424 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 16, NO.

3, MAY/JUNE 2019

Building PUF Based Authentication and Key

Exchange Protocol for IoT Without Explicit
CRPs in Verifier Database
Urbi Chatterjee , Vidya Govindan, Rajat Sadhukhan, Debdeep Mukhopadhyay,
Rajat Subhra Chakraborty , Senior Member, IEEE, Debashis Mahata , and Mukesh M. Prabhu

Abstract—Physically Unclonable Functions (PUFs) promise to be a critical hardware primitive to provide unique identities to billions of
connected devices in Internet of Things (IoTs). In traditional authentication protocols a user presents a set of credentials with an
accompanying proof such as password or digital certificate. However, IoTs need more evolved methods as these classical techniques
suffer from the pressing problems of password dependency and inability to bind access requests to the “things” from which they
originate. Additionally, the protocols need to be lightweight and heterogeneous. Although PUFs seem promising to develop such
mechanism, it puts forward an open problem of how to develop such mechanism without needing to store the secret
challenge-response pair (CRP) explicitly at the verifier end. In this paper, we develop an authentication and key exchange protocol by
combining the ideas of Identity based Encryption (IBE), PUFs and Key-ed Hash Function to show that this combination can help to do
away with this requirement. The security of the protocol is proved formally under the Session Key Security and the Universal
Composability Framework. A prototype of the protocol has been implemented to realize a secured video surveillance camera using a
combination of an Intel Edison board, with a Digilent Nexys-4 FPGA board consisting of an Artix-7 FPGA, together serving as the IoT
node. We show, though the stand-alone video camera can be subjected to man-in-the-middle attack via IP-spoofing using standard
network penetration tools, the camera augmented with the proposed protocol resists such attacks and it suits aptly in an IoT
infrastructure making the protocol deployable for the industry.

Index Terms—Physically unclonable functions, elliptic curve cryptography, identity based encryption, internet of things,
device authentication, key management

1 INTRODUCTION

I OTS have opened up an ubiquitous sensing-communicat-

ing-actuating network with information sharing across
platforms, blended seamlessly in various areas of modern
day-to-day living. But as with most emerging technologies,
innovation comes first, and security is only an afterthought in
reaction to discovered vulnerabilities. The devices deployed
in an IoT framework usually generate large quantities of
security-sensitive data. One of the major security challenges
in IoT framework is the authentication and key management
of potentially billions of devices deployed in the network.
We try to address this problem and provide a lightweight and
secure solution using PUFs and IBE [1]. A PUF circuit reali-
zation can be thought to be an unconventional, lightweight
 U. Chatterjee, V. Govindan, R. Sadhukhan, D. Mukhopadhyay, and
R.S. Chakraborty are with the Secure Embedded Architecture Laboratory
(SEAL), Department of Computer Science and Engineering, Indian Institute
of Technology Kharagpur, Kharagpur 721302, India.
E-mail: {urbi.chatterjee, debdeep, rschakraborty}@cse.iitkgp.ernet.in, {vidya.
govindan, rajat.sadhukhan}@iitkgp.ac.in.
 D. Mahata and M.M. Prabhu are with the Wipro Technogies, Bengaluru,
Karnataka 560 035, India.
E-mail: {debashis.mahata, mukesh.prabhu}@wipro.com.
Manuscript received 31 July 2017; revised 7 Apr. 2018; accepted 17 Apr. 2018.
Date of publication 1 May 2018; date of current version 10 May 2019.
(Corresponding author: Urbi Chatterjee.)
For information on obtaining reprints of this article, please send e-mail to:
hardware security primitive [2] proposed in various security
applications such as IC anti-counterfeiting, device identifi-
cation and authentication, binding hardware to software
platforms, secure storage of cryptographic secrets, keyless
secure communication etc. A Silicon PUF [3] is a mapping
g : f0; 1gn ! f0; 1gm , where the output m-bit “response” are
unambiguously identified by both the n “challenge” bits and
the unclonable, instance-specific system behaviour. So, it can act
as a hardware fingerprint generator for the IC in which it is
included. We can adopt this property to uniquely identify each
devices in the IoT framework. A specific challenge and its cor-
responding response together form a Challenge-Response Pair
(CRP) for a given PUF instance. PUF based authentication
protocols rely on this “challenge-response authentication”
mechanism, rather than on a single secret cryptographic key.
The response generated on-the-fly by the challenge applied to
a PUF instance can be used to generate session key for secure
message encryption; thus offloads the complexity of managing
and storing the keys for IoT device. We make following contri-
bution in this paper:
 We propose an authentication and key exchange pro-
tocol combining the concepts of PUF, IBE and Key-ed
Hash Function. The protocol solves an open problem
in the domain of PUF based protocols, alleviating the

[email protected]

, and reference the Digital Object Identifier below. overhead from the verifier to store the CRP database of the
Digital Object Identifier no. 10.1109/TDSC.2018.2832201 PUF and the dependency of imposing security mechanism
1545-5971 ß 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See ht_tp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
CHATTERJEE ET AL.: BUILDING PUF BASED AUTHENTICATION AND KEY EXCHANGE PROTOCOL FOR IOT WITHOUT EXPLICIT CRPS IN...
to keep it secret. In traditional PUF based protocols, if a
verifier needs to authenticate k IoT nodes, let us
assume that it stores l number of m-bit challenges and
its corresponding n bit responses. Then the space
complexity is: Oððm þ nÞ  l  kÞ. Now, if we con-
sider the IoT framework, the “smart” devices (prover
and verifier) are very resource constrained and more
susceptible to be a target for active and passive
attacks. In many cases prover device is just a sensor
node and verifier device are mobile, bridge or router.
Accessing CRP database by the smart devices itself is
a security risk because smart devices are easy target
for attacker. In order to offload storage requirement
from verifier and to eliminate risk of getting CRP
database compromised, we stores just a single key in
the NVM of verifier for authentication of all prover
nodes under it using a key-ed hash function (space
complexity: constant). This way it would be easier to
protect a single key instead of securing a whole CRP
database. Additionally instead of using CRP database
directly we generate a new security association infor-
mation between prover and verifier that hides the
correlation between the challenge and response of the
PUF and can be stored as public information.
 We prove formally the security of the protocol in the
Session Key Security model and the Universal Com-
posability framework [4].
 We implement a prototype of the protocol to
securely authenticate a video surveillance camera,
commercially purchased and devoid of any inbuilt
security feature. The prototype was implemented
following a hardware/software co-design, by con-
necting the camera to an Intel Edison board, provid-
ing the IP and hosting the protocol operation, while
the hardware circuit of the PUF is implemented and
unique ID is generated from a Artix-7 FPGA. But,
PUF responses are corrupted by noise and other
environmental factors when deployed in an embed-
ded system. Hence helper data algorithm or fuzzy
extractor [5] is used to generate cryptographic keys
with appropriate entropy from noisy and non-
uniform random PUF responses. To perform this
task, we design a BCH encoder circuit to generate
the helper data from the responses of the PUF. This
helper data along with a BCH decoder can then be
used to re-generate the correct response from the
actual response of a PUF for a specific challenge. It is
to be noted that the BCH encoder and decoder circuit
are implemented in Artix-7 FPGA.
 We first show a man-in-the-middle attack on the com-
mercial video camera, and then show when the pro-
posed protocol is enabled, the attack is subverted. We
show that the protocol is lightweight, consumes low
power, and has a low latency, suiting the require-
ments of IoT.
The rest of the paper is organized as follows. In Sections 2
and 3, we provide the security assumptions and the back-
ground of the work. In Section 4, we present our proposed
authentication and key exchange protocol. The correctness
and security analyses of the proposed scheme are described
in Section 5. The experimental setup, attack scenario and
425
resource overhead results have been provided in Section 6.
We conclude the paper with future research directions
in Section 7.
2 SYSTEM ASSUMPTIONS AND GOALS
System Model. The setting assumed is that each IoT node
tries to authenticate to a verifier and communicate with the
verifier or with another node. Each node is enabled with a
PUF and has the capability to perform two elliptic curve
operations, namely scalar multiplication and a pairing oper-
ation along with a standard cryptographic hash function.
On the other hand the verifier is assumed to have the capa-
bility to compute keyed hash function, where the key is
stored in a non-volatile memory.
Threat Assumptions. We assume the adversary can have
access to the communication channel and can not only be a
passive observer, but can tamper the channel with mali-
cious data as an active adversary. The goal of the adversary
is to authenticate to the verifier on behalf of the legitimate
nodes, without possession of the node. For a PUF instance
embedded in an IoT node, its challenge-response character-
istics is an implicit property, and is thus not accessible to
the adversary. Further, the attacker can corrupt the verifier
(as by a malware) and can obtain access to the databases
which the verifier possesses. However, we assume that the
attacker cannot gain knowledge of the secret key stored on
the verifier.
Attack Models. To formally proof the security of the proto-
col, we introduce two models which we will briefly discuss
here.
 Session Key Security Model: Here all parties involved
in the protocol are assumed to be trusted. The
attacker either (i) eavesdrops the communication
link without any change or addition to the messages
(e.g., packet sniffing attack ) or, (ii) has full control
over the links and can modify the messages (e.g.,
packet injection or re-routing attack). In Section 5.1.3,
it has been shown that the protocol is secure against
both of these attack variants.
 Universally Composite Framework: This model ensures
that the proposed key exchange protocol provides
the same security when used by any other protocol
to set up session keys between two parties, even
when it runs in parallel with an arbitrary set of other
protocols in a distributed communication network.
We have shown three different scenarios where: a)
The verifier and the two communicating parties are
honest (ideal case), b) The verifier is corrupt, c)
Either of the two communicating parties or both are
corrupt. In real life implementation, we can picture
case (b) and (c) as the attacker can control the internal
functioning of the party and tries to send some mali-
cious information to disrupt the system.
In this work, we do not address the subsequent encryp-
tion of the messages between the nodes, but sketch that the
public-private key pair established can be used to commu-
nicate using established protocols [1].
Design Goals. Next, we briefly discuss the design goals of
the proposed PUF based Authentication and Key Exchange
Protocol:
426 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,
 No explicit key storage in ‘Things’: Instead of having
explicit key storage, a PUF instance will be embed-
ded in each IoT data node to provide unique identity
to the device.
 Lightweight and minimal overhead on execution time :
The hardware overhead, power-consumption of the
PUF enabled node and the latency to authenticate a
legitimate node should be very less.
 No explicit storage of raw CRP with verifier and model
building resistance: The verifier will not have access to
the raw CRP database of the PUF of the prover node.
This is to ensure that if the verifier gets compro-
mised, no one should be able to mathematically
clone the PUF instances using the CRP databases.
 Unlimited authentications: The protocol will have mod-
erate input-output space and can have unlimited
authentication rounds repeating same challenges.
 Security association mapping for CRPs: A mapping is
done between the challenge and response for each
entries in the CRP database so that it can be stored
publicly in a resourceful device ensuring its integ-
rity. The verifier can access it at the time of authenti-
cation without any advantages to the attacker.
 Efficient management of public/ private keys without cen-
tral authority: There is no need to involve central cer-
tificate authority to sign the public keys. A verifier
can easily verify the public key of the prover as it
holds information derived from the PUF instance of
the prover. The public-private key should be suitably
tied to the PUF instance of the node, and that serves
as the root of trust.
3 ALTERNATIVE APPROACHES AND RELATED
WORK
In this section we discuss conventional protocols and their
shortcomings for authentication and key exchange among
the nodes of an IoT system.
3.1 PUF Based Protocols
Several lightweight PUF-based authentication protocols [6],
[7], [8], [9], [10], [11], [12], [13], [14], [15], [16] have been
proposed in the past. But in[17], the authors demonstrated
several vulnerabilities such as Denial-of-Service (DoS)
attack, synchronization problem, replay attack, token/
server impersonation, modelling attack, lack of integrity
checking of the helper data, compromise of code and data at
runtime, limited local authentication, single point of failure
that have made these protocols unacceptable in their origi-
nal form. The mutual authentication protocol proposed in
[18] has considerable hardware overhead; hence, it is not
suitable for resource-constrained devices. Moreover, in
most of the PUF based authentication schemes, a verifier
node granting authenticity to a prover node, has prior
access to a subset of CRP database or a model of the PUF
instance embedded at the prover node. Now, if we map this
setup in a hierarchical network of IoT framework, it may
expand the attack surface substantially, as the integrity of
CRP details at lower level nodes may get compromised due
to easy accessibility. Hence, we cannot adopt any of these
protocols in its current form.
VOL. 16, NO. 3, MAY/JUNE 2019
In this paper, we have tried to overcome the above-
mentioned problems. In our scheme, the prover (resource-
constrained) node is PUF-enabled, but the verifier (less
resource-constrained) node does not need to hold the subset
of the CRP database or the model of the PUF instance.
Rather, it contains a keyed hash function which is used to
authenticate the PUF instance without knowing the actual
response of a given challenge. We have assumed that the
key is stored in a secure non-volatile memory. However,
the prover does not need to explicitly store any key, rather
the secret is generated from the response of a PUF which is
embedded in the device.
3.2 Public Key Based Protocols
Authentication and key exchange have been traditionally
handled by the use of public key encryption. The two con-
ventional ways of handling encryption is by the use of Public
Key Infrastructure (PKI) or by the use of Identity Based
Encryptions (IBE). In [19], new protocols have been pro-
posed for the IP protection problem on FPGAs using PUFs
and PKI based public key cryptography. But PKI has been
plagued with several shortcomings of non-uniform stand-
ards, and most importantly the difficulty of handling certifi-
cates generated by a trusted third party, virtually making it
infeasible for IoT applications where billions of devices are
expected to communicate. As an alternative, identity based
encryptions are attractive as they provide a mechanism for
generating public keys from publicly known information.
However, in classic IBE the secret keys of a node are not tied
to its physical identity, and the proof of identity is usually in
the form of a password or a digital certificate that include a
user’s public key. Moreover, some of these secrets need to be
explicitly stored in the nodes. Further, classic IBE requires a
Public Key Generator (PKG) which is used to generate pri-
vate keys for the nodes and transfer through secured chan-
nels. This makes the key exchange unwieldy and difficult for
real life deployment for the scalability of IoT applications. In
[20], Wallrabenstein has proposed to use PUF based Elliptic
Curve Cryptosystem for IOT framework, but storing helper
data for each challenge in the node can lead to unacceptable
memory overhead in resource-constrained devices.
In the proposed protocol, we have blended IBE with
identity generated by the PUF embedded in a node. It leads
to a certificate-less protocol, where no explicit keys need to
be stored in the nodes, while IBE provides security based
on strong well-founded hard problems. The key exchange
in the proposed protocol is made seamless by allowing the
nodes with the PUFs generating its keys, while the verifier
simply checks its authenticity and passes a verified public
key to another node for further communications.
Security of Commercial IoT Appliances. Surprisingly, even
with the growing importance of security, several IoT appli-
ances have very little to no support for it. As a use-case, in
this paper we study video surveillance cameras, which are
considered as a very popular IoT application. Till now,
several passive and active attacks [21], [22] such as visual
layer attacks, abusing covert channel and data ex-filtration
attacks, jamming, Denial-of-service, and side channel
attacks have been proposed for video surveillance system.
As a countermeasure, many public key infrastructure based
user authentication protocols[23], [24] were proposed in
CHATTERJEE ET AL.: BUILDING PUF BASED AUTHENTICATION AND KEY EXCHANGE PROTOCOL FOR IOT WITHOUT EXPLICIT CRPS IN...
Fig. 1. Hierarchical IoT architecture and proposed secure communication mechanism.
literature. However the fact remains that many network-
enabled camera vendors do not use data encryption, to
increase the throughput and to decrease memory and
power footprint. Additionally, some of the current video
streaming protocols such as RTP, RTSP and video steaming
engines such as WOWZA, Mjpg-Streamer etc. do not even
support secure network protocols such as SSL. This inspires
us to develop PUF based authentication and key exchange
protocol which will ensure the device authentication irre-
spective of the security level of the network protocol running on it.
4 PROPOSED AUTHENTICATION AND KEY
EXCHANGE PROTOCOL
In this section, we describe the authentication and key
exchange protocol that can be suitably implemented in an
IoT infrastructure. Fig. 1 represents the functional blocks of
the proposed security architecture. The architecture consists
of four major components: the Security Credential Genera-
tor (SCG), the Security Association Provider (SAP), the Veri-
fier Node and the IoT Node. The IoT nodes, which play the
role of prover, reside at the lowest level of the architecture.
In our proposal, we assume these IoT nodes to be PUF-
enabled, and having low hardware and software footprint
and limited computational abilities. They prove their
authenticity using respective embedded PUF instances to
the immediate upper layer nodes, which play the role of ver-
ifier and are relatively resourceful.
The proposed protocol has two main phases, enrolment
phase and authentication & key exchange phase. The Enrol-
ment phase consists of two sub processes and executes in a
secure and trusted environment. Once the manufacturing of
the verifier and IoT prover nodes are done, the SCG exe-
cutes a Provisioning Process. In this process, the characteriza-
tion of the PUF instance is done for each of the IoT nodes
and stored in CRP databases (CRPDBs). Similarly, a ran-
domly selected secret key is assigned for each verifier and
stored in the NVM of the verifier as well as the key
427
databases (KEYDBs) (marked as ‘1’). To resist against
modelling attack of the PUF instance, the CRPDBs and
KEYDBs are assumed to be stored in a secure “offline” data-
base in a trusted environment, outside the reach of the
typical IoT “node-to-node” communication. These database
entries are never directly used for authentication.Next, each veri-
fier node is assigned to authenticate a set of IoT prover
nodes. In Security Association Generation Process a security
relationship mapping between IoT node and verifier node is
created (marked as ‘2’) using each CRP entry of the prover
node, the secret key associated with its corresponding veri-
fier node and some randomly selected entities by the SCG.
It hides the challenge-response correlation of the PUF
instance. These mapping entries are stored in Mapping
Databases (MAPDBs) in the SAP maintained outside the
trusted environment. MAPDBs are generated in such a way
that access to this database would not help the adversary to
model the PUF instance, and the integrity of the entries are
maintained so that the trusted party can verify any illegitimate
modification during the protocol execution.In the Authentication
and key exchange phase, the verifier uses challenges randomly
selected from MAPDBs and validates responses from the
prover node dynamically at the time of protocol execution.
The protocol is designed in a way that both the prover and the
verifier mutually authenticate each other. Finally, the verifier
node coordinates among different prover nodes for genera-
tion and sharing of public keys (marked as ‘3’).
4.1 Public Mathematical Parameters
Our scheme requires that the communicating parties must
agree on some mathematical parameters before initiating
communication. For some large prime value q, we define an
elliptic curve and generate three groups G1 , G2 and G3 on
the points of an elliptic curve to define cryptographic pair-
ing. Pairing is an admissible bilinear map e: G1  G2 ! G3
which satisfies the following three properties:
1) Bilinearity: 8a; b 2 Fq ; 8P 2 G1 ; Q 2 G2 : eðaP; bQÞ ¼
eðP; QÞab .
428 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,
Fig. 2. Enrolment phase of the proposed protocol.
2) Non-degeneracy: eðP; QÞ 6¼ 1.
3) Computability: There exist an efficient algorithm to
compute e.
For further details, please refer to Section 2 of [25]. We
also need to choose three secure cryptographic hash func-
tions: H1: f0; 1gn ! G1 , H2: f0; 1gn  f0; 1gm ! G2 , H3: G2 !
f0; 1gn , where n and m are the bit lengths of the PUF
response and secret key, respectively, in our context. So, the
public mathematical parameters are: < q, G1 , G2 , G3 , e, n,
H1 , H2 , H3 > .
4.2 Enrolment Phase
Before deploying the nodes in the communication network,
the enrolment phase is executed for each node in a secure
and trusted environment. The steps are shown in Fig. 2, and
are summarized as follows:
 In the provisioning process, the SCG first randomly
selects an m-bit key KS and assigns it to the NVM of
Verifier S. It also stores KS in the KEYDBs.
 Then it sends a random challenge CA to the IoT Node
A. Node A applies the challenge CA to its PUF, and
generates the output RA ¼ PUF ðCA Þ, and returns it
to the SCG.
 The SCG generates the helper data HLPA ¼ BCH
EncoderðRA Þ and stores it along with the challenge
and response by appending < CA ; RA ; HLPA > to its
CRPDBs.
 Next, in Security Association Generation Process, the
SCG randomly generates an n-bit challenge CS , and
then it calculates
PS ¼ H2KS ðCS Þ; PA ¼ H1ðRA Þ:
Then, the SCG randomly selects an element a from
Zq and calculates
B ¼ PA  a  PS ;
d1 ¼ H3ðH1ðCA jjCS jjHLPA jjajjH3ðPS ÞÞ þ BÞ:
def
Please note that Zq ¼ fx 2 Zq : gcdðx; qÞ ¼ 1g i.e.,
elements of Zq with multiplicative inverses. In this
way, a new tuple < CA ; CS ; HLPA ; a; B; d1 > is gen-
erated and stored in the MAPDBs of the Security
Association Provider. This procedure is repeated
according to the memory capacity of the SAP and
the SCG and for all IoT nodes under Verifier S.
VOL. 16, NO. 3, MAY/JUNE 2019
At the end of the enrolment phase for a given node A, the Veri-
fier S supervising it will have only the secret key. For authenti-
cation, the SAP will transfer an entry randomly from the
mapping database of the node A to the Verifier S. The Verifier
S will calculate the response of the PUF on-the-fly to authenti-
cate node A. Here, we have assumed that the Verifier S will
securely store the secret key for the keyed hash function in a
non-volatile memory. We can achieve this goal using the com-
mercially available tamper-proof NVM chips, e.g., those used
in Trusted Platform Module (TPM) [26].
4.3 The Authentication and Key Exchange Phase
The second phase of this protocol performing authentica-
tion and key sharing is described below as shown in Fig. 3.
Consider a situation where IoT node A wishes to communi-
cate with IoT node B, with both A and B being at the lowest
levels of the hierarchy.
 At first, IoT node A initiates a request < IDA ;
IDB > (i.e., the public identifiers of the two com-
municating nodes) to Verifier S for authentication.
Verifier S forwards the request to the SAP.
 The SAP randomly chooses an entry < CA ; CS ;
HLPA ; a; B; d1 > from MAPDBAS and sends it back
to the Verifier S.
 Now, the Verifier S performs the following computa-
tions:
PS ¼ H2KS ðCS Þ:
 If d1 ¼¼ H3ðH1ðCA jjCS jjHLPA jjajjH3ðPS ÞÞ þ BÞ, then
it calculates
PA ¼ a  PS þ B:
It can be noted that if the Verifier S gets compro-
mised, it can impersonate as Node A. To avoid this
scenario, we suggest to use Strong PUFs and the
mapping entry used for an authentication round is
deleted from MAPDBAS .
 Next, the Verifier S randomly chooses a value x such
that x 2R Zq and computes
QA ¼ PA þ x  PS þ H1ðIDA jjIDB Þ;
VA ¼ eðPA ; x  PS Þ;
and sends this value to node A as the tuple
< IDB ; CA ; HLPA ; QA > . Please note that the nonce
CHATTERJEE ET AL.: BUILDING PUF BASED AUTHENTICATION AND KEY EXCHANGE PROTOCOL FOR IOT WITHOUT EXPLICIT CRPS IN...
Fig. 3. The authentication and key exchange phase.
x is used to resist the replay attack and also acts as a
timestamp for that specific instance of the protocol
run. Generally it is very hard to mitigate DoS attacks
at protocol level [27]. But in proposed protocol, we
took two approaches from the verifier and the node’s
perspective. As the authentication request initiation
is done by the node, it can keep track of exactly how
many requests have been sent by it. In case, it is
flooded with challenge requests, then it can tempo-
rarily shut down the protocol execution and can opt
for approaches such as exponential back-off algorithms
which is used for network congestion avoidance. On
the verifier side, the timestamp x is used to keep
track that currently which nodes are executing the
protocol. Hence if new requests come for the same
pair, it can immediately rejects them. This way the
frequency of each request type can be limited.
 On receiving the message, node A first applies CA to
its PUF instance PUFA and get the response Ractual .
 Next using helper data HLPA and Ractual in
BCH Decoder, it retrieves the corrected response
Rcorrected .
 It calculates the following:
PA0 ¼ H1ðRcorrected Þ;
PS0 ¼ QA  PA0  H1ðIDA jjIDB Þ;
VA0 ¼ eðPA0 ; PS0 Þ:
 Next, node A randomly chooses two values t and YA
such that t 2R Zq and YA 2R G1 . Then it computes
the public and private key pair
KAPUB ¼ t  QA ; KAPRV ¼ t  YA ;
and it sends the Verifier S the tuple < VA0 ; KAPUB ;
YA ; H3ðPS0 þ KAPUB ÞjjH3ðYA Þ > .
 If VA equals VA0 and H3ðPS0 þ KAPUB ÞjjH3ðYA Þ equals
H3ðx  PS þ KAPUB ÞjjH3ðYA Þ, the Verifier S accepts
node A as an authenticated device, and accepts its
public key.
429
 Since node A wishes to communicate with node B, it
needs the Verifier S to authenticate node B. Hence,
the Verifier S follows a similar procedure for node
B as described above to authenticate node B, and
accepts its public key KBPUB upon successful
authentication. Finally, it sends node A the tuple
< KBPUB ; QB ; YB ; H3ðH1ðPA ÞjjH1ðKBPUB ÞjjH1ðQB Þjj
H1ðYB ÞÞ > . On receiving it, if node A finds that
H3ðH1ðPA ÞjjH1ðKBPUB ÞjjH1ðQB ÞjjH1ðYB ÞÞ equals
H3ðH1ðPA0 ÞjjH1ðKBPUB ÞjjH1ðQB ÞjjH1ðYB ÞÞ, then the
Verifier S is authenticated, as only the Verifier S can
retrieve the value of PA using PS , and node A accepts
the public key of node B.
5 SECURITY ANALYSIS
Next we will describe two different attack models in which
we will analyze the security of the proposed authentication
and key exchange protocol.
5.1 Session-Key Security
The definition of Session-Key Security (SK security) is based
on the approach called “security by indistinguishability”.
To elaborate, this approach evaluates the security of a cryp-
tographic system as follows. Suppose, two games Game1
and Game2 are constructed in which the adversary commu-
nicates with the protocol under consideration. If no feasible
adversary can distinguish between whether she is interact-
ing with Game1 or Game2 , then the protocol is said to be
indistinguishable and secure. Further, in order to ensure
that the proposed cryptographic scheme is secure against
differing capabilities of the attacker, usually two adversarial
models are considered:
 The Unauthenticated-link Adversarial Model (UM):
Here, a probabilistic polynomial-time (PPT) attacker
is considered who has full access/control over the
communication links, along with the scheduling of
all protocol events such as initiation of protocols and
message delivery.
430 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,
 The Authenticated-link Adversarial Model (AM): In this
case, the attacker is restricted to only deliver mes-
sages truly generated by the parties without any
change or addition to them.
We prove that our protocol is secure against UM, which in
turn ensures that the protocol is secure against AM.
Consider the following experiment under UM: the
attacker L chooses to attack a session under test, and let k be
the shared session key of the session. A random coin tossing
is performed, with its result encoded as a bit b. If b ¼ 0, the
value k is given to the attacker L, otherwise a random value r
is chosen from the probability distribution of keys generated
by the protocol. The attacker outputs a bit b0 at the end.
Definition 1 (Session Key Secure (SK-Secure) Protocol).
A key-exchange (KE) protocol p is called SK-secure if the fol-
lowing properties hold for any KE-adversary L in the UM:
(1) Protocol p satisfies the property that if two uncor-
rupted parties successfully complete a session then
they both output the same key, and,
(2) the probability that L guesses correctly the bit i.e.,
b0 ¼ b is more than 12 by only a negligible quantity.
5.1.1 Security Assumptions
As mentioned previously, there are two security assump-
tions at the foundation of the secure communication proto-
col proposed. The first security assumption is the physical
and mathematical unclonability of PUFs by a polynomial-time
algorithm, which implies that it is computationally infeasible
to construct the challenge-response mapping of an arbitrary
PUF instance. Although most PUF variants are physically
unclonable at the current state-of-the-art (a notable
exception being the successful effort of SRAM PUF
cloning reported in [28]), successful mathematical modeling
(“model-building attacks”) have been widely reported [29].
However, by choosing relatively secure PUF variants such
as Lightweight Secure PUF or XOR PUF [29], we can avoid
both physical and mathematical cloning in practice. This
security assumption is formalized in the definitions below:
Definition 2 (Decisional Uniqueness Problem (DUP)
for PUF). Given an n-bit output of an arbitrary PUF instance
PUFAdv , a challenge C and an n-bit string z 2 f0; 1gn , the
DUP aims to decide whether z ¼ PUFN ðCÞ for a PUF instance
PUFN , or a random n-bit string.
Definition 3 (Decisional Uniqueness Problem Assump-
tion). The problem of fabricating a PUF instance PUFN using
another instance PUFAdv is hard, and for all probabilistic, poly-
nomial time algorithm A, there exists a negligible function
neglðÞ such that
j Pr½AðC; PUFAdv ; zÞ ¼ 1
Pr½AðC; PUFAdv ; PUFN ðCÞÞ ¼ 1 j 4neglðnÞ:
where n is the number of response bits of the PUF instance.
This implies that given an arbitrary challenge C and an
arbitrary PUF instance PUFAdv , the adversary A behaves
almost identically, for a random element z 2 f0; 1gn , and the
actual n-bit response PUFN ðCÞ. Another way of interpreting
VOL. 16, NO. 3, MAY/JUNE 2019
the Decisional Uniqueness Problem Assumption is that the
ensemble of tuples of type ðC; PUFAdv ; zÞ is computationally
indistinguishable from the ensemble of tuples of type
ðC; PUFAdv ; PUFN ðCÞÞ.
The second important security assumption is the compu-
tational infeasibility of the Elliptic Curve Discrete Logarithm
Problem (ECDLP):
Definition 4 (Elliptic Curve Discrete Logarithm Prob-
lem). Let EðKÞ be a discrete elliptic curve over a finite field K;
let there exist points P; Q 2 EðKÞ such that Q 2 <P> , where
P is a primitive point (capable of generating any arbitrary
point on EðKÞ), and < P > denotes the set of points generated
by adding P to itself k times, for some integer k. The ECDLP
problem is to find the value of the scalar multiple k, given P
and Q. ECDLP is considered computationally intractable at the
current state-of-the-art for proper choices of the curve EðKÞ.
5.1.2 Correctness Proof of the Proposed Scheme
We consider a setting with two parties, IoT node A and the
Verifier S monitoring the authentication procedure of node
A. We denote the protocol by p. Recall that node A and the
verifier contain PUF instance PUFA and a secure NVM stor-
ing KS . Moreover, let outputnodeA;p ðIDB ; CA ; HLPA ; QA Þ and
outputS;p ðCA ; CS ; a; BÞ denote the respective outputs of
node A and the Verifier S. We assume that this output takes
the form of an element of G3 that is supposed to be consid-
ered as the identity of node A, and should be shared by
node A and the verifier. Hence
outputnodeA;p ðIDB ; CA ; HLPA ; QA Þ
¼ eðH1ðBCH DecoderðPUFA ðCA Þ; HLPA ÞÞ;
QA  H1ðBCH DecoderðPUFA ðCA Þ; HLPA ÞÞ
H1ðIDA jjIDB ÞÞ;
and
outputS;p ðCA ; CS ; a; BÞ
¼ eða  H2KS ðCS Þ þ B; x  H2KS ðCS ÞÞ:
Next, we present the definition of the correctness require-
ment. It states that, except with negligible probability, node
A and the Verifier S will generate the same identity, and
only node A will be authenticated to the Verifier S.
Definition 5 (Correctness of Protocol). A protocol p for
authentication and key exchange is denoted as correct if there
exists a negligible function neglðÞ, such that for every possible
value of n
Pr½outputnodeA;p ðCA ; HLPA ; QA Þ
6¼ outputS;p ðCA ; CS ; a; BÞ4neglðnÞ:
It can be observed that
eða  H2KS ðCS Þ þ B; x  H2KS ðCS ÞÞ ¼ eðPA ; x  H2KS ðCS ÞÞ
¼ eðH1ðBCH DecoderðPUFA ðCA Þ; HLPA ÞÞ; QA  H1
ðBCH DecoderðPUFA ðCA Þ; HLPA ÞÞ  H1ðIDA jjIDB ÞÞ:
This means that node A and the verifier will output the
same value, thereby proving the correctness of the scheme.
It may be noted that the rationale for the choices of the
public and private keys are based on [1]. The exact
CHATTERJEE ET AL.: BUILDING PUF BASED AUTHENTICATION AND KEY EXCHANGE PROTOCOL FOR IOT WITHOUT EXPLICIT CRPS IN...
description of the encryption process is beyond the scope of
the present work, but for the sake of completeness,
we would like to sketch that for encryption. For a
random string w, the node A can compute, a string
 ¼ eðKBPUB ; YB Þw ¼ eðt  QB ; YB Þw =eðQB ; YB Þtw , which can
be used to confide a message to be sent to node B. The
encryptor sends a hint for w to node B, which is w  QB . The
decryptor node B using the hint and its private key can
compute this string by calculating eðw  QB ; KBPRV Þ=
eðw  QB ; t  YB Þ=eðQB ; YB Þtw =. This explains briefly the
choices for the public and private keys in the proposed key
exchange protocol.
5.1.3 Security Proof of the Proposed Scheme
From the security perspective, an authentication and key
exchange protocol is secure if the output VA generated by
node A and the verifier are identical, and no adversary can
correctly guess VA for the challenge < CA ; CS ; HLPA ;
a; B; d1 > and x chosen randomly. This has been formu-
lated by giving an adversary the values < CA ; CS ; HLPA ;
a; B; d1 > from a protocol execution, and observing
whether she can distinguish between VA generated by node
A, and the verifier, or a completely random element of G3 .
We would show that breaking the proposed protocol is at
least as difficult as solving the Decisional Uniqueness Prob-
lem for PUFs, i.e., a successful attack on the proposed proto-
col implies a feasible solution to the Decisional Uniqueness
Problem for PUFs. In order to demonstrate this, an experi-
ment has been presented next.
Let Adv be a probabilistic, polynomial time adversary, and
the number of PUF response bits be n. Then, consider the fol-
lowing experiment:
The Eavesdropping Authentication and Key Exchange Experi-
ment Authadv;p ðn; z; PUFAdv ; VA0 ; VA1 Þ :
1) The adversary Adv is provided:
a) A PUF instance PUFAdv and z= < CA ; CS ; HLPA ;
a; B; QA ; IDA ; IDB > where QA ¼ ðða  H2KS ðCS Þþ
BÞ þ ðx  H2KS ðCS ÞÞÞ þ H1ðIDA jjIDB Þ.
b) Two identities VA0 and VA1 , calculated based on a
chosen random bit b 2 f0; 1g
VAb ¼ eða  H2KS ðCS Þ þ B; x  H2KS ðCS ÞÞ
VA1b ¼ h 2R G3 :
2) The adversary Adv will output a value b0 . If b ¼ b0 , the
adversary Adv succeeds in the experiment.
Next we prove the following theorem.
Theorem 1. The authentication and key exchange protocol p is
secure in the presence of eavesdropping adversaries if the Deci-
sional Uniqueness Problem Assumption holds.
Proof. To prove this, we show that the protocol p is secure if
the adversary succeeds in the experiment Authadv;p with
probability that is at most negligibly greater than 12, i.e.,
for every probabilistic polynomial time adversary Adv,
there exists a negligible function neglðÞ such that
1 restricted to only deliver messages truly generated by the par-
Pr½Authadv;p ¼ 14 þ neglðnÞ:
2
431
Fig. 4. The view of Authadv;p when it is run as a sub-routine of B ( [30]).
Let us assume that the adversary Adv has some non-
negligible advantage " in breaking the protocol p. Then we
can construct an algorithm B which will have the same
advantage " in breaking the Uniqueness problem. Now,
the algorithm B takes as input a random Uniqueness Prob-
lem tuple ðCA ; PUFAdv ; zA Þ (where zA ¼ PUFA ðCA Þ or one
random string belongs to f0; 1g ) and proceeds as follows:
(1) SetUp: Provide Adv with PUFAdv .
(2) Input tuple:
(a) First it randomly chooses PS and x.
(b) It calculates PA ¼ H1ðzA Þ.
(c) Then it calculates
QA ¼ PA þ x  PS þ H1ðIDA jjIDB Þ:
(d) Then sets z ¼ < CA ; CS ; HLPA ; a; B; QA ; IDA ;
IDB > , which is perfectly random to the
adversary Adv.
(e) Next, it randomly chooses b 2 f0; 1g.
(f) It then calculates VAb ¼ eðPA ; x  PS Þ and
VA1b ¼ h 2R G3
(g) The algorithm B finally provides Adv the input
tuple < z; VA0 ; VA1 > . If zA ¼ PUFA ðCA Þ ,
then VAb will be equal to eðPA ; x  PS Þ and it
will be a valid input tuple. Otherwise, VA0 ; VA1
both will be some random element of G3 .
(3) Guess: The adversary Adv returns b0 , a guess of b. If
b ¼ b0 , then the algorithm B returns 1, implying
that zA are the correct responses of CA . Otherwise,
it returns 0.
Hence, it is proved that the adversary Adv has the same
advantage " as the adversary B. But, due to the hardness
of Uniqueness Problem, " should be negligible (please refer
to Fig. 4). Hence
1
Pr½Authadv;p ¼ 14 þ neglðnÞ:
2
u
t
Once the authentication is done successfully, node A
selects a random value t 2R Zq . Then, it locally calculates
{public,private} key pair K1PUB ¼ t  QA and K1PRV ¼ t  YA .
It keeps K1PRV secret and sends K1PUB to the verifier over
the authenticated link. Now assuming the complexity of the
Computational Discrete Log Problem, the probability that the
adversary Adv can retrieve the value of t from K1PUB , know-
ing the value of QA is negligible. Hence the adversary Adv
fails to calculate the correct value of private key K1PRV .If we
consider the AM adversarial model, the adversary Advis
ties without any change or addition to them; hence she fails to
calculate the private key of node A. On the other hand, in the
432 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,
UM adversarial model, any change in the message sent over
the channel will end up with difference in the hashed value
of the message at the data node and sever node. From the
result obtained in the previous theorem, we conclude that:
based on the complexity assumption of the Computational Discrete
Log Problem, Decisional Uniqueness Problem and that the hash
function is collision resistant, the authentication and key-exchange
protocol p is SK-secure in AM as well as in UM model.
Hence, DUP ^ ECDLP ! p is SK-secure.
) p is not SK-secure ! : DUP _ : ECDLP:
Additionally, the protocol is designed in such a way that
both prover and the verifier mutually authenticate each
other. If an legitimate node A tries to impersonate as
another legitimate node B under the same verifier using the
same challenge set < CA ; CS > , it will fail to do so. As the
PUF’s response does not depend on the value of KS and it
is only used regenerate the response, use of the same for
two different nodes will not lead to masquerading attack. The
proof is similar to that given above. Furthermore, SAP is a
database holding the mapping entries. These entries (in
MAPDB) are already encoded by Security Credential Gener-
ation process (refer to Section 4.2) and kept publicly. Only
legitimate nodes can interpret information stored in a
MAPDB entry. Hence SAP does not need to authenticate
the verifier. Next, we prove the compatibility of the scheme
with the universal composability framework.
5.2 Universal Composability Framework
The basic objective of Universal Composability (UC) framework
is to guarantee that any key exchange protocol provides the
same security for any other protocol which wants to set up
session keys between two parties, even when it runs in
parallel with an arbitrary set of other protocols in a dis-
tributed communication network. We prove that the
method of key exchange as proposed in this work is also
compatible with similar composability properties. It fol-
lows the approach referred as “security by emulation of
an ideal process”. The primary concept of this principle is
as given below [4]:
1) The model of protocol execution consists of the com-
municating parties running the protocol and the
adversary. They are further considered as interacting
computing elements and modeled as Interactive
Turing Machines (ITMs).
2) We formulate an “ideal process” F that picks up the
task f of the desired functionality.
3) In the ideal process F all communicating parties pro-
vides inputs to an “idealized trusted party” which
locally performs the task, and sends each party its
desired output. In this regard, it is the formal specifica-
tion of the security requirements of the task.
4) Additionally, a new algorithmic object, called the
“environment machine” E, is added in this computa-
tional model, which is considered to consist of every-
thing external to the current protocol execution, such
as other protocol executions and their adversaries,
human users, etc.
5) The adversary L can directly interact with E
throughout the execution of the protocol. They can
VOL. 16, NO. 3, MAY/JUNE 2019
exchange information after each message or output
generated by a party running the protocol. The envi-
ronment E also has the permission to apply inputs to
the communication parties, and collect outputs from
them. But the environment E is constrained to collect
outputs of the main program running in each party,
and not the output from the subroutines called from
that main program.
6) A protocol p securely realizes the task f if p emulates
the ideal process F , i.e., if there exists an adversary
L which attacks protocol p, there also exists a
“simulator” S that achieves similar adversarial effect
by interacting with the ideal process F . In addition,
no environment E can tell with non-negligible proba-
bility of success whether it is interacting with L and
p, or with S and F for f.
5.2.1 UC Security of the Proposed Key Exchange
Phase
The main concept of asymmetric key exchange ideal func-
tionality F AKE is that: if both the communicating parties are
honest, the functionality provides them with two random
identities, which is written directly to the party’s input tape.
The adversary cannot have access to the tape, hence the val-
ues are invisible to her. If one of the communicating parties
is corrupt, then the adversary can easily determine the iden-
tity of the corrupt party. F AKE is parameterized by an inte-
ger N (the total number of permissible sessions), where a
verifier runs with exactly t data nodes and the simulator S.
The working principle of F AKE has been shown the Fig. 5.
Next we prove the security of F AKE .
Theorem 2. Protocol p securely realizes functionality F AKE .
Proof. Here we assume that (a) the adversary possesses a
PUF instance; (b) queries to the PUF are genuinely handed
on to the simulator S’s PUF, and (c) the PUF’s answers are
forwarded unmodified to the querying party throughout
all the simulations. We consider different usage and secu-
rity scenarios in turn.
Case-1: Verifier and Node A are Honest.
 Setup: Whenever the functionality F AKE receives
message (establish-sessionAKE ; sid; Node A; Verifier)
for the first time, the simulator S queries the
PUF instance PUFA for k random challenges
C1 , C2 ; . . . ; Ck , and obtains responses RA1 ,
RA2 ; . . . ; RAk . Then, it creates a list LA of k chal-
lenge-response pairs.
 It then hands over PUFA to node A.
 On receiving a message (establish-sessionAKE ; g
sid; Node A; Verifier), F AKE increments p by
one and the simulator S sends (deliverAKE ; sid;
Verifier) to F AKE .
 F AKE then sends (deliverAKE ; sid; VA ; Verifier)
to the verifier.
 Now the simulator S is activated again and it sim-
ulates that the verifier sends (IDB ; CA ; HLPA ; QA )
to node A.
 When the adversary L instructs to send the latter
message to node A, the simulator S sends
(deliverAKE ; sid; VA ; Node A) to F AKE .
CHATTERJEE ET AL.: BUILDING PUF BASED AUTHENTICATION AND KEY EXCHANGE PROTOCOL FOR IOT WITHOUT EXPLICIT CRPS IN...
Fig. 5. The asymmetric key exchange ideal functionality.
 The probability that the value of eðH1ðBCH
DecoderðPUFA ðCA Þ; HLPA ÞÞ; x  H2KS ðCS ÞÞ is equal
to VA is negligible (as proved in Section 5.1.3).
Case-2: Verifier is Corrupt.
 The simulator S let Verifier to instantiate PUFA ,
and hands it over to node A.
 When the adversary L instructs to deliver message
(IDB ; CA ; HLPA ; QA ), then the simulator S can eas-
ily evaluate VA ¼ eða  H2KS ðCS Þ þ B; x  H2KS ðCS ÞÞ,
as the server is corrupt. But it is to be noted that S
does not have access to KS . It can only get the final
value of VA (refer to 5th point of Section 5.2).
 It next sends (choose  valueAKE ; sid; Node A;
Verifier; VA ) to F AKE as it has already calculated
the value of VA and F increments the value of p
by one.
 Finally, S sends the messages (deliverAKE ; sid;
VA ; Node A) to F AKE .
433
 Hence in this case the ID provided by F and the
identity calculated from the challenges given by
the server is same.
 But node A later chooses a random value t 2 Zq
after getting the VA , and calculates the public and
private keys using them. Hence, the simulator S as
well as the adversary L cannot guess the asymmet-
ric key pairs for node A. This is due to fact that the
security of elliptic curve cryptography rests on the
assumption that the elliptic curve discrete loga-
rithm problem (ECDLP) is hard. Now as node A
randomly selects the value of t and QA ; YA are the
points on the elliptic curve, it is assumed to be
hard to predict the value of t by the simulator S
and the adversary L. So, we can say that even if the
server gets corrupted for a limited time, the keys
of the legitimate users are not compromised which
in turn ensures that the data communicated
between two nodes cannot be retrieved by the
corrupted server.
434 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,
Fig. 6. Attack on video surveillance system and protection against it: (a) and (b) show the successful attack in the absence of PUF based authentica-
tion mechanism, while (c) and (d) show the prevention of the attack in the presence of the proposed PUF based authentication system.
Case-3: Node A is Corrupt.
This case covers the situation if a party willingly
hands over its PUF to the adversary L. So, in this case,
we show that the adversary L can easily retrieve the
value of private key for that particular party.
 The set up phase is same as given in Case-1.
 On receiving a message (establish  sessionAKE ;
sid; Node A; Verifier), the simulator S incre-
ments p by one and sends (choose  valueAKE ;
sid; Node A; Verifier; VA ) to F AKE .
 It is activated again and sends (deliverAKE ; sid;
Verifier) to F AKE .
 Verifier writes the VA on its local tape and S is
activated again.
 It simulates the verifier sending (IDB ; CA ; HLPA ;
QA ) node A.
 When the adversary L instructs to deliver the lat-
ter message to node A, S sends (deliverAKE ; sid;
VA ; Node A) to F AKE .
 If Node is corrupted, then L can easily find out
the random value chosen from Zq for calculating
the private and public keys, and hence the value
of the private keys are compromised.
Hence, the scheme securely realizes the ideal function-
ality F AKE . u
t machine using the driftnet tool.
6 EXPERIMENTAL SETUP AND RESULTS
In this section, we describe an experimental evaluation of
the effectiveness of the protocol on an IoT testbed, including
the incurred hardware and performance overheads.
6.1 Attack Scenario and Experimental Setup
We consider a scenario whereby a video camera transmits
unencrypted captured video over a network. An adversary
Fig. 7. Experimental setup for smart IoT node.
VOL. 16, NO. 3, MAY/JUNE 2019
intercepts the network traffic to launch “man-in-the-middle
attack” and “replay attack”, to potentially modify the infor-
mation received at the receiver. To prevent this, the camera
in conjunction with an embedded board and a PUF mapped
on a FPGA emulates as an IoT node. The scenario is illus-
trated in Fig. 6. The off-the-shelf hardware components
used in the setup are: an Intel Edison embedded develop-
ment platform, a Digilent Nexys-4 FPGA board containing
Xilinx Artix-7 FPGA, and a Logitech HD UVC camera as
shown in Fig. 7.
In general scenario, the Logitech camera is connected to
Intel Edison Board through a USB interface to form an IoT
node. An mjpg-streamer software is run on the Edison
board to capture video using the camera, and send to a PC
(the receiver) through WiFi. The PC then displays the
received video in a web browser using the IP address of the
Edison board. Next, we use the hacking software tools
enabled by Kali Linuxand perform the following steps:
 First, the attacker finds out the IP address of the Edi-
son board from the network ARP table using the arp
command.
 The video packets are then sniffed using IP forward-
ing and ettercap tool and saved in the attacker’s
 The attacker starts scanning the network in monitor
mode to get the router’s BSSID and associated clients
using the airmon-ng and airodump-ng tools.
 Next, it de-authenticates the Edison board from the
network using the deauth option in the aireplay-ng
tool. Once this is done, the video stream stops at
PC’s end for a short interval of time.
 Then, the attacker spoofs the IP address of the Edi-
son board and starts streaming the pre-captured
video using the same mjpg-streamer tool.
 Now, the receiver PC actually gets data from the
attacker’s computer, which can either be a replayed or
modified version of the video stream captured earlier.
To prevent this, we have adapted the idea of Double Arbiter
PUF [32], designed a 5-4 DAPUF as shown in Fig. 8 and imple-
mented it on Xilinx Artix- 7 FPGAs. The 5-4 DAPUF comprises
of five 64 bit Arbiter PUF instances. Each APUF instance
consists of two identical delay paths, and let us denote the out-
puts of top and bottom paths as Pi;T and Pi;B , respectively,
where i ¼ 1; . . . ; 5. For i 2 f1; . . . ; 5g and j 2 fi þ 1; . . . ; 5g, an
CHATTERJEE ET AL.: BUILDING PUF BASED AUTHENTICATION AND KEY EXCHANGE PROTOCOL FOR IOT WITHOUT EXPLICIT CRPS IN...
Fig. 8. Architectural overview of 5-4 DAPUF. It generates 4-bit output (r0, r1, r2, r3) to a given challenge, and ri depends on the outputs of five conse-
cutive arbiters.
arbiter ArbiterðPi;T ; Pj;T Þ is instantiated, where the inputs to the
arbiter are top paths of ith and jth APUFs. The process is
repeated for the bottom paths. Hence, in total 20 arbiters are
used in the design. Four 5-input XOR gates are used to generate
4-bit output from the outputs of 20 arbiters, to a given challenge.
The Edison board, Artix-7 FPGA and the camera together form
a smart IoT node and can act as a prover. The receiver PC acts
as the verifier that can generate and validate the response of the
PUF instance, and subsequently authenticate the IoT node.
Now, with the modified set up, the system works as follows:
before streaming the video in the web page, the PC first authenti-
cates the Edison board using our proposed protocol and vali-
dates the public keys. Later, if the attacker de-authenticates the
Edison board from the network, the video streaming will stop at
PC’s end. Before reloading the web page, the PC again re-
authenticates the device of the video source. This is where the
adversary fails to authenticate herself as she does not possess the
correct PUF instance.
6.2 Experimental Results
The PUF, BCH encoder and decoder design and implementa-
tion was performed using Xilinx ISE (v 14.2) design environ-
ment. The power consumption of the circuit reported by
Xilinx XPower Analyser CAD software tool was 0.044 W. We
have tested the PUF circuit using CME Nano-Bench Top
Chamber (Sl. No. 120433) where 10,000 CRPs of 8 PUF instan-
ces are collected 15 times for the temperature variation from
20 to 80 C keeping the other reliability influencing factors
such as supply voltage unchanged. Fig. 9 shows the reliability
variation of 5-4 DAPUF across the temperatures after error
correction, approximately from 97 to 99 percent. One strategy
that can be taken to distinguish between a false negative and a
true negative is: i) If the authentication passes then it is correct
largely. ii) If the authentication fails, there is a chance that it is
a false negative. In that case, the verifier can repeat for n times.
Let us assume that on average the reliability is 98 percent.
435
Then probability of false negative for one protocol run is =
½1  0:98 = 0.02. If the verifier repeats the protocol run for 3
times, then the probability of false negative= ð0:02Þ3 = 0.00008,
which is almost zero. Next, the uniqueness of the deployed
5-4 DAPUF is reported as 44.16 percent. The modelling accu-
racy of the entire 4-bit response of the PUF is approximately
39 percent using 2  105 raw CRPs. Finally Table 1 provides a
comparative study of hardware and performance overhead
of previously discussed PUF-based authentication protocols
with our scheme.For software implementation, we used the
MIRACL Crypto SDK, which provides a C++ software library
for elliptic curve cryptography. The specification of the Cocks-
Pinch curve which has been used for Type 2 Tate pairing is as
follows:
 The curve is non-supersingular.
 512 bit prime number p=8D5006492B424C09D2FE-
BE717EE382A57EBE 3A352FC383E1AC79F21DDB43
706CFB192333A7E9CF644636332E83D90A1E56EFBA
E8715AA07883483F8267E80ED3
 The equation of the curve is: y2 ¼ x3 þ Ax þ B
where: A=-3 and B=609993837367998001C95B87A6-
BA872135E26906DB4C192D6E038486177A3EDF6C5
Fig. 9. Reliability of DAPUF across temperature variations.
436 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 16, NO. 3, MAY/JUNE 2019

TABLE 1
Hardware, Storage and Execution Time Overhead Comparison with State-of-the-Art PUF Based Protocols

Protocols Hardware Overhead Error Correction Storage per end-to-end

Reported CRP entry execution time
[8] 4454 Slices on FPGA not reported 63 bits not reported
[9] 652 LUTs and 278 registers in FPGA not reported 63 bits not reported
[12] 9207 LUTs and 2921 registers in FPGA not reported 68 bits not reported
[14] 2061 GE in ASIC reported 192 bits not reported
[18] 6034 LUTs and 1724 FFs in FPGA not reported 2112 bits 2.75 secs
[15] 1037 LUTs and 627 registers in FPGA not reported 129 bits not reported
[19] 64kB in SRAM not reported 984 bits not reported
[31] 807 slices, 124 registers and 995 LUTs in FPGA not reported 112 bits not reported
Proposed PUF: 456 slices, 283 registers and 887 LUTs; BCH Encoder: reported 512 bits 480.11 ms
work 41 slices, 35 registers and 19 LUTs; BCH Decoder: 1236
slices, 1615 registers and 685 LUTs in FPGA

0B9BB20DF881F2BD05842F598F3E037B362DBF89F0
A62E5871D41D951BF8E
 Order q=80000000000000000000000000000000000200
01
 The pairing uses an embedding degree of k=2, so
the pairing e(P,Q) evaluates naturally as an element
in Fp2 . P is a point on the elliptic curve EðFp Þ and Q
is a point on E 0 ðFpk=2 Þ, or in this case E 0 ðFp Þ where
E 0 is the twisted curve. Using compression the pair-
ing evaluates as an element in Fpk=2 , or just Fp in
this case.
We ported our implementations to the Edison platform. Over-
all, the executable took approximately 512 kB of memory on
the Edison board. The latency overhead incurred running the
end-to-end authentication scheme before the video streaming
was 480.11 ms on average. These overhead results demon-
strates that the proposed protocol can be implemented while
incurring acceptable resource and performance overheads.
7 CONCLUSIONS
We have developed a secure PUF based authentication
and certificate-less identity based key exchange protocol.
Formal security proofs for the protocol have been formu-
lated under the SK security and UC framework. The asym-
metric nature of the protocol overcomes the shortcomings
of previously proposed CRP based PUF authentication
mechanism and suits appropriately in a distributed IoT
framework. We have also demonstrated an attack on a pro-
totype video surveillance system, and showed how the
proposed scheme can be useful in mitigating the security
vulnerability at low hardware and performance over-
heads. In future, our research work will be directed
towards optimization of the resources for frame encryp-
tion and investigating side-channel attacks on the pro-
posed protocol implementation.
ACKNOWLEDGMENTS
This work was supported partially by Wipro Limited, Infor-
mation security education Awareness Program (ISEA), DIT,
India. Debdeep Mukhopadhyay would like to thank DST
Swarnajayanti Fellowship.
REFERENCES
[1] D. Boneh and M. K. Franklin, “Identity-based encryption from the
weil pairing,” SIAM J. Comput., vol. 32, no. 3, pp. 586–615, 2003.
[2] D. Mukhopadhyay, “PUFs as promising tools for security in inter-
net of things,” IEEE Des. Test, vol. 33, no. 3, pp. 103–115, Jun. 2016.
[3] D. Lim, J. W. Lee, B. Gassend, G. Edward Suh, M. van Dijk, and
S. Devadas, “Extracting secret keys from integrated circuits,”
IEEE Trans. VLSI Syst., vol. 13, no. 10, pp. 1200–1205, 2005.
[4] R. Canetti, “Universally composable security: A new paradigm for
cryptographic protocols,” in Proc. 42nd Annu. Symp. Found. Com-
put. Sci., 2001, pp. 136–145.
[5] J. Delvaux, D. Gu, I. Verbauwhede, M. Hiller, and M. M. Yu,
“Efficient fuzzy extraction of PUF-induced secrets: Theory and
applications,” in Proc. 18th Int. Conf. Cryptographic Hardware
Embedded Syst., 2016, pp. 412–431.
[6] B. Gassend, D. E. Clarke, M. van Dijk, and S. Devadas,
“Controlled physical random functions,” in Proc. 18th Annu. Com-
put. Secur. Appl. Conf., 2002, pp. 149–160.
[7] € urk, G. Hammouri, and B. Sunar, “Towards robust low cost
E. Ozt€
authentication for pervasive devices,” in Proc. 6th Annu. IEEE Int.
Conf. Pervasive Comput. Commun., 2008, pp. 170–178.
[8] S. Katzenbeisser, U. € Koçabas, V. van der Leest, A. Sadeghi, G. J.
Schrijen, and C. Wachsmann, “Recyclable PUFs: Logically reconfig-
urable PUFs,” J. Cryptographic Eng., vol. 1, no. 3, pp. 177–186, 2011.
[9] M. Majzoobi, M. Rostami, F. Koushanfar, D. S. Wallach, and
S. Devadas, “Slender PUF protocol: A lightweight, robust, and
secure authentication by substring matching,” in Proc. IEEE Symp.
Secur. Privacy Workshops, 2012, pp. 33–44.
[10] € Koçabas, A. Peter, S. Katzenbeisser, and A. Sadeghi, “Converse
U.
PUF-based authentication,” in Proc. 5th Int. Conf. Trust Trustworthy
Comput., 2012, pp. 142–158.
[11] M. van Dijk and U. R€ uhrmair, “Physical unclonable functions in
cryptographic protocols: Security proofs and impossibility results,”
IACR Cryptology ePrint Archive, vol. 2012, 2012, Art. no. 228.
[12] J. Kong, F. Koushanfar, P. K. Pendyala, A. Sadeghi, and C. Wachs-
mann, “PUFatt: Embedded platform attestation based on novel
processor-based PUFs,” in Proc. 51st Annu. Des. Autom. Conf.,
2014, pp. 109:1–109:6.
[13] S. Schulz, A. Schaller, F. Kohnh€auser, and S. Katzenbeisser, “Boot
attestation: Secure remote reporting with off-the-shelf IoT
sensors,” in Proc. 22nd Eur. Symp. Res. Comput. Secur. Comput.
Secur., 2017, pp. 437–455.
[14] Y. Lao, B. Yuan, C. H. Kim, and K. K. Parhi, “Reliable PUF-based
local authentication with self-correction,” IEEE Trans. Comput.-
Aided Des. Integr. Circuits Syst., vol. 36, no. 2, pp. 201–213, Feb. 2017.
[15] M. Barbareschi, P. Bagnasco, and A. Mazzeo, “Authenticating IoT
devices with physically unclonable functions models,” in Proc.
10th Int. Conf. P2P Parallel Grid Cloud Internet Comput., 2015,
pp. 563–567.
[16] M. Aman, K. C. Chua, and B. Sikdar, “Mutual authentication in
IoT systems using physical unclonable functions,” IEEE Internet
Things J., vol. 4, no. 5, pp. 1327–1340, Oct. 2017.
CHATTERJEE ET AL.: BUILDING PUF BASED AUTHENTICATION AND KEY EXCHANGE PROTOCOL FOR IOT WITHOUT EXPLICIT CRPS IN... 437

[17] J. Delvaux, D. Gu, D. Schellekens, and I. Verbauwhede, “Secure
lightweight entity authentication with strong PUFs: Mission
impossible?” in Proc. 16th Int. Workshop Cryptographic Hardware
Embedded Syst., 2014, pp. 451–475.
[18] W. Che, M. Martin, G. Pocklassery, V. K. Kajuluri, F. Saqib, and
J. Plusquellic, “A privacy-preserving, mutual PUF-based authentica-
tion protocol,” Cryptography, vol. 1, no. 1, pp. 1–17, 2016, Art. no. 3.
[19] J. Guajardo, S. S. Kumar, G. J. Schrijen, and P. Tuyls, “Physical
unclonable functions, FPGAs and public-key Crypto for IP
protection,” in Proc. Int. Conf. Field Programmable Logic Appl., 2007,
pp. 189–195.
[20] J. R. Wallrabenstein, “Practical and secure IoT device authentica-
tion using physical unclonable functions,” in Proc. IEEE 4th Int.
Conf. Future Internet Things Cloud, 2016, pp. 99–106.
[21] A. Costin, “Security of CCTV and video surveillance systems:
Threats, vulnerabilities, attacks, and mitigations,” in Proc. 6th Int.
Workshop Trustworthy Embedded Devices, 2016, pp. 45–54.
[22] H. Li, Y. He, L. Sun, X. Cheng, and J. Yu, “Side-channel informa-
tion leakage of encrypted video stream in video surveillance sys-
tems,” in Proc. 35th Annu. IEEE Int. Conf. Comput. Commun., 2016,
pp. 1–9.
[23] U. L. Puvvadi, K. Di Benedetto, A. Patil, K.-D. Kang, and Y. Park,
“Cost-effective security support in real-time video surveillance,”
IEEE Trans. Ind. Informat., vol. 11, no. 6, pp. 1457–1465, Dec. 2015.
[24] T.-S. Park and M.-S. Jun, “User authentication protocol for block-
ing malicious user in network CCTV environment,” in Proc. 6th
Int. Conf. Comput. Sci. Convergence Inf. Technol., 2011, pp. 18–24.
[25] U. Chatterjee, R. S. Chakraborty, H. Kapoor, and D. Mukhopad-
hyay, “Theory and application of delay constraints in arbiter
PUF,” ACM Trans. Embedded Comput. Syst., vol. 15, no. 1, pp. 10:1–
10:20, 2016.
[26] Infenion, “Trusted platform module fundamental,” 2008. [Online].
Available: http://cs.unh.edu/ it666/reading_list/Hardware/
tpm_fundamentals.pdf
[27] N. Asokan, F. F. Brasser, A. Ibrahim, A. Sadeghi, M. Schunter,
G. Tsudik, and C. Wachsmann, “SEDA: Scalable embedded
device attestation,” in Proc. 22nd ACM SIGSAC Conf. Comput. Com-
mun. Secur., 2015, pp. 964–975.
[28] C. Helfmeier, C. Boit, D. Nedospasov, and J.-P. Seifert, “Cloning
physically unclonable functions,” in Proc. IEEE Int. Symp.
Hardware-Oriented Secur. Trust, 2013, pp. 1–6.
[29] U. R€ uhrmair, F. Sehnke, J. S€ olter, G. Dror, S. Devadas, and
J. Schmidhuber, “Modeling attacks on physical unclonable
functions,” in Proc. 17th ACM Conf. Comput. Commun. Secur., 2010,
pp. 237–249.
[30] J. Katz and Y. Lindell, Introduction to Modern Cryptography.
London, U.K./Boca Raton, FL, USA: Chapman and Hall/CRC
Press, 2007.
[31] U. Chatterjee, R. S. Chakraborty, and D. Mukhopadhyay, “A PUF-
based secure communication protocol for IoT,” ACM Trans.
Embedded Comput. Syst., vol. 16, no. 3, pp. 67:1–67:25, 2017.
[32] Y. K. Lee, K. Sakiyama, L. Batina, and I. Verbauwhede, “Elliptic-
curve-based security processor for RFID,” IEEE Trans. Comput.,
vol. 57, no. 11, pp. 1514–1527, Nov. 2008.
Urbi Chatterjee is working toward the PhD degree
in the Indian Institute of Technology Kharagpur,
India, since 2015. Before that, she worked as assis-
tant systems engineer with TATA Consultancy
Services Limited, Kolkata. Her research interests
include design of PUF based lightweight authenti-
cation and secure communication protocols, crypt-
analysis, and security evaluation of PUFs.
Rajat Sadhukhan is working toward the PhD
degree in the Indian Institute of Technology-
Kharagpur, India, since 2016. Prior to joining
research programme he has worked with Intel
Technology India Pvt. Ltd., Bangalore for seven
years. His research interests include symmetric
key cryptography, hardware security, and VLSI
design.
Debdeep Mukhopadhyay received the PhD
degree from the Department of Computer Sci-
ence and Engineering, Indian Institute of Tech-
nology Kharagpur, India, in 2007, where he is
currently an associate professor. His research
interests include cryptography, VLSI of crypto-
graphic algorithms, hardware security, and side
channel analysis.
Rajat Subhra Chakraborty is an associate pro-
fessor with the Department of Computer Science
and Engineering, Indian Institute of Technology
Kharagpur, India. His area of research is hard-
ware security, VLSI design (especially low-power
and robust design) and digital content protection
through watermarking. He is a senior member of
the IEEE and ACM.
Debashis Mahata received the MSc degree in
physics from Burdwan University, West Bengal
and the MTech degree in computer science from
the Indian Statistical Institute, Kolkata. He is a
distinguished member of Technical staff-senior
member, with Wipro Technologies. His current
areas of interests include connected devices
security, neural networks, and video collaboration.
Mukesh M. Prabhu received the MS degree
from IIT Madras. He is a distinguished member of
Technical staff and head of the IP & Innovation of
Product Engineering Services, Wipro Technolo-
gies. His current areas of interests include con-
nected devices security, augmented reality, video
collaboration, designing end-to end systems, and
applications addressing business challenges.
" For more information on this or any other computing topic,
please visit our Digital Library at www.computer.org/publications/dlib.

Vidya Govindan is working toward the master’s

degree in the Computer Science and Engineering
Department, Indian Institute of Technology Khar-
agpur, India. Prior to that she had worked as hard-
ware design engineer with Tonbo Imaging Pvt Ltd,
Bangalore, India. Her current research focuses on
security of IOT and embedded systems.