Paper 2019/1461

Cryptanalysis of two recently proposed PUF based authentication protocols for IoT: PHEMAP and Salted PHEMAP

Morteza Adeli and Nasour Bagheri


Internet of Things(IoT) consists of a large number of interconnected coexist heterogeneous entities, including Radio-frequency identification(RFIDs) based devices and other sensors to detect and transfer various information such as temperature, personal health data, brightness, etc. Security, in particular, authentication, is one of the most important parts of information security infrastructure in  IoT systems. Given that an IoT system has many resource-constrained devices, a goal could be designing a proper authentication protocol that is lightweight and can resist against various common attacks, targeting such devices. Recently, using Physical Unclonable Functions (PUF) to design lightweight authentication protocols has received a lot of attention among researchers. In this paper, we analyze two recently proposed authentication protocols based on PUF chains called PHEMAP and Salted PHEMAP. We show that these protocols are vulnerable to impersonate, desynchronization and traceability attacks.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
IoTauthenticationPUFsecurity analysis.
Contact author(s)
M adeli @ sru ac ir
na bagheri @ gmail com
2019-12-18: received
Short URL
Creative Commons Attribution


      author = {Morteza Adeli and Nasour Bagheri},
      title = {Cryptanalysis of two recently proposed PUF based authentication protocols for IoT: PHEMAP and Salted PHEMAP},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1461},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.