Paper 2021/985

PUF Security: Reviewing The Validity of Spoofing Attack Against Safe is the New Smart

Karim Lounis


Due to the heterogeneity and the particular security requirements of IoT (Internet of Things), developing secure, low-cost, and lightweight authentication protocols has become a serious challenge. This has excited the research community to design and develop new authentication protocols that meet IoT requirements. An interesting hardware technology, called PUFs (Physical Unclonable Functions), has been the subject of many subsequent publications on lightweight, low-cost, and secure-by-design authentication protocols for the past six years. In 2020, a lightweight PUF-based authenticated key-exchange (AKE) scheme was proposed. The scheme claimed to provide mutual authentication and key establishment. The protocol was demonstrated to be vulnerable to a spoofing attack, where an attacker is able to compromise the authentication claims that are made during the execution of the protocol. Recently, some researchers have argued the validity of the attack due to a misunderstanding of security protocol specification principles. In this paper, we show how the authentication claim, as well as the key-establishment claim of the authentication protocol, can be compromised by spoofing the server and fooling the meter.

Available format(s)
Publication info
Preprint. MINOR revision.
PUF-based authenticationPUF-based protocol securityPUF attackssecurity protocol claims
Contact author(s)
karim lounis @ queensu ca
2021-07-23: received
Short URL
Creative Commons Attribution


      author = {Karim Lounis},
      title = {{PUF} Security: Reviewing The Validity of Spoofing Attack Against Safe is the New Smart},
      howpublished = {Cryptology ePrint Archive, Paper 2021/985},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.