Search Results (23)

Edge computing (EC) faces unique security threats due to its distributed architecture, resource-constrained devices, and diverse applications, making it vulnerable to data breaches, malware infiltration, and device compromise. The mitigation strategies against EC data security threats include encryption, secure authentication, regular updates, tamper-resistant hardware, and lightweight security protocols. Physical Unclonable Functions (PUFs) are digital fingerprints for device authentication that enhance interconnected devices’ security due to their cryptographic characteristics. PUFs produce output responses against challenge inputs based on the physical structure and intrinsic manufacturing variations of an integrated circuit (IC). These challenge-response pairs (CRPs) enable secure and reliable device authentication. Our work implements the Arbiter PUF (APUF) on Altera Cyclone IV FPGAs installed on the ALINX AX4010 board. The proposed APUF has achieved performance metrics of 49.28% uniqueness, 38.6% uniformity, and 89.19% reliability. The robustness of the proposed APUF against machine learning (ML)-based modeling attacks is tested using supervised Support Vector Machines (SVMs), logistic regression (LR), and an ensemble of gradient boosting (GB) models. These ML models were trained over more than 19K CRPs, achieving prediction accuracies of 61.1%, 63.5%, and 63%, respectively, thus cementing the resiliency of the device against modeling attacks. However, the proposed APUF exhibited its vulnerability to Multi-Layer Perceptron (MLP) and random forest (RF) modeling attacks, with 95.4% and 95.9% prediction accuracies, gaining successful authentication. APUFs are well-suited for device authentication due to their lightweight design and can produce a vast number of challenge-response pairs (CRPs), even in environments with limited resources. Our findings confirm that our approach effectively resists widely recognized attack methods to model PUFs. Full article

This research introduces Fortified-Edge 2.0, a novel authentication framework that addresses critical security and privacy challenges in Physically Unclonable Function (PUF)-based systems for collaborative edge computing (CEC). Unlike conventional methods that transmit full binary Challenge–Response Pairs (CRPs) and risk exposing sensitive data, Fortified-Edge 2.0 employs a machine-learning-driven feature-abstraction technique to extract and utilize only essential characteristics of CRPs, obfuscating the raw binary sequences. These feature vectors are then processed using lightweight cryptographic primitives, including ECDSA, to enable secure authentication without exposing the original CRP. This eliminates the need to transmit sensitive binary data, reducing the attack surface and bandwidth usage. The proposed method demonstrates strong resilience against modeling attacks, replay attacks, and side-channel threats while maintaining the inherent efficiency and low power requirements of PUFs. By integrating PUF unpredictability with ML adaptability, this research delivers a scalable, secure, and resource-efficient solution for next-generation authentication in edge environments. Full article

Protecting IoT (Internet of Things) devices against attacks is essential due to the rapid increase in connected devices. This is particularly challenging for lightweight devices with limited hardware capacity, making computationally intensive encryption inefficient. To address this issue, PUF-based security applications can enhance security while reducing resource requirements. The PUF must meet key criteria such as unclonability, unpredictability, and uniqueness throughout its operational lifetime. To achieve this, it is important to minimize unwanted offsets in signal propagation delays caused by unbalanced design strategies and ensure that the PUF responds robustly to physical influences. This paper presents the development and an extensive investigation of a novel 56-bit 2-4 Double Arbiter PUF. Its performance is evaluated on 110 FPGAs with a dataset of 3 million challenge–response pairs (CRPs) under temperature variations in a range from 0 to 50 °C. This study also examines the identification of bit positions with high offsets in order to detect and eliminate potential weaknesses. Furthermore, we extend the 2-4 DAPUF with a lightweight XOR layer to create a 2-4 XOR-DAPUF and improve performance. Our results demonstrate robust and efficient hardware architecture. The optimized 2-4 XOR-DAPUF delivers outstanding performance with 95.85% reliability, 48.09% randomness, and 48.79% uniqueness. Full article

In this study, we present the Response-Based Key Encapsulation Mechanism (R-KEM), an ephemeral key encapsulation and recovery scheme tailored for cryptographic systems in high-noise, high-jamming network environments. By adopting the Challenge–Response Pair (CRP) mechanism for both key encapsulation and authentication, R-KEM eliminates the need to store secret keys on the device, favoring on-demand key generation. By maintaining only encrypted data on the device, R-KEM significantly enhances security, ensuring that in the event of an attack, no sensitive information can be compromised. Its novel error-correcting strategy efficiently corrects 20 to 23 bits of errors promptly, eliminating the need for redundant helper data and fuzzy extractors. R-KEM is ideally suited for terminal devices with constrained computational resources. Our comprehensive performance analysis underscores R-KEM’s ability to recover error-free cryptographic keys in noisy networks, offering a superior alternative to conventional methods that struggle to maintain secure data transmission under such challenges. This work not only demonstrates R-KEM’s efficacy but also paves the way for more resilient cryptographic systems in noise-prone environments. Full article

Physical unclonable functions (PUFs) are emerging as highly promising lightweight hardware security primitives that offer novel information security solutions. PUFs capitalize on the intrinsic physical variations within circuits to generate unpredictable responses. Nevertheless, diverse PUF types often encounter difficulties in concurrently fulfilling multiple performance requisites. As is well known, strong PUFs possess significantly larger challenge–response pair (CRP) set sizes. However, they are vulnerable to machine learning (ML) attacks. Conversely, weak PUFs generate responses with superior randomness, yet their CRP sets are inadequate to satisfy the demands of practical applications. This paper presents a newly devised double-latch PUF (DL-PUF) to address this issue. This design significantly enhances both the CRP set size and security performance. The available CRPs of the DL-PUF design can reach up to $2^{64}$, and its robust security features are also demonstrated in this paper. We have implemented this design on twelve 45 nm Xilinx Spartan 6 XC6SLX25 FPGAs. The experimental results indicate that our proposed DL-PUF performs well in terms of reliability, uniqueness, uniformity, and randomness. Additionally, three machine learning algorithms were employed to conduct comprehensive tests on the DL-PUF. The results reveal its excellent resilience against machine learning attacks. Full article

Portable and wearable sensor systems implemented in the paradigm of the Internet of Things (IoT) are part of our daily activities as well as commercial and industrial products. The connection of measurement devices has led to not only a sharp increase in information sharing, but also to the frequency of cyber-attacks, in which system vulnerabilities are exploited to steal confidential information, corrupt data, or even make the system unavailable. Physical unclonable function (PUF)-based devices exploit the inherent randomness introduced during device manufacturing to create a unique fingerprint. They are widely used to generate passwords and cryptographic keys to mitigate security issues in IoT applications. Among the existing different PUF structures, ring oscillator (RO)-based PUF devices are very popular due to their simple structure and their potential easy integration onto chips. In this paper, the possibility of increasing the number of challenge–response pairs (CRPs) of RO-based PUF devices by measuring two different parameters (the oscillation frequency and the duty cycle) is investigated. The results achieved by the performed circuit level simulations and experimental measurements show that these two parameters feature a weak correlation. The proposed PUF device can be used to increase the number of CRPs to improve device security while achieving a high uniqueness value (49.77%). Full article

This study focuses on designing enhanced Physically Unclonable Functions (PUFs) based on SRAM devices and improving the security of cryptographic systems. Most SRAM PUFs are limited in their number of CRPs, which makes them vulnerable to enrollment attacks. In this research, we present an SRAM-based PUF design that greatly increases the number of CRPs and the entropy of the generated bits by performing exclusive-or (XOR) on the responses of two SRAM devices. This was implemented using a readily available development board, SRAM devices, and a user-friendly custom circuit board for cryptographic key generation. The cryptographic protocol was implemented using both C++ and python3. The proposed SRAM PUF design was experimentally demonstrated and showed substantial improvements in the security of various cryptographic applications as a hardware authentication device. It also addresses the specific vulnerabilities of legacy designs. Full article

The Internet of Things faces significant security challenges, particularly in device authentication. Traditional methods of PUF-based authentication protocols do not fully address IoT’s unique security needs and resource constraints. Existing solutions like Identity-Based Encryption with Physically Unclonable Functions enhance security but still struggle with protecting data during transmission. We show a new protocol that leverages PUFs for device authentication by utilizing Paillier homomorphic encryption or the plaintext equality test to enhance security. Our approach involves encrypting both the challenge–response pairs (CRPs) using Paillier homomorphic encryption scheme or ElGamal encryption for plaintext equality testing scheme. The verifier does not need access to the plaintext CRPs to ensure that sensitive data remain encrypted at all times and our approach reduces the computational load on IoT devices. The encryption ensures that neither the challenge nor the response can be deciphered by potential adversaries who obtain them during the transmission. The homomorphic property of the Paillier scheme or plaintext equality testing scheme allows a verifier to verify device authenticity without decrypting the CRPs, preserving privacy and reducing the computational load on IoT devices. Such an approach to encrypting both elements of the CRP provides resistance against CRP disclosure, machine learning attacks, and impersonation attacks. We validate the scheme through security analysis against various attacks and evaluate its performance by analyzing the computational overhead and the communication overhead. Comparison of average computational and communication time demonstrates Paillier scheme achieves approximately 99% reduction while the plaintext equality test achieves approximately 94% reduction between them. Full article

The methods proposed in this paper are leveraging Challenge–Response–Pair (CRP) mechanisms that are directly using each digital file as a source of randomness. Two use cases are considered: the protection and verification of authenticity of the information distributed in storage nodes and the protection of the files kept in terminal devices operating in contested zero-trust environments comprised of weak signals in the presence of obfuscating electromagnetic noise. With the use of nonces, the message digests of hashed digital files can be unique and unclonable; they can act as Physical Unclonable Functions (PUF)s in challenge–response mechanisms. During enrollment, randomly selected “challenges” result in unique output data known as the “responses” which enable the generation and distribution of cryptographic keys. During verification cycles, the CRP mechanisms are repeated for proof of authenticity and deciphering. One of the main contributions of the paper is the development of mechanisms accommodating the injection of obfuscating noises to mitigate several vectors of attacks, disturbing the side channel analysis of the terminal devices. The method can distribute error-free cryptographic keys in noisy networks with light computing elements without relying on heavy Error Correcting Codes (ECC), fuzzy extractors, or data helpers. Full article

Physical unclonable function (PUF), a cryptographic primitive, has recently been used in protocol design because it can ensure a tamper-evident feature. In many PUF-based protocol schemes, helper data algorithms (HDA) or fuzzy extractors (FE) are used to generate strong keys from unreliable PUF responses. However, these methods inevitably introduce complex error correction techniques, which not only increase the overhead of embedded devices but also pose some security risks. We propose a novel HDA technology, which does not use any high-overhead error correction mechanism, greatly reducing the implementation complexity and execution overhead. The novel HDA exploits the strategy of bit-self-test (BST) and the PUF can extract the robust responses by using the real-time generated reliable flags, and then an entropy extractor is used to generate the reliable and random key with high entropy. Based on this novel HDA, we design a lightweight anonymous authentication protocol. The protocol uses pseudo-random function (PRF) and XOR operation instead of the traditional hash function and symmetric encryption algorithm, which ensures security while reducing the overhead. Moreover, the proposed protocol does not require the server to store a large number of challenge–response pairs (CRPs), which reduces the storage overhead on the server while avoiding the risk of leakage of CRPs. Moreover, the device identity ID is updated during each round of the authentication process, which prevents the device from being tracked and protects the privacy of the device. The implementation and performance analysis of the protocol prototype on a Zynq-7000 SoC XC7Z010 FPGA shows that the proposed scheme solves the problems encountered with existing schemes and has additional security properties. Full article

With the advancement of the Internet of Things (IoTs) technology, security issues have received an increasing amount of attention. Since IoT devices are typically resource-limited, conventional security solutions, such as classical cryptography, are no longer applicable. A physically unclonable function (PUF) is a hardware-based, low-cost alternative solution to provide security for IoT devices. It utilizes the inherent nature of hardware to generate a random and unpredictable fingerprint to uniquely identify an IoT device. However, despite existing PUFs having exhibited a good performance, they are not suitable for effective application on resource-constrained IoT devices due to the limited number of challenge-response pairs (CRPs) generated per unit area and the large hardware resources overhead. To solve these problems, this article presents an ultra-lightweight reconfigurable PUF solution, which is named RPPUF. Our method is built on pico-PUF (PPUF). By incorporating configurable logics, one single RPPUF can be instantiated into multiple samples through configurable information K. We implement and verify our design on the Xilinx Spartan-6 field programmable gate array (FPGA) microboards. The experimental results demonstrate that, compared to previous work, our method increases the uniqueness, reliability and uniformity by up to 4.13%, 16.98% and 10.5%, respectively, while dramatically reducing the hardware resource overhead by 98.16% when a 128-bit PUF response is generated. Moreover, the bit per cost (BPC) metric of our proposed RPPUF increased by up to 28.5 and 53.37 times than that of PPUF and the improved butterfly PUF, respectively. This confirms that the proposed RPPUF is ultra-lightweight with a good performance, making it more appropriate and efficient to apply in FPGA-based IoT devices with constrained resources. Full article

The main issue of ring oscillator physical unclonable functions (RO-PUF) is the existence of unstable ROs in response to environmental variations. The RO pairs with close frequency differences tend to contribute bit flips, reducing the reliability. Research on improving reliability has been carried out over the years. However, it has led to other issues, such as decreasing the uniqueness and increasing the area utilized. Therefore, this paper proposes a uniform RO-PUF, requiring a smaller area than a conventional design, aiming to balance reliability and uniqueness. We analyzed RO runtimes to increase reliability. In general, our method (uniqueness = 47.48%, reliability = 99.16%) performs better than previously proposed methods for a similar platform (Altera), and the reliability is as good as the latest methods using the same IC technology (28 nm). Moreover, the reliability is higher than that of RO-PUF with challenge and response pair (CRP) enhancements. The evaluation was performed in longer runtimes, where the pulses produced by ROs exceeded the counter capacity. This work recommends choosing ranges of the runtime of RO for better performance. For the 11-stage ROs, the range should be 1.598–4.30 ms, or 6.12–8.61 ms, or 12.24–12.91 ms. Meanwhile, for the 20-stage, the range should be 2.717–8.37 ms, or 10.97–16.74 ms, or 21.93–25.10 ms. Full article

Internet of Things (IoT) has enabled battery-powered devices to transmit sensitive data, while presenting high power consumption and security issues. To address these challenges, adiabatic-based physical unclonable functions (PUFs) offer a promising solution for low-power and secure IoT device applications. In this study, we propose a novel low-power two-phase clocking adiabatic PUF. The proposed adiabatic PUF utilizes a trapezoidal power clock signal with a time-ramped voltage to achieve an improved energy efficiency and reliable start-up PUF behavior. Static CMOS logic is employed to produce stable challenge-response pairs (CRPs) in the adiabatic mode. The pull-down network is designed to control the PUF cell to charge and discharge its output nodes with a constant supply current during secure key generation. The body effect of PMOS transistors, ambient temperatures, and CMOS process variations are investigated to examine the uniqueness and reliability of the proposed work. The proposed adiabatic PUF is simulated using 0.18 µm CMOS process technology with a supply voltage of 1.8 V. The uniqueness and reliability of the proposed adiabatic PUF are 49.82% and 99.47%, respectively. In addition, it requires a start-up power of 0.47 µW and consumes an energy of 15.98 fJ/bit/cycle at the reference temperature of 27 °C. Full article

Traditional authentication techniques, such as cryptographic solutions, are vulnerable to various attacks occurring on session keys and data. Physical unclonable functions (PUFs) such as dynamic random access memory (DRAM)-based PUFs are introduced as promising security blocks to enable cryptography and authentication services. However, PUFs are often sensitive to internal and external noises, which cause reliability issues. The requirement of additional robustness and reliability leads to the involvement of error-reduction methods such as error correction codes (ECCs) and pre-selection schemes that cause considerable extra overheads. In this paper, we propose deep PUF: a deep convolutional neural network (CNN)-based scheme using the latency-based DRAM PUFs without the need for any additional error correction technique. The proposed framework provides a higher number of challenge-response pairs (CRPs) by eliminating the pre-selection and filtering mechanisms. The entire complexity of device identification is moved to the server side that enables the authentication of resource-constrained nodes. The experimental results from a 1Gb DDR3 show that the responses under varying conditions can be classified with at least a 94.9% accuracy rate by using CNN. After applying the proposed authentication steps to the classification results, we show that the probability of identification error can be drastically reduced, which leads to a highly reliable authentication. Full article

Physical Unclonable Functions (PUFs) are known for their unclonability and light-weight design. However, several known issues with state-of-the-art PUF designs exist including vulnerability against machine learning attacks, low output randomness, and low reliability. To address these problems, we present a reconfigurable interconnected PUF network (IPN) design that significantly strengthens the security and unclonability of strong PUFs. While the IPN structure itself significantly increases the system complexity and nonlinearity, the reconfiguration mechanism remaps the input–output mapping before an attacker could collect sufficient challenge-response pairs (CRPs). We also propose using an evolution strategies (ES) algorithm to efficiently search for a network configuration that is capable of producing random and stable responses. The experimental results show that applying state-of-the-art machine learning attacks result in less than 53.19% accuracy for single-bit output prediction on a reconfigurable IPN with random configurations. We also show that, when applying configurations explored by our proposed ES method instead of random configurations, the output randomness is significantly improved by 220.8% and output stability by at least 22.62% in different variations of IPN. Full article