Next Article in Journal
Next-Generation Block Ciphers: Achieving Superior Memory Efficiency and Cryptographic Robustness for IoT Devices
Previous Article in Journal
Combined and General Methodologies of Key Space Partition for the Cryptanalysis of Block Ciphers
 
 
Article
Peer-Review Record

Lightweight Mutually Authenticated Key Exchange with Physical Unclonable Functions

Cryptography 2024, 8(4), 46; https://doi.org/10.3390/cryptography8040046
by Cyrus Minwalla 1,*,†, Jim Plusquellic 2,*,† and Eirini Eleni Tsiropoulou 2,†
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Cryptography 2024, 8(4), 46; https://doi.org/10.3390/cryptography8040046
Submission received: 13 August 2024 / Revised: 11 October 2024 / Accepted: 15 October 2024 / Published: 19 October 2024
(This article belongs to the Section Hardware Security)

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

This paper presented a low-cost and PUF-based end-to-end mutual authentication and key exchange protocol. This study is interesting, but has the following shortcomings.

1)      The title is a bit confusing. Actually, this paper proposed a PUF-based protocol. Thus, this should be pointed out clearly.

2)      The organization of this paper is somewhat strange. For example, security analysis should come before performance analysis. Also, in section 1, the organizational structure part of this paper is missing

3)      As mentioned in this paper, there are a variety of PUF-based authentication and session key exchange methods, such as Ref. [15] - [21]. So, what are the defects of these methods? In other words, what are the motivations and contributions of your approach? This is not particularly obvious from the current description and experimental results.

4)      Under the Dolev-Yao (DY) threat model, the formal security analysis, such as ROR or BAN, is needed to verify the security of the proposed method. However, this part is missing.

5)      What are the time complexity and communication complexity of the proposed method?

6)      In Section 5, the advance of the proposed method requires further analysis. The authors should demonstrate this point by comparing with the state-of-the-arts in this domain.

7)      The references are relatively old, and relevant references in the last 3 years should be added. In addition, there are also some grammatical and formatting errors. For example, in line 115 ring oscillator (R)O PUF.

Comments on the Quality of English Language

Moderate editing of English language required.

Author Response

Thank you, please find the attached file.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

This paper proposes a lightweight mutually authenticated key exchange protocol called "PUF-MAKE (Physical Unclonable Function - Mutually Authenticated Key Exchange)."

The following points should be supplemented:

1. I wonder if the protocol proposed by the author can be maintained in large-scale IoT networks or environments with high real-time processing requirements. Please provide an explanation for this.

2. Discussion is needed on the problems that may occur in the proposed protocol when problems arise with the physical security of the PUF itself.

3. Additional discussion is needed on the efficient implementation of the PUF-MAKE protocol.

Comments on the Quality of English Language

No comments.

Author Response

Thank you, please find the attached file.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

To improve the quality of the paper, the reviewer gives the following comments.

(1) Security analysis of the MAKE enrollment protocol is weak.

(2) Please keep the description of PUF-MAKE in-field interactive authentication protocol correct, for example, “SK:=SKT.XOR(SK’T))”.

(3) In Eq. 1, the reviewer does not know how to obtain the values of pi,j in the experiment.

(4) In Eq. 2, the parameter j is uncontrolled.

(5) Section 5 has “The run times for the MAKE In-Field protocol operations are given in Fig. 5, partitioned into the 7 steps along the x-axis”. But, Fig. 5 does not mark x-axis.

(6) In Section 6.1.3, the unlinkability is not defined explicitly.

(7) Section 6.2.2 says “The protocol relies on three cryptographic primitives: XOR operation, AES and SHA-3”. But, XOR operation is not treated as the cryptographic primitive in the cryptographic field.

(8) Although the paper claims to propose lightweight authenticated key exchange protocol, it does not perform the efficiency comparison between the proposed protocol and other similar protocols.

Comments on the Quality of English Language

The writing quality of the paper is rather poor. The writing errors include “Proposed herein is a lightweight end-to-end mutual authentication” in line 5, “strong physical unclonable functions (PUF)” in line 34 and “a strong physical unclonable function (PUF)” in line 46, “Diffie Hellman” in line 83, and “NB the number of bits per bitstring (256), TNB the total” in line 353, etc.

Author Response

Thank you, please find the attached file.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

1. Simplify the title further and keep one of the Physical Unclonable Functions or PUFs.

2. In Introduction section, please simplify the description of the organizational structure of this article.

3. Some inappropriate expressions need to be noted. For example, “The authors of [12] propose ...” should be " Idriss et al. propose ...".

4. Some figures are not clear. For example Figure 2, 3 and 4.

5. Section V is recommended to be organized in two parts, i.e., Formal and Informal analysis.

Comments on the Quality of English Language

Minor editing of English language required.

Author Response

1. Simplify the title further and keep one of the Physical Unclonable Functions or PUFs. We have removed PUFs from the title. 2. In Introduction section, please simplify the description of the organizational structure of this article. We simplified the description of the organizational structure 3. Some inappropriate expressions need to be noted. For example, “The authors of [12] propose ...” should be " Idriss et al. propose ...". We made several changes in different places (highlighted in blue) as you recommend. 4. Some figures are not clear. For example Figure 2, 3 and 4. We have cleared up the Figures 2, 3 and 4 in the revised manuscript. 5. Section V is recommended to be organized in two parts, i.e., Formal and Informal analysis. We have reorganized into two sections, with subsections, as you recommend.

Reviewer 3 Report

Comments and Suggestions for Authors

No further comments.

Comments on the Quality of English Language

The paper writing can be polished, for example, “A PUF-based El-Gamal” line 120 and “ElGamal encryption” in line 158 (Please keep the writing of personal name consistent), etc.

Author Response

The paper writing can be polished, for example, “A PUF-based El-Gamal” line 120 and “ElGamal encryption” in line 158 (Please keep the writing of personal name consistent), etc. We have re-read the paper and fixed inconsistencies such as the one you identify.
Back to TopTop