A Lightweight PUF-Based Authentication Protocol Using Secret Pattern Recognition for Constrained IoT Devices

PUFs, or physical unclonable functions, are hardware security primitives that can offer lightweight security solutions for constrained devices through challenge-response authentication protocols. However, the lightweight PUF-based security solutions that have been presented often lack security features such as mutual authentication or message encryption, which could be vital for many applications. Other protocols suffer from vulnerabilities to denial of service attacks that make them impractical to use. This work introduces a lightweight PUF-based protocol that uses secret pattern recognition to offer mutual authentication and authenticated secret message exchange for constrained devices on the Internet of Things. The protocol utilizes several techniques to introduce nonlinearity, and it can employ any strong PUF circuit for which a soft model can be generated. The authentication process requires simple bitwise operations along with a PUF circuit and a true random number generator (TRNG). By avoiding the use of any cryptographic or hash functions, the protocol’s lightweight nature is preserved. The security of the proposed protocol against modeling attacks is tested to showcase its resilience. Similar PUF-based protocols are investigated and found to lack some essential security features.