methods often depend on a trusted verifier storing significant amounts of confidential data, a requirement that limits the ability of low-end IoT devices to act as verifiers and raises the risk of impersonation attacks if the verifier is compromised. In this thesis, we introduce and examine three distinct PUF-based authentication schemes. Each scheme is designed to facilitate secure authentication between two parties that do not trust each other. A key feature of these approaches is their reliance solely on public information, eliminating the need for verifiers to store any sensitive data. This crucial aspect not only removes the storage burden from the verifier but also prevents a potentially malicious verifier from impersonating the provers. The methods developed are (1) ZK-PUF, a system that enables PUF-based authentication using zero-knowledge proofs, (2) PAVOC, which guarantees secure authentication using one-way hash chains, and (3) PAWOS, which uses the concept of cryptographic one-time signatures for authentication. Each strategy is based on different design principles that meet different security and operational requirements. They have been tested on IoT development boards with limited resources and have proven their efficiency even with limited computing power while protecting against non-volatile memory attacks and network-level adversaries.

@mastersthesis{petzi2024pufbased, abstract = {The Internet of Things (IoT) signifies a revolutionary shift wherein everyday objects are embedded with sensors, software, and connectivity capabilities, allowing them to communicate and exchange data with other devices and systems across the Internet. As these devices continuously collect and exchange data, and act upon the information received, the authentication of devices within our networks becomes crucial to prevent malicious actors from breaching the network. While sophisticated hardware security architectures like Intel SGX or Trusted Platform Modules are available for more powerful devices like laptops or smartphones, their cost often makes them impractical for the typically budgetsensitive IoT device manufacturers. As a result, IoT devices frequently rely on storing confidential information in non-volatile memory, which, as studies have shown, can be vulnerable to physical attacks thereby compromising device security. Physical Unclonable Functions (PUFs) present a cost-effective solution by generating a unique response, or ”hardware fingerprint,” to a given stimulus (challenge) based on the natural variations in electronic hardware components during manufacturing. This fingerprint, generated on demand and not stored on the device, remains secure against adversaries attempting to access non-volatile memory. Although previous research has demonstrated the utility of PUFs for device authentication, these methods often depend on a trusted verifier storing significant amounts of confidential data, a requirement that limits the ability of low-end IoT devices to act as verifiers and raises the risk of impersonation attacks if the verifier is compromised. In this thesis, we introduce and examine three distinct PUF-based authentication schemes. Each scheme is designed to facilitate secure authentication between two parties that do not trust each other. A key feature of these approaches is their reliance solely on public information, eliminating the need for verifiers to store any sensitive data. This crucial aspect not only removes the storage burden from the verifier but also prevents a potentially malicious verifier from impersonating the provers. The methods developed are (1) ZK-PUF, a system that enables PUF-based authentication using zero-knowledge proofs, (2) PAVOC, which guarantees secure authentication using one-way hash chains, and (3) PAWOS, which uses the concept of cryptographic one-time signatures for authentication. Each strategy is based on different design principles that meet different security and operational requirements. They have been tested on IoT development boards with limited resources and have proven their efficiency even with limited computing power while protecting against non-volatile memory attacks and network-level adversaries.}, added-at = {2024-06-08T14:43:32.000+0200}, author = {Petzi, Lukas}, biburl = {https://www.bibsonomy.org/bibtex/25fc980c01688a24eba3fb7d9c38d4a45/sssgroup}, interhash = {7c5bf17cb0dddc179f99de4fd0891443}, intrahash = {5fc980c01688a24eba3fb7d9c38d4a45}, keywords = {lukaspetzi sss-group thesis_supervised_by_SSS_member}, month = {February}, publisher = {Master Thesis}, school = {University of Würzburg}, timestamp = {2024-10-15T16:13:50.000+0200}, title = {PUF-Based Device-to-Device Authentication in IoT without Trusted Intermediaries}, year = 2024 }