Cryptology ePrint Archive: Report 2015/937
End-to-end Design of a PUF-based Privacy Preserving Authentication Protocol
Aydin Aysu and Ege Gulcan and Daisuke Moriyama and Patrick Schaumont and Moti Yung
Abstract: We demonstrate a prototype implementation of a provably secure protocol that supports privacy-preserving mutual authentication between a server and a constrained device. Our proposed protocol is based on a physically unclonable function (PUF) and it is optimized for resource-constrained platforms. The reported results include a full protocol analysis, the design of its building blocks, their integration into a constrained device, and finally its performance evaluation. We show how to obtain efficient implementations for each of the building blocks of the protocol, including a fuzzy extractor with a novel helper-data construction technique, a truly random number generator (TRNG), and a pseudo-random function (PRF). The prototype is implemented on a SASEBO-GII board, using the on-board SRAM as the source of entropy for the PUF and the TRNG. We present three different implementations. The first two execute on a MSP430 soft-core processor and have a security level of 64-bit and 128-bit respectively. The third uses a hardware accelerator and has 128-bit security level. To our best knowledge, this work is the first effort to describe the end-to-end design and evaluation of a privacy-preserving PUF-based authentication protocol.
Category / Keywords: implementation / Physically Unclonable Function, authentication, privacy-preserving protocol, implementation
Original Publication (with minor differences): IACR-CHES-2015
Date: received 24 Sep 2015, last revised 10 Nov 2015
Contact author: dmoriyam at nict go jp
Available format(s): PDF | BibTeX Citation
Note: A preliminary version of this paper appears in the proceedings of CHES 2015. This is the full version including the security proof against the proposed protocol.
Version: 20151111:062532 (All versions of this report)
Short URL: ia.cr/2015/937
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]