Physical Unclonable Functions for IoT Security

Muhammad N. Aman Kee Chaing Chua Biplab Sikdar

National University of National University of National University of
Singapore Singapore Singapore
Singapore 117583 Singapore 117583 Singapore 117583
elemna@nus.edu.sg eleckc@nus.edu.sg bsikdar@nus.edu.sg

ABSTRACT limitations in the IoT. Firstly, low cost and simple IoT de-
vices may not have the processing power required for most
Devices in the Internet of Things (IoT) introduce unique se- digital signature and encryption schemes. Secondly, it may
curity challenges due to their operating conditions and de- not be feasible to manage secrets in IoT devices. Secrets are
vice limitations. Existing security solutions based on classi- usually stored in non-volatile memories or battery-backed
cal cryptography have significant drawbacks in IoT devices, RAMs which can be read using invasive or semi-invasive at-
primarily due to the possibility of physical and side chan- tacks [1]. Moreover, providing high level physical security
nel attacks. As an alternative approach, this position paper to IoT devices using tamper-sensing circuitry may be very
advocates the use of physical unclonable functions (PUFs) expensive in terms of cost as well as energy.
as a security primitive for developing security solutions for PUFs provide a unique way to identify integrated circuits
IoT devices. Preliminary work on developing a PUF based (ICs) [2]. PUFs exploit the inherent variability in IC manu-
mutual authentication protocol is also presented. facturing to implement challenge-response functions whose
output depends on the input and the physical micro-structure
1. INTRODUCTION of the device. Due to their unique characteristics, PUFs
Although the realization of IoT systems includes many may provide an efficient, and low cost solution to security
constraints including power, cost, lifetime, and energy, one in IoT systems. PUFs may be used to provide security in
of the most challenging requirements is their security. The IoT systems without the need to store secrets in the devices.
security of IoT systems is of utmost importance because the Moreover, the variations in the physical factors during the
data and control actions realized though them is directly fabrication process of ICs make it practically impossible to
connected to the safety and operation of humans and phys- replicate the micro-structure, making IoT system compo-
ical infrastructure. Given the extremely large number of nents with PUFs unique at a device level.
devices in the IoT, their limited resources, and the fact that In this position/preliminary work paper we present sev-
they are not operated by humans, makes the task of design- eral security challenges in IoT systems and consider the use
ing security protocols for them extremely difficult. This po- of PUFs to solve these issues. To demonstrate the feasibil-
sition paper highlights the possible use of PUFs for providing ity and advantages of PUF based solutions, a protocol for
security solutions for IoT devices and presents preliminary mutual authentication is also presented. The paper is or-
work on developing PUF based security protocols. ganized as follows. Section 2 presents a brief introduction
Traditionally, security for the Internet has been provided to PUFs. Section 3 discusses the security challenges in IoT
by techniques based on classical cryptography. These secu- systems and how PUFs can be used to efficiently solve these
rity primitives and techniques were designed with an implied problems. Section 4 the protocol for mutual authentication
assumption of physically well protected devices. However, in IoT systems and Section 5 concludes the paper.
many of the devices in the IoT are physically unprotected
and easily accessible to an adversary. Thus, security pro-
tocols for the IoT need to be immune to physical and side 2. PHYSICAL UNCLONABLE FUNCTIONS
channel attacks, in addition to providing anonymity, pri- The authors of [3] describe a PUF as “A Physical Unclon-
vacy, and trust. Moreover, security protocols for the IoT able Function (PUF) is a function that maps a set of chal-
must also have very low computational, memory, and power lenges to a set of responses based on an intractably complex
requirements. Contemporary security techniques based on physical system”. The function output can be obtained only
cryptographic methods with secret keys have two significant through the physical system. Each physical instance of a
PUF is unique and cannot be reproduced.
Permission to make digital or hard copies of all or part of this work for personal or A PUF can also be considered a physically disordered sys-
classroom use is granted without fee provided that copies are not made or distributed tem that can be excited by a challenge C to produce a re-
for profit or commercial advantage and that copies bear this notice and the full cita- sponse R, called a challenge response pair (CRP). A PUF
tion on the first page. Copyrights for components of this work owned by others than
ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or re- produces the same response with high probability if it is
publish, to post on servers or to redistribute to lists, requires prior specific permission excited multiple times using the same challenge. However,
and/or a fee. Request permissions from permissions@acm.org. for the same challenge different PUFs produce responses far
apart with high probability. A PUF can be represented as:
c 2016 ACM. ISBN 978-1-4503-2138-9.
DOI: 10.1145/1235
R = P (C). (1)
 PUFs can be realized using different technologies, e.g., 3.3 Physical and Cloning Attacks
silicon PUFs which exploit the variation in timing and delay An adversary may try to masquerade as an authentic IoT
in ICs, optical PUFs which exploit the random positioning device by cloning another IoT device. If a device is physi-
of light scattering particles to give rise to unique speckle cally compromised, the adversary may clone it by extract-
patterns, and coating PUFs which exploit the randomness ing secrets from the captured device. However, the use of
in the capacitance of a coating layer covering the IC, etc. PUFs makes such attacks extremely difficult for an adver-
PUF based designs provide the following advantages: sary. Launching a cloning attack on PUFs means creating
an exact copy of the PUF which requires the use of inva-
1. Secrets are hidden in the complex micro-structure of sive techniques (which are economically unviable) to mea-
an IC rather than in a non-volatile memory, resulting sure the PUF delays accurately. It has been shown in [5, 6]
in higher physical security. that PUFs can be used effectively for hardware obfuscation,
making IoT devices with PUFs secure against physical and
2. They support ultra high throughput with ultra low cloning attacks.
energy and silicon area footprints.
3.4 Side Channel Attacks
3. They do not require special manufacturing, program- The easy access to IoT devices for an adversary opens
ming or testing processes. doors for side channel attacks. Prominent attacks in this
category include timing attacks, power monitoring attacks,
4. They can be manufactured using a simple and low cost electromagnetic attacks and differential fault analysis. Tim-
process. ing attacks usually involve statistical analysis of the timing
required to perform cryptographic operations by a CPU and
5. They cannot be reproduced even by using a controlled thereby determining the secret key. However, PUFs use a
and precise manufacturing process. challenge response mechanism instead of secret keys and ac-
curately measuring the timing delays of a circuit in an IC is
significantly more difficult. Moreover, PUFs are considered
3. PUFS AND SECURITY CHALLENGES IN isochronous and therefore not susceptible to timing attacks.
Power monitoring attacks depend on monitoring the power
THE IOT consumption during computations. The authors of [7] have
In this section we describe the security challenges in IoT shown a power side-channel attack on PUFs using a data
systems which can be solved efficiently using PUFs. The analysis algorithm. They have shown that by using the
major security challenges for the IoT include authentica- power consumption information, the number of zeros and
tion, self trust, access control, data integrity, low cost energy ones stored in the latches of an arbiter PUF may be ob-
aware protocols; and side channel, physical, and cloning at- tained. However, by designing the PUF in such a way that
tacks. Some of these problems can be solved efficiently using the number of zeros and ones in the latches is constant we
PUFs as discussed below. can make PUFs secure against these attacks.
Performing an electromagnetic attack is practically more
3.1 Authentication complex than a power monitoring attack. Similar to power
IoT systems are expected to encompass billions of devices. analysis attacks, reducing the fluctuations in current can
Each device should be able to authenticate itself before send- also make the PUF secure against electromagnetic attacks.
ing or receiving data. As most IoT devices will not have any Differential fault analysis is carried out by introducing
human operators, each device must be capable of identify- faults into security hardware by exposing it to abnormal
ing and authenticating itself. Existing techniques for au- environmental conditions. These techniques usually exploit
thentication require the storage of various forms of secret the physical data corruption inside the cryptographic im-
credentials in the device’s memory, making them unsuitable plementations to reveal their internal state. Although some
for physically unprotected devices in the IoT. An adversary types of PUFs are extremely sensitive to the external envi-
may use different physical attacks to compromise the se- ronment (e.g. delay-based PUFs are very sensitive to tem-
curity of the whole system. The use of PUFs serves two perature and voltage variations), however, there is no physi-
purposes: firstly, they provide a mechanism for volatile se- cal data inside these PUFs that can be used by an adversary
crets [3] i.e., the secret does not exist in digital form and to produce any fruitful results.
instead are embedded into the micro-structure of the PUF
IC. Secondly, each PUF is unique and in turn can be used 3.5 Man-in-the-middle Attacks
to provide a unique identity to each IoT device. An adversary may try to reuse an older challenge if some-
how he/she gets one of the CRPs for a PUF. Thus it is
3.2 Self Trust desired that a CRP is never reused. The class of reconfig-
Self trust, a conceptually new security task, enables a user urable PUFs can be an interesting area of future research
to trust an IoT device. This enables a user to trust that the for this purpose. PUFs can be made reconfigurable after
data received is indeed collected by the specific device at the each CRP, this will make the system immune to replay and
stated time and location. Several works on using hardware man-in-the-middle attacks.
security primitives for trust in IoT have been presented [4].
However, these techniques need to be further optimized in 3.6 Low-Cost Energy-Aware Protocols
terms of energy and cost. Given the low energy footprint PUFs can be ultra fast, have ultra low energy consump-
of PUFs, they are an attractive choice for the realization of tion, and very small silicon footprint. These characteris-
self trust in IoT systems. tics make them an ideal choice for the realization of ultra
 Figure 1: Network Model

fast protocols with very low energy requirements. It is very

important that any security protocol designed for the IoT
should be able to support real time applications with mini-
mum energy requirements.

4. A PUF BASED MUTUAL AUTHENTICA- Figure 2: Proposed Mutual Authentication Protocol

TION PROTOCOL 1. The IoT device sends its IDj and a random number
This section presents a preliminary protocol for mutual noncei to the server (message 1).
authentication in IoT systems using PUFs.
2. The server searches its memory for IDj and retrieves
4.1 Network Model, Assumptions, and Nota- the respective CRP (C i , Ri ) for the PUF of this IoT
tions device. If IDj is not found in its memory the authen-
tication request is rejected. If IDj is found, the server
In our network model, IoT devices equipped with PUFs
generates a secret random number NA and uses it to
are connected to a server in a data center through the In-
encrypt (using an XOR operation) Ri in message 2 of
ternet as shown in Figure 1. Assumptions for the proposed
the protocol. The server also adds a message authenti-
protocol and network model are as follows:
cation code (MAC) in the message for integrity, using
a. The PUF and the device’s microcontroller are considered NA as the secret.
to be on the same chip and inseparable. It is not possible 3. The IoT device uses its PUF to generate Ri from C i . It
to remove the PUF or tamper with the communication then uses Ri to obtain NA and then verifies the fresh-
between the microcontroller and PUF. ness and integrity of the message using the received
MAC. The IoT device then generates a new challenge
b. IoT devices are constrained by their resources, while the
C i+1 using NA and NB . The new challenge is input
servers in the data center have no such limitation.
to the device’s PUF to obtain the new secret response
c. IoT devices are physically unprotected and accessible by Ri+1 . NB and Ri+1 are sent securely to the server us-
an adversary. ing NA as shown in message 3. The IoT device also
adds a MAC in message 3, using NB as the secret.
d. An adversary can eavesdrop, modify, inject, and replay
4. The server calculates NB and Ri+1 using its secret NA ,
messages.
and verifies the message using the MAC. The server
Moreover, we denote the ID of the j-th IoT device, a XOR then uses NA and NB to construct the new challenge
operation, hash of X, the challenge used in the i-th authen- and saves the new CRP (C i+1 , Ri+1 ) against IDj in
tication cycle, and the response of a PUF to input C i by its memory.
IDj , ⊕, H(X), C i , and Ri respectively. The authentication is successfully completed after the server
verifies the MAC of message 3. If the MAC fails verification
4.2 Proposed Protocol at any of the above steps, the authentication fails and the
The proposed protocol is shown in Figure 2. We assume process is aborted. Note that the MACs do not use any se-
that the system is initialized (offline) before this protocol cret key stored in the device. Instead they use the secret
is run by providing the server with an initial challenge re- random numbers NA and NB generated during the authen-
sponse pair (CRP). The steps of the protocol during an au- tication process. At the end of the authentication process,
thentication process (say the i-th authentication cycle) are the IoT device and server delete all temporary variables in-
as follows: cluding NA , NB , noncei , C i , and Ri from their memories.
Also, we note that the secret numbers NA and NB can also 128 to 256 bytes. Moreover, the number of messages equals
be used to establish a secret shared key e.g., H(NA k NB ) a three-way handshake which is very efficient.
that can be used as a shared symmetric key between the IoT In addition to low computation and communication over-
device and server for encrypting further communication. heads, the proposed protocol also has a low storage require-
ment. Many PUF based protocols require the server to store
4.3 Security Analysis a large number of CRPs in its memory [3, 10]. Given the
The simple and low cost nature of IoT devices make them large number of IoT devices this approach does not scale
vulnerable to various attacks as discussed in Section 3. How- well. In contrast, the proposed protocol requires the server
ever, the proposed PUF based protocol is secure against to store only one CRP for each IoT device. Moreover, an
these attacks as described as follows: IoT device does not need to store anything except its ID.
The above discussion shows that the use of PUFs can not
1. The proposed protocol is immune to cloning or imper- only provide security solutions, but can also result in very
sonation attacks because a PUF cannot be reproduced efficient realizations of security protocols for IoT systems.
and each PUF has its own unique set of CRPs.

2. The proposed protocol is secure against physical at-

5. CONCLUSIONS
tacks due to two reasons. Firstly, devices do not store The simple, low cost, and diverse nature of IoT devices
any secrets in their memory. Secondly, as the device’s and their deployment scenarios make them vulnerable to
microcontroller and PUF are on the same chip, the physical, side channel, and cloning attacks. PUFs provide
communication between them is considered to be se- an innovative way to secure the IoT from these types of
cure [8]. Thus even if a device is physically captured by attacks and PUFs can be used to provide efficient and ef-
an adversary, he/she cannot extract any secrets from fective security solutions for IoT systems. To highlight the
the device. advantages of PUF based security mechanisms, this paper
presented a PUF based mutual authentication protocol. The
3. An adversary may try to replay older messages. How- security and performance analysis of the proposed protocol
ever, the proposed protocol uses a new random number shows that PUFs can be used to realize efficient and strong
each time in each of its messages. For example, mes- security protocols for IoT devices.
sages 1, 2, and 3 have new random numbers noncei ,
NA , and NB , respectively. Therefore, the proposed 6. REFERENCES
protocol is safe against replay attacks.
[1] S. P. Skorobogatov. “Semi-invasive attacks - a new
approach to hardware security analysis,” Technical
4. An adversary may attempt to modify the contents of
Report UCAM-CL-TR-630, University of Cambridge
the different messages. However, the use of MACs with
Computer Laboratory, April 2005.
new secrets in every new run of the protocol makes the
proposed protocol secure against this type of attack. [2] K. Lofstrom, W. R. Daasch, and D. Taylor. “IC
identification circuit using device
5. To construct valid data an adversary needs to know Ri , mismatch,”Proceedings of ISSCC 2000, February 2000.
NA or NB . An adversary cannot obtain these secrets [3] G. E. Suh, and S. Devadas “Pysical Unclonable
with any of the other attacks including eavesdropping, Functions for Device Authentication and Secret Key
man-in-the middle attack, spoofing attacks, and inter- Generation,” Proceedings of IEEE/ACM DAC, pp.
leaving attacks etc. 9-14, San Diego, CA, June 2007.
[4] T. Xu, J. B. Wendt, and M. Potkonjak, “Security of
4.4 Performance Analysis IoT Systems: Design Challenges and
This section evaluates the proposed protocol in terms of Opportunities,”Proceedings of IEEE/ACM ICCAD,
computation, storage, and communication overheads. pp. 417-423, San Jose, CA, November 2014.
We denote the number of hash operations, number of [5] J. B. Wendt and M. Potkonjak, “Hardware obfuscation
exclusive-or operations, and the number of MACs by NH , using PUFbased logic,” International Conference on
N⊕ , and NM AC , respectively. Then an IoT device requires Computer-Aided Design (ICCAD), pp. 1âĂŞ8, 2014.
2NH + 4N⊕ + 1NM AC operations while the server requires [6] T. Xu, J. B. Wendt, and M. Potkonjak, “Secure remote
2NH + 4N⊕ + 1NM AC operations for the authentication pro- sensing and communication using digital PUFs,”
cess. Thus the proposed protocol requires very low pro- Symposium on Architectures for Networking and
cessing power for authentication (which translates into low Communications Systems (ANCS), pp. 1âĂŞ12, 2014.
energy requirements as well), in comparison to existing au- [7] A. Mahmoud et. al. “Combined Modeling and Side
thentication schemes. For example, the computational cost Channel Attacks on Strong PUFs,” IACR Cryptology
of an RSA digital signature is 32 nM (n) where n is the key ePrint Archive, no. 632, 2013.
size and M (n) is the number of arithmetic operations re- [8] S. Guilley, and R. Pacalet, “SoCs security: a war
quired to perform a general modular multiplication with n against side-channels”, Annals of Telecommunications,
bit operands, which for a 1024 bit key translates into more Vol. 59, no. 7, pp 998-1009, 2004.
than 1500 operations [9]. [9] M. J. Hinek, Cryptanalysis of RSA and its variants.
The proposed protocol also has very low communication Taylor and Francis group: CRC Press, 2009.
overhead. If we assume the output of the PUF and a MAC to
[10] H. Ghaith, O. Erdinc, and S. Berk, “A Tamper-Proof
be 128 bits, the maximum size of any message in our protocol
and Lightweight Authentication Scheme”, Pervasive
is 64 bytes. This is very low as compared to other signature
Mobile Computing, Vol.4, no.6, pp. 807-818, 2008.
based schemes, e.g., the size of an RSA signature is typically