A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data

Physical Unclonable Functions (PUFs) are widely used to authenticate electronic devices because they take advantage of random variations in the manufacturing process that are unique to each device and cannot be cloned. Therefore, each device can be uniquely identified and counterfeit devices can be...

Descripción completa

Detalles Bibliográficos
Autores: Román Hajderek, Roberto, Arjona, Rosario, Baturone Castillo, María Iluminada
Tipo de recurso: artículo
Estado:Versión aceptada para publicación
Fecha de publicación:2024
País:España
Institución:Universidad de Sevilla (US)
Repositorio:idUS. Depósito de Investigación de la Universidad de Sevilla
OAI Identifier:oai:idus.us.es:11441/165104
Acceso en línea:https://hdl.handle.net/11441/165104
https://doi.org/10.1016/j.iot.2024.101389
Access Level:acceso abierto
Palabra clave:CRYSTALS-Kyber
Device authentication
Homomorphic encryption
Post-quantum security
Privacy techniques
PUFs
id ES_d4bd30f44fac30f7e704b7bc602fa06c
oai_identifier_str oai:idus.us.es:11441/165104
network_acronym_str ES
network_name_str España
repository_id_str
spelling A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper dataRomán Hajderek, RobertoArjona, RosarioBaturone Castillo, María IluminadaCRYSTALS-KyberDevice authenticationHomomorphic encryptionPost-quantum securityPrivacy techniquesPUFsPhysical Unclonable Functions (PUFs) are widely used to authenticate electronic devices because they take advantage of random variations in the manufacturing process that are unique to each device and cannot be cloned. Therefore, each device can be uniquely identified and counterfeit devices can be detected. Weak PUFs, which support a relatively small number of challenge-response pairs (CRPs), are simple and easy to construct. Device authentication with weak PUFs typically uses helper data to obfuscate and recover a cryptographic key that is then required by a cryptographic authentication scheme. However, these schemes are vulnerable to helper-data attacks and many of them do not protect conveniently the PUF responses, which are sensitive data, as well as are not resistant to attacks performed by quantum computers. This paper proposes an authentication scheme that avoids the aforementioned weaknesses by not using helper data, protecting the PUF response with a quantum-safe homomorphic encryption, and by using a two-server setup. Specifically, the CRYSTALS-Kyber public key cryptographic algorithm is used for its quantum resistance and suitability for resource-constrained Internet-of-Things (IoT) devices. The practicality of the proposal was tested on an ESP32 microcontroller using its internal SRAM as a SRAM PUF. For PUF responses of 512 bits, the encryption execution time ranges from 16.41 ms to 41.08 ms, depending on the desired level of security. In terms of memory, the device only needs to store between 800 and 1,568 bytes. This makes the solution post-quantum secure, lightweight and affordable for IoT devices with limited computing, memory, and power resources.Ministerio de Ciencia e Innovación PDC2023–145873-I00, CPP2022–009796European Union 101168311Ministerio de Transformacion Digital y Función Pública TSI-069100-2023-001ElsevierElectrónica y ElectromagnetismoMinisterio de Ciencia e Innovación (MICIN). EspañaEuropean Union (UE)Ministerio de Transformacion Digital y Función Pública. España2024info:eu-repo/semantics/articleinfo:eu-repo/semantics/acceptedVersionapplication/pdfapplication/pdfhttps://hdl.handle.net/11441/165104https://doi.org/10.1016/j.iot.2024.101389reponame:idUS. Depósito de Investigación de la Universidad de Sevillainstname:Universidad de Sevilla (US)InglésInternet of Things (The Netherlands), 28, 101389.PDC2023–145873-I00CPP2022–009796101168311TSI-069100-2023-001https://doi.org/10.1016/j.iot.2024.101389info:eu-repo/semantics/openAccessoai:idus.us.es:11441/1651042026-06-17T12:51:07Z
dc.title.none.fl_str_mv A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data
title A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data
spellingShingle A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data
Román Hajderek, Roberto
CRYSTALS-Kyber
Device authentication
Homomorphic encryption
Post-quantum security
Privacy techniques
PUFs
title_short A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data
title_full A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data
title_fullStr A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data
title_full_unstemmed A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data
title_sort A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data
dc.creator.none.fl_str_mv Román Hajderek, Roberto
Arjona, Rosario
Baturone Castillo, María Iluminada
author Román Hajderek, Roberto
author_facet Román Hajderek, Roberto
Arjona, Rosario
Baturone Castillo, María Iluminada
author_role author
author2 Arjona, Rosario
Baturone Castillo, María Iluminada
author2_role author
author
dc.contributor.none.fl_str_mv Electrónica y Electromagnetismo
Ministerio de Ciencia e Innovación (MICIN). España
European Union (UE)
Ministerio de Transformacion Digital y Función Pública. España
dc.subject.none.fl_str_mv CRYSTALS-Kyber
Device authentication
Homomorphic encryption
Post-quantum security
Privacy techniques
PUFs
topic CRYSTALS-Kyber
Device authentication
Homomorphic encryption
Post-quantum security
Privacy techniques
PUFs
description Physical Unclonable Functions (PUFs) are widely used to authenticate electronic devices because they take advantage of random variations in the manufacturing process that are unique to each device and cannot be cloned. Therefore, each device can be uniquely identified and counterfeit devices can be detected. Weak PUFs, which support a relatively small number of challenge-response pairs (CRPs), are simple and easy to construct. Device authentication with weak PUFs typically uses helper data to obfuscate and recover a cryptographic key that is then required by a cryptographic authentication scheme. However, these schemes are vulnerable to helper-data attacks and many of them do not protect conveniently the PUF responses, which are sensitive data, as well as are not resistant to attacks performed by quantum computers. This paper proposes an authentication scheme that avoids the aforementioned weaknesses by not using helper data, protecting the PUF response with a quantum-safe homomorphic encryption, and by using a two-server setup. Specifically, the CRYSTALS-Kyber public key cryptographic algorithm is used for its quantum resistance and suitability for resource-constrained Internet-of-Things (IoT) devices. The practicality of the proposal was tested on an ESP32 microcontroller using its internal SRAM as a SRAM PUF. For PUF responses of 512 bits, the encryption execution time ranges from 16.41 ms to 41.08 ms, depending on the desired level of security. In terms of memory, the device only needs to store between 800 and 1,568 bytes. This makes the solution post-quantum secure, lightweight and affordable for IoT devices with limited computing, memory, and power resources.
publishDate 2024
dc.date.none.fl_str_mv 2024
dc.type.none.fl_str_mv info:eu-repo/semantics/article
info:eu-repo/semantics/acceptedVersion
format article
status_str acceptedVersion
dc.identifier.none.fl_str_mv https://hdl.handle.net/11441/165104
https://doi.org/10.1016/j.iot.2024.101389
url https://hdl.handle.net/11441/165104
https://doi.org/10.1016/j.iot.2024.101389
dc.language.none.fl_str_mv Inglés
language_invalid_str_mv Inglés
dc.relation.none.fl_str_mv Internet of Things (The Netherlands), 28, 101389.
PDC2023–145873-I00
CPP2022–009796
101168311
TSI-069100-2023-001
https://doi.org/10.1016/j.iot.2024.101389
dc.rights.none.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
application/pdf
dc.publisher.none.fl_str_mv Elsevier
publisher.none.fl_str_mv Elsevier
dc.source.none.fl_str_mv reponame:idUS. Depósito de Investigación de la Universidad de Sevilla
instname:Universidad de Sevilla (US)
instname_str Universidad de Sevilla (US)
reponame_str idUS. Depósito de Investigación de la Universidad de Sevilla
collection idUS. Depósito de Investigación de la Universidad de Sevilla
repository.name.fl_str_mv
repository.mail.fl_str_mv
_version_ 1869420572686942208
score 15,81155