AU2020102146A4 - Defence method to avoid automated attacks in iot networks using physical unclonable function (puf) based mutual authentication protocol - Google Patents
Defence method to avoid automated attacks in iot networks using physical unclonable function (puf) based mutual authentication protocol Download PDFInfo
- Publication number
- AU2020102146A4 AU2020102146A4 AU2020102146A AU2020102146A AU2020102146A4 AU 2020102146 A4 AU2020102146 A4 AU 2020102146A4 AU 2020102146 A AU2020102146 A AU 2020102146A AU 2020102146 A AU2020102146 A AU 2020102146A AU 2020102146 A4 AU2020102146 A4 AU 2020102146A4
- Authority
- AU
- Australia
- Prior art keywords
- iot
- puf
- server
- authentication
- authentication protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
DEFENCE METHOD TO AVOID AUTOMATED ATTACKS IN
IOT NETWORKS USING PHYSICAL UNCLONABLE FUNCTION
(PUF) BASED MUTUAL AUTHENTICATION PROTOCOL
ABSTRACT:
The Internet of Things (IoT) is the collection of computing devices or things that can leverage the
internet to communicate messages. The interconnected entities involve advanced computing
devices and daily gadgets equipped with sensing devices. The Internet of Things also has
persuaded many of the emerging manufacturing sectors, including smart cities, vehicles, and
medical advancements. Because IoT ties altogether, it is susceptible to a spectrum of destructive
threats on the intruding. Having the internet with multiple gadgets helps perpetrators to initiate
their threats quickly. Devices that develop an IoT platform include restricted resources and
batteries energy, which makes it challenging to implement a suitable protection framework in an
JoT infrastructure. oT systems are susceptible to various attacks, and the number of these attacks
is rising all the moment. Distributed service denial is one of those threats that attained traction
through IoT development. This invention employs Physical Unclonable Functions (PUFs) based
on mutual authentication protocol is promoted as a robust and lightweight approach for securing
JoT devices. A data protection and reliability review of the system discloses that they are indeed
quite versatile towards various forms of threats and are relatively efficient in terms of computing,
storage, resources, and connectivity overhead. The configurations suggested are appropriate for
implementations in a realistic period and are an enticing solution for deploying mutual
authentication in the IoT network.
11 P a g e
DEFENCE METHOD TO AVOID AUTOMATED ATTACKS IN
IOT NETWORKS USING PHYSICAL UNCLONABLE FUNCTION
(PUF) BASED MUTUAL AUTHENTICATION PROTOCOL
Drawings
Data center with
server
go
device to server
dmke-device
border rI
Border router
ro
9derroute
1 r router
EmatL~l Sl -. LTq
Figure 1: loT network model
1| P a g e
Description
Drawings
Data center with server go
device to server
dmke-device
Border router border rI ro 9derroute
1 r router
EmatL~l Sl -. LTq Figure 1: loT network model
1| P a g e
Description
Field of the Invention:
This invention relates to reducing the automated attacks in IoT networks. PUF based protocol PUF provides interoperability with IoT devices and computationally constrained resources.
Background of the invention:
Over the last two decades, networking and Internet security has been a crucial investigation domain. Even so, current security systems are further from flawless, and there are frequent reports of significant security breaches influencing confidential, business, and public information. As with the Internet, IoT devices have a long way to improve when it contributes to obtaining the preferred degree of reliability. Stable booting, authorization, confidentiality security, information confidentiality, application identification, monitoring, access management, and automated remembering are the essential problem areas for IoT devices.
Van Herrewege et al. created an RFID for mutual authentication mechanism premised on the fuzzy reverse extruder that removed the costly error control process to attain resource-constrained PUF enabled applications. The cornerstone of this authentication mechanism specified the database's relative reactions to the calculated result. In this strategy, the hash function secured the response, and the key size of the reply realized secure communication.
J. Li et al suggested about the migration of conventional communication systems to the internet is growing progressively permissible for community interaction with the exponential development of Internet of Things technologies. Several revolutionary internet technologies and frameworks are developing, including cloud computing that allows users to distribute their apps, digital systems, and hardware infrastructure and services dynamically. These cloud-based services improve the allocation of service providers by splitting strategies into various stages.
11 P a g e
Tuyls et al. implemented a PUF-based off-line RFID tag authentication system, which mixed a custom identity protection scheme with a modem certification strategy. The label created a private key via PUF and a Helpful data response in verification. The authenticator ultimately validated the label by its name and stamp.
H. Al-Aqrabi et al. explained the comparative analysis when cloud infrastructure applications exchange a network, and data analytics distribution mechanisms are further vulnerable to exterior risks such as dispersed attacks, ransomware threats, and other established cloud storage privacy and confidentiality issues, which are also common to sensor networks. As a result, the rising abundance of benefits rendered by IoT technology often raises several safety and confidentiality related dangers.
Ning et al. emphasized that prior IoT protection strategies are still not qualified. There must be an awareness of the security problems in the U2IoT framework. The authors proposed an U2IoT hierarchical authentication scheme in which consolidated evidence was developed for confidential information transfer, homomorphism mechanisms were developed for protected communications, and compact structures were formed to achieve reciprocal authorization.
Kulseng et al. demonstrated that for low-cost RFID schemes, conventional cryptographic protocols are impracticable. As well as the labels in IoT applications were facing threats of falsification, training, and monitoring. The researchers then recommended tag analysis procedures centered on the Linear Feedback Shift Registers (LFSR) and PUF. They considered the labels to be PUF products, employed LFSR to realize safe information exchange, and then used challenge-response combinations to enforce the authentication method for the labels.
Abomhara and Kien presented a categorization for concepts relevant to IoT and defense. It represents the limitations that emerge from the design of Machine-to-Machine (M2M) interactions, which are used extensively in IoT automated. M2 M performs beyond manual intervention, allowing bugs easy to hack because it needs to be stable and fail-proof. This ignores the assumption that energy and storage and retrieval constrained systems such as sensor nodes are mostly deployed in automation applications and have minimal protection capability.
21Page
Oztiirk et al. launched a disruptive authentication mechanism focused on PIF for relatively inexpensive applications. By disregarding the cryptographic techniques, it enabled the strategy flexible. It restricted the intruder's direct exposure to challenge-response combinations of internal code parameters stopping a user from copying the threats. The reaction produced was included to illustrate label identification.
Objects of the Invention:
• The main objective of this invention is to create the Physical Unclonable Function (PUF) based Mutual Authentication Protocol that provides minimal latency power, storage, and information exchange. • Another is for preserving a reliable session key, without every superfluous computation or information sharing over time. • PUF is employed to perform authentication among sensor devices and devices to servers, and mutual authentication protocol is developed for physical accessing that protects the safety of sensor device data.
Summary of the Invention:
Lastly, promoting shared authentication is particularly important for IoT systems. All participants in the correspondence should be validated towards one another. Instead, that IoT sensor could transmit private client information to unreliable repositories, and servers could approve bogus sensed data by hackers. Although IoT devices also interact straightforwardly, it is desirable to include mutual authentication, not just among a computer and a server but also among two devices.
Authorization is an essential protection feature in the IoT network. A sensor should be in a position to check that the data obtained by some other sensor is accurately captured by the device indicated. Authentication is the initial stage against creating a connection after the stable boot of the IoT system. Nevertheless, this authorization must be performed safely and effectively while preserving any secrecy in the storage of the IoT system. This invention proposes a stable and compact shared authentication scheme for IoT systems to tackle this problem. The suggested Protocol realizes the required protection and performance criteria for PUFs.
31Page
The installation mechanism is employed to supply the oscillations with limited latency, such that the oscillation frequency depends not only on the number of generators included in the construction of the ring oscillator but also on the installation unit. This tends to improve the reliability of the whole PUF system itself. Transistors are the principal elements of the control board. It adds the transistors to maximize the latency in oscillations.
The authentication protocol is relying on PUF, which performs mutual authentication among IoT nodes. The Protocol includes two conditions for verification: Device-server mutual authentication and mutual authentication of the device to devices. The authentication scenario for the application server is as follows: Each IoT device has an ID. Second, the device transfers its unique ID to the server, plus a random NI nonce. The server picks a CRP (Ci, R) and produces a randomized generated number R. The key benefit of this mechanism is the shared authorization functionality and the device-device authentication option that is very beneficial in many IoT systems.
Detailed Description of the Invention:
Figure 1 explains the IoT network model. The sensor nodes in the IoT environment are connected via the internet. The Sensor nodes are again attached to the IoT gateway and act as an interface between the cloud server and the sensor nodes. The hybrid oscillator Arbiter PUF based mutual authentication protocol is recommended for enabling authentication from device to server and device to device.
Figure 2 shows the implemented mutual authentication protocol for the case where an IoT device and a server desire to connect. The sensor node IDA sends its server ID, IDA, and a randomized nonce, NI. The server attempts to find IDA in its storage and, if the search failed, the appeal for validation is denied. Instead of that for this device, the server reads the CRP (C, R) that is deposited in its memory. After that, the processor produces a randomly generated Rsi, and R' is used to shape MA= {IDA, N 1, Rs1} R. The server then transfers CI, MA, and the request authorization key in request 2 to the IoT system IDA. An IoT system IDA employs its PUF to obtain R' and challenge C.
The sensor then receives Rsi utilizing Rand uses MAC to check the origin, decency, and freshness of the signal. If validation fails, IDA ends the access control with the IoT device. Alternatively, by
41Page using the new challenge H(NA || Rsi), it selects a random number NA and calculates the new response R' and a PUF. Using this innovative CRP (C'+l, Ri+l) for prospective verification. IoT device IDA then decides to send a cryptographic message to the server Ms = {IDA, Rsi, NA, Rl} Ri and the respective MAC and removes all temporary variables contained in its memory. The server employs Ri to measure NA and Ri+, and validate the MAC. If the check is unable, the verification is refused by the server. Instead, mutual authentication is regarded as compatible, and the two devices can presently develop a session.
Figure 3 demonstrates the two stages called Enrollment and Authentication Process to protect the numerous modes of attack. The chip that comprises the PUF circuit is connected directly to the computer in the phase of enrollment. The server sends out the tasks, and the answer is sent back by the PUF system. In a row, the processor handles all the CRPs. This will then load the processor on the IoT device. In the authentication method, the server sends an unspecified PUF request to the user when the device needs to be approved by the server. The unit analyses the PUF and transfers the return bits of the formed response. If the reaction measured reflects the reaction reported in the server log, then the formula is validated.
Figure 4 demonstrates the configuration module. Two transistors, nType DL-FET and p-type DL FET, are available, and the transistors are chosen using the four AND gates and the current OR gate in the unit. The contribution is the oscillation which comes preceding it from the inverter. All inputs are supplied to AND gates. The secondary insight to the gates of AND originates from the input of the challenge bit. There are two 'Cl' and'C2' challenge pieces. If a challenging bit is granted high, a high input is supplied to the corresponding AND gate. The signal would then be transmitted to the respective transistor as a signal. At their openings, the transistors Ti and T2 are given high (1V) and low (OV) all the period. If challenge bit C1 is made significant and all AND gates Al, the A4 will be placed. Al receives a signal from the alternator, and the result is transferred to the transistor T1 as a signal. Transistor Ti provides its output as an entry to gate A4, has still vital data, and the identical information is sent to the gate OR.
51Page
Claims (7)
1. The IoT environment consisting of A set of sensor nodes are connected through communication standards like the internet, Wi-Fi, and 5G. IoT gateway is mounted in between the sensor nodes and the cloud server that is used to transmit the sensed information to the cloud server. The cloud server like IBM, Amazon, and Azure are used to store the processed information by different users.
2. Claim 1 includes the authenticated protocols for security purposes in IoT environment comprising of, The Physical Unclonable Functions (PUF) is integrated with mutual authentication protocol is employed for data protection and authentication in the sensor nodes. The PUF contains two phases Enrollment phase and authentication phase.
3. From claim 2, The server sends out the questions during the Enrollment process, and the PUF system sends the answer back. In a row, the processor handles all the CRPs. In the authentication method, the server sends an unspecified PUF request to the user when the device needs to be approved by the server.
4. According to claim 2, the shared authentication protocol consists of 2 phases
5. User to system authentication and user to server authentication is proposed as obstacles and answers for sharing the messages. The specification for the authentication according to claim 4, Application for severing authentication protocol IoT system passes to the server the specific ID plus a random NI nonce. The server opts for a CRP (Ci, Ri) and gets a random number Rs. The server then generates an encoded MA signal and transmits to the corresponding IoT computer, along with the challenge Ci and a message authentication token. The IoT system applies Ci to its PUF hybrid oscillator arbiter to restore Ri, and decodes the MA message and verifies the message's validity, anonymity, and originality.
6. From claim 5, The IoT system acquires a new CRP by leveraging the new challenge with H, where H is the Hamming distance function, and NA another obtained random number.
7. Above mentioned claim 5 and 6, For the client to server authentication protocol, the authentication method is implemented. The authentication protocol is lightweight, and minimal computing resources interoperable with the IoT computers.
11 P a g e
DEFENCE METHOD TO AVOID AUTOMATED ATTACKS IN Sep 2020
IOT NETWORKS USING PHYSICAL UNCLONABLE FUNCTION (PUF) BASED MUTUAL AUTHENTICATION PROTOCOL
Drawings 2020102146
Figure 1: IoT network model
1|Page
Figure 2: Mutual authentication among device to server and device to device
Figure 3: PUF authentication modes
2|Page
Figure 4: Configuration module of Hybrid Oscillator Arbiter PUF
3|Page
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2020102146A AU2020102146A4 (en) | 2020-09-05 | 2020-09-05 | Defence method to avoid automated attacks in iot networks using physical unclonable function (puf) based mutual authentication protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2020102146A AU2020102146A4 (en) | 2020-09-05 | 2020-09-05 | Defence method to avoid automated attacks in iot networks using physical unclonable function (puf) based mutual authentication protocol |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| AU2020102146A4 true AU2020102146A4 (en) | 2020-11-05 |
Family
ID=73016611
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2020102146A Ceased AU2020102146A4 (en) | 2020-09-05 | 2020-09-05 | Defence method to avoid automated attacks in iot networks using physical unclonable function (puf) based mutual authentication protocol |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU2020102146A4 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114390474A (en) * | 2022-01-12 | 2022-04-22 | 重庆邮电大学 | Lightweight two-factor vehicle networking bidirectional anonymous authentication system and method based on BS-PUF |
| CN114785615A (en) * | 2022-05-23 | 2022-07-22 | 科大天工智能装备技术(天津)有限公司 | Lightweight authentication method for Internet of things system in cloud computing environment |
| CN116614809A (en) * | 2023-05-08 | 2023-08-18 | 肇庆学院 | Wireless sensor network authentication protocol method based on physical unclonable function |
-
2020
- 2020-09-05 AU AU2020102146A patent/AU2020102146A4/en not_active Ceased
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114390474A (en) * | 2022-01-12 | 2022-04-22 | 重庆邮电大学 | Lightweight two-factor vehicle networking bidirectional anonymous authentication system and method based on BS-PUF |
| CN114390474B (en) * | 2022-01-12 | 2024-03-22 | 重庆邮电大学 | Lightweight double-factor internet of vehicles two-way anonymous authentication system and method based on BS-PUF |
| CN114785615A (en) * | 2022-05-23 | 2022-07-22 | 科大天工智能装备技术(天津)有限公司 | Lightweight authentication method for Internet of things system in cloud computing environment |
| CN114785615B (en) * | 2022-05-23 | 2023-07-25 | 北京科技大学 | Lightweight authentication method for Internet of things system in cloud computing environment |
| CN116614809A (en) * | 2023-05-08 | 2023-08-18 | 肇庆学院 | Wireless sensor network authentication protocol method based on physical unclonable function |
| CN116614809B (en) * | 2023-05-08 | 2024-01-12 | 肇庆学院 | Wireless sensor network authentication method based on physical unclonable function |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hong | P2P networking based internet of things (IoT) sensor node authentication by Blockchain | |
| Alshahrani et al. | Secure mutual authentication and automated access control for IoT smart home using cumulative keyed-hash chain | |
| Mahmoud et al. | Internet of things (IoT) security: Current status, challenges and prospective measures | |
| AU2020102146A4 (en) | Defence method to avoid automated attacks in iot networks using physical unclonable function (puf) based mutual authentication protocol | |
| Miao et al. | Practical and secure multifactor authentication protocol for autonomous vehicles in 5G | |
| Saha et al. | Consortium blockchain‐enabled access control mechanism in edge computing based generic Internet of Things environment | |
| Chom Thungon et al. | A lightweight authentication and key exchange mechanism for IPv6 over low‐power wireless personal area networks‐based Internet of things | |
| CN113572765B (en) | Lightweight identity authentication key negotiation method for resource-limited terminal | |
| Jabraeil Jamali et al. | IoT security | |
| Das et al. | Lightweight and efficient privacy‐preserving mutual authentication scheme to secure Internet of Things‐based smart healthcare | |
| Khan et al. | Security Challenges in Fog and IoT, Blockchain Technology and Cell Tree Solutions: A Review. | |
| De Smet et al. | Lightweight PUF based authentication scheme for fog architecture | |
| Abdussami et al. | LASSI: a lightweight authenticated key agreement protocol for fog-enabled IoT deployment | |
| Ahsan et al. | IoT devices, user authentication, and data management in a secure, validated manner through the blockchain system | |
| Kumar et al. | Blockchain-enabled secure communication for unmanned aerial vehicle (UAV) networks | |
| Liu et al. | NPMA: A novel privacy-preserving mutual authentication in TMIS for mobile edge-cloud architecture | |
| Sudha et al. | A review on privacy requirements and application layer security in internet of things (IoT) | |
| Jain et al. | Lightweight, secure, efficient, and dynamic scheme for mutual authentication of devices in Internet‐of‐Things‐Fog environment | |
| Jebri et al. | Enhanced lightweight algorithm to secure data transmission in IoT systems | |
| Uppuluri et al. | Secure user authentication and key agreement scheme for IoT device access control based smart home communications | |
| Kumar et al. | A secure and efficient computation based multifactor authentication scheme for Intelligent IoT-enabled WSNs | |
| Joy et al. | Smart card authentication model based on elliptic curve cryptography in IoT networks | |
| Hafeez et al. | BETA-UAV: Blockchain-based efficient and trusted authentication for UAV communication | |
| Attkan et al. | Lightweight two-factor authentication protocol and session key generation scheme for WSN in IoT deployment | |
| Ehui et al. | A lightweight mutual authentication protocol for IoT |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FGI | Letters patent sealed or granted (innovation patent) | ||
| MK22 | Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry |