A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data
Physical Unclonable Functions (PUFs) are widely used to authenticate electronic devices because they take advantage of random variations in the manufacturing process that are unique to each device and cannot be cloned. Therefore, each device can be uniquely identified and counterfeit devices can be...
| Autores: | , , |
|---|---|
| Tipo de recurso: | artículo |
| Estado: | Versión aceptada para publicación |
| Fecha de publicación: | 2024 |
| País: | España |
| Institución: | Universidad de Sevilla (US) |
| Repositorio: | idUS. Depósito de Investigación de la Universidad de Sevilla |
| OAI Identifier: | oai:idus.us.es:11441/165104 |
| Acceso en línea: | https://hdl.handle.net/11441/165104 https://doi.org/10.1016/j.iot.2024.101389 |
| Access Level: | acceso abierto |
| Palabra clave: | CRYSTALS-Kyber Device authentication Homomorphic encryption Post-quantum security Privacy techniques PUFs |
| id |
ES_d4bd30f44fac30f7e704b7bc602fa06c |
|---|---|
| oai_identifier_str |
oai:idus.us.es:11441/165104 |
| network_acronym_str |
ES |
| network_name_str |
España |
| repository_id_str |
|
| spelling |
A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper dataRomán Hajderek, RobertoArjona, RosarioBaturone Castillo, María IluminadaCRYSTALS-KyberDevice authenticationHomomorphic encryptionPost-quantum securityPrivacy techniquesPUFsPhysical Unclonable Functions (PUFs) are widely used to authenticate electronic devices because they take advantage of random variations in the manufacturing process that are unique to each device and cannot be cloned. Therefore, each device can be uniquely identified and counterfeit devices can be detected. Weak PUFs, which support a relatively small number of challenge-response pairs (CRPs), are simple and easy to construct. Device authentication with weak PUFs typically uses helper data to obfuscate and recover a cryptographic key that is then required by a cryptographic authentication scheme. However, these schemes are vulnerable to helper-data attacks and many of them do not protect conveniently the PUF responses, which are sensitive data, as well as are not resistant to attacks performed by quantum computers. This paper proposes an authentication scheme that avoids the aforementioned weaknesses by not using helper data, protecting the PUF response with a quantum-safe homomorphic encryption, and by using a two-server setup. Specifically, the CRYSTALS-Kyber public key cryptographic algorithm is used for its quantum resistance and suitability for resource-constrained Internet-of-Things (IoT) devices. The practicality of the proposal was tested on an ESP32 microcontroller using its internal SRAM as a SRAM PUF. For PUF responses of 512 bits, the encryption execution time ranges from 16.41 ms to 41.08 ms, depending on the desired level of security. In terms of memory, the device only needs to store between 800 and 1,568 bytes. This makes the solution post-quantum secure, lightweight and affordable for IoT devices with limited computing, memory, and power resources.Ministerio de Ciencia e Innovación PDC2023–145873-I00, CPP2022–009796European Union 101168311Ministerio de Transformacion Digital y Función Pública TSI-069100-2023-001ElsevierElectrónica y ElectromagnetismoMinisterio de Ciencia e Innovación (MICIN). EspañaEuropean Union (UE)Ministerio de Transformacion Digital y Función Pública. España2024info:eu-repo/semantics/articleinfo:eu-repo/semantics/acceptedVersionapplication/pdfapplication/pdfhttps://hdl.handle.net/11441/165104https://doi.org/10.1016/j.iot.2024.101389reponame:idUS. Depósito de Investigación de la Universidad de Sevillainstname:Universidad de Sevilla (US)InglésInternet of Things (The Netherlands), 28, 101389.PDC2023–145873-I00CPP2022–009796101168311TSI-069100-2023-001https://doi.org/10.1016/j.iot.2024.101389info:eu-repo/semantics/openAccessoai:idus.us.es:11441/1651042026-06-17T12:51:07Z |
| dc.title.none.fl_str_mv |
A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data |
| title |
A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data |
| spellingShingle |
A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data Román Hajderek, Roberto CRYSTALS-Kyber Device authentication Homomorphic encryption Post-quantum security Privacy techniques PUFs |
| title_short |
A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data |
| title_full |
A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data |
| title_fullStr |
A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data |
| title_full_unstemmed |
A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data |
| title_sort |
A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data |
| dc.creator.none.fl_str_mv |
Román Hajderek, Roberto Arjona, Rosario Baturone Castillo, María Iluminada |
| author |
Román Hajderek, Roberto |
| author_facet |
Román Hajderek, Roberto Arjona, Rosario Baturone Castillo, María Iluminada |
| author_role |
author |
| author2 |
Arjona, Rosario Baturone Castillo, María Iluminada |
| author2_role |
author author |
| dc.contributor.none.fl_str_mv |
Electrónica y Electromagnetismo Ministerio de Ciencia e Innovación (MICIN). España European Union (UE) Ministerio de Transformacion Digital y Función Pública. España |
| dc.subject.none.fl_str_mv |
CRYSTALS-Kyber Device authentication Homomorphic encryption Post-quantum security Privacy techniques PUFs |
| topic |
CRYSTALS-Kyber Device authentication Homomorphic encryption Post-quantum security Privacy techniques PUFs |
| description |
Physical Unclonable Functions (PUFs) are widely used to authenticate electronic devices because they take advantage of random variations in the manufacturing process that are unique to each device and cannot be cloned. Therefore, each device can be uniquely identified and counterfeit devices can be detected. Weak PUFs, which support a relatively small number of challenge-response pairs (CRPs), are simple and easy to construct. Device authentication with weak PUFs typically uses helper data to obfuscate and recover a cryptographic key that is then required by a cryptographic authentication scheme. However, these schemes are vulnerable to helper-data attacks and many of them do not protect conveniently the PUF responses, which are sensitive data, as well as are not resistant to attacks performed by quantum computers. This paper proposes an authentication scheme that avoids the aforementioned weaknesses by not using helper data, protecting the PUF response with a quantum-safe homomorphic encryption, and by using a two-server setup. Specifically, the CRYSTALS-Kyber public key cryptographic algorithm is used for its quantum resistance and suitability for resource-constrained Internet-of-Things (IoT) devices. The practicality of the proposal was tested on an ESP32 microcontroller using its internal SRAM as a SRAM PUF. For PUF responses of 512 bits, the encryption execution time ranges from 16.41 ms to 41.08 ms, depending on the desired level of security. In terms of memory, the device only needs to store between 800 and 1,568 bytes. This makes the solution post-quantum secure, lightweight and affordable for IoT devices with limited computing, memory, and power resources. |
| publishDate |
2024 |
| dc.date.none.fl_str_mv |
2024 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/acceptedVersion |
| format |
article |
| status_str |
acceptedVersion |
| dc.identifier.none.fl_str_mv |
https://hdl.handle.net/11441/165104 https://doi.org/10.1016/j.iot.2024.101389 |
| url |
https://hdl.handle.net/11441/165104 https://doi.org/10.1016/j.iot.2024.101389 |
| dc.language.none.fl_str_mv |
Inglés |
| language_invalid_str_mv |
Inglés |
| dc.relation.none.fl_str_mv |
Internet of Things (The Netherlands), 28, 101389. PDC2023–145873-I00 CPP2022–009796 101168311 TSI-069100-2023-001 https://doi.org/10.1016/j.iot.2024.101389 |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf application/pdf |
| dc.publisher.none.fl_str_mv |
Elsevier |
| publisher.none.fl_str_mv |
Elsevier |
| dc.source.none.fl_str_mv |
reponame:idUS. Depósito de Investigación de la Universidad de Sevilla instname:Universidad de Sevilla (US) |
| instname_str |
Universidad de Sevilla (US) |
| reponame_str |
idUS. Depósito de Investigación de la Universidad de Sevilla |
| collection |
idUS. Depósito de Investigación de la Universidad de Sevilla |
| repository.name.fl_str_mv |
|
| repository.mail.fl_str_mv |
|
| _version_ |
1869420572686942208 |
| score |
15,81155 |