Cryptology ePrint Archive: Report 2021/985

PUF Security: Reviewing The Validity of Spoofing Attack Against Safe is the New Smart

Karim Lounis

Abstract: Due to the heterogeneity and the particular security requirements of IoT (Internet of Things), developing secure, low-cost, and lightweight authentication protocols has become a serious challenge. This has excited the research community to design and develop new authentication protocols that meet IoT requirements. An interesting hardware technology, called PUFs (Physical Unclonable Functions), has been the subject of many subsequent publications on lightweight, low-cost, and secure-by-design authentication protocols for the past six years. In 2020, a lightweight PUF-based authenticated key-exchange (AKE) scheme was proposed. The scheme claimed to provide mutual authentication and key establishment. The protocol was demonstrated to be vulnerable to a spoofing attack, where an attacker is able to compromise the authentication claims that are made during the execution of the protocol. Recently, some researchers have argued the validity of the attack due to a misunderstanding of security protocol specification principles. In this paper, we show how the authentication claim, as well as the key-establishment claim of the authentication protocol, can be compromised by spoofing the server and fooling the meter.

Category / Keywords: foundations / PUF-based authentication, PUF-based protocol security, PUF attacks, security protocol claims

Date: received 22 Jul 2021

Contact author: karim lounis at queensu ca

Available format(s): PDF | BibTeX Citation

Version: 20210723:091237 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]