Paper 2021/985
PUF Security: Reviewing The Validity of Spoofing Attack Against Safe is the New Smart
Karim Lounis
Abstract
Due to the heterogeneity and the particular security requirements of IoT (Internet of Things), developing secure, low-cost, and lightweight authentication protocols has become a serious challenge. This has excited the research community to design and develop new authentication protocols that meet IoT requirements. An interesting hardware technology, called PUFs (Physical Unclonable Functions), has been the subject of many subsequent publications on lightweight, low-cost, and secure-by-design authentication protocols for the past six years. In 2020, a lightweight PUF-based authenticated key-exchange (AKE) scheme was proposed. The scheme claimed to provide mutual authentication and key establishment. The protocol was demonstrated to be vulnerable to a spoofing attack, where an attacker is able to compromise the authentication claims that are made during the execution of the protocol. Recently, some researchers have argued the validity of the attack due to a misunderstanding of security protocol specification principles. In this paper, we show how the authentication claim, as well as the key-establishment claim of the authentication protocol, can be compromised by spoofing the server and fooling the meter.
Metadata
- Available format(s)
-
PDF
- Category
- Foundations
- Publication info
- Preprint. MINOR revision.
- Keywords
- PUF-based authenticationPUF-based protocol securityPUF attackssecurity protocol claims
- Contact author(s)
- karim lounis @ queensu ca
- History
- 2021-07-23: received
- Short URL
- https://ia.cr/2021/985
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/985,
author = {Karim Lounis},
title = {{PUF} Security: Reviewing The Validity of Spoofing Attack Against Safe is the New Smart},
howpublished = {Cryptology {ePrint} Archive, Paper 2021/985},
year = {2021},
url = {https://eprint.iacr.org/2021/985}
}
