Search Results (236)

The rapid proliferation of the Internet of Things (IoT) leaves terminal devices vulnerable to considerable security challenges, notably the absence of robust yet efficient identity authentication mechanisms. Traditional certificate-based approaches incur substantial management overhead and storage expenditure, whereas Identity-Based Cryptography poses inherent key escrow risks. To tackle these challenges, this paper proposes a PUF and SM2-based certificateless identity authentication mechanism that integrates SM2 Certificateless Public Key Cryptography (a Chinese national cryptographic standard) with Physical Unclonable Functions (PUFs). Initially, the proposed solution utilizes PUF technology to derive a unique hardware-generated “fingerprint” from an IoT device, which functions as a root key to generate a partial user private key. This approach essentially binds the terminal’s identity to its physical hardware, thereby effectively mitigating physical cloning attacks against nodes. Moreover, through the adoption of a Certificateless Public Key Cryptography (CLPKC) framework, the complete user private key is jointly generated by a semi-trusted Key Generation Centre (KGC) and the terminal device itself. The comprehensive security analysis proves that the proposed scheme is provably secure under the random oracle model, capable of resisting various common attacks such as physical cloning, man-in-the-middle, and replay attacks. Performance evaluation confirms that the implemented PUF + SM2 certificateless mechanism significantly reduces the size of user public key identifiers to within 64 bytes, offering a substantial advantage over the 1–2 KB certificates typically required in conventional PKI/CA systems, thereby enhancing efficiency in storage and communication. Full article

The proliferation of Internet of Things (IoT) devices has created unprecedented challenges in cybersecurity, as billions of interconnected devices generate, process, and transmit sensitive data across diverse networks. This study addresses critical security vulnerabilities in IoT ecosystems, focusing on the development of a comprehensive security framework that encompasses device authentication, an attribute access control mechanism, and privacy preservation. This work introduces HADA, a proposed hybrid authentication method that combines the validation of unique credentials and trust value. For the authentication of the data owner and user, the following credentials are validated: identity, certificate, reconfigurable physical unclonable function (PUF), and trust. Differential privacy is used to secure the credentials during information exchange. Then, the newly developed dynamic attribute access control method selects the number of attributes and matches the attributes; these two processes are performed using the Bi-Fuzzy logic and graph neural network (GNN) algorithms, respectively. After matching the data, the user is allowed to access them from the cloud server. For data encryption, the lightweight SKINNY algorithm is implemented in Hyperledger Fabric blockchain. The proposed system performs better than existing methods in terms of throughput, latency, and resource utilization. Full article

The Internet of Drones (IoD) has emerged as a critical extension of the Internet of Things, enabling unmanned aerial vehicles to support diverse applications, including precision agriculture, logistics, disaster monitoring, and security surveillance. Despite its rapid growth, securing IoD communications remains a significant challenge due to the open wireless environment, high drone mobility, and strict computational and energy constraints. Existing authentication mechanisms either rely on computationally expensive cryptographic operations or remain validated only at the protocol or simulation level, leaving a critical gap in practical, hardware-validated solutions suitable for resource-constrained drone platforms. This gap motivates the need for a lightweight, privacy-preserving authentication scheme that is both theoretically sound and experimentally deployable on real hardware. To address this, we propose a Physically Unclonable Functions (PUF)-assisted lightweight authentication scheme for IoD environments that binds cryptographic keys to each drone’s intrinsic hardware characteristics via PUFs. The scheme employs dynamically generated pseudo-identities to conceal permanent drone identities and prevent tracking, while authentication and key agreement are achieved using efficient symmetric cryptographic primitives, including SHA-256 for key derivation and updates, AES-256 for secure communication, and lightweight XOR operations to minimize overhead. Forward secrecy is ensured through rolling key updates, and periodic renewal of PUF challenges enhances resistance to replay and modeling attacks. To validate practicality, both software-based and hardware-based implementations were developed and evaluated. The software evaluation demonstrates a low communication overhead of 708.5 bytes and an average computation time of 18.87 ms. The hardware implementation on a Nexys A7-100T FPGA operates at 100 MHz with only 12.49% LUT utilization and low dynamic power consumption of approximately 182.5 mW. These results confirm that the proposed framework achieves an effective balance between security, privacy, and efficiency. The significance of this work lies in providing a fully hardware-validated, PUF-based authentication framework specifically tailored to the real-world constraints of IoD environments, offering a practical foundation for securing next-generation drone networks. Full article

Physically unclonable functions (PUFs) are critical security primitives used in authentication and cryptographic key generation. Among these, structural color-based PUFs offer distinct advantages, including fade resistance and the ability to conceal multi-dimensional information. However, current fabrication methods rely heavily on wet processes and laser ablation. Consequently, there is a significant need for flexible PUF labels capable of being produced through a facile and dry process. Here, we present stress-relief modulated photonic crystal PUF labels designed for multi-level dynamic encryption. We achieve random patterning of nanograting-based photonic crystals by leveraging curved pinning edge-induced interruptions and the uncontrolled bulking of the polymeric elastomer due to the uneven adhesion force from the tape. Using artificial intelligence-based deep learning algorithms, we authenticate the labels by extracting structural color, brightness, and saturation, which are determined by the grating periodicity, depth, and orderliness of each pixel. Furthermore, we integrated these photonic crystal patterns with dynamically modulated optical erasure to extend encryption capacity from the spatial to the temporal dimension. We anticipate this approach will enable advanced wearable anti-counterfeiting labels and multi-level digital encryption systems. Full article

Physical Unclonable Functions (PUFs) represent a highly promising hardware security primitive, yet they face constraints of insufficient reliability and threats from modeling attacks. This paper designs a novel Feed-Forward Crossbar Matrix Arbiter PUF (FC-MA PUF). It incorporates an inter-stage crossbar structure, a feed-forward control system, and a mechanism for selecting reliable challenge-response pairs. These features significantly enhance the structural non-linearity and stability, substantially improving security and adaptability to a wider range of operating environments. It provides a high-strength authentication solution with low resource overhead for lightweight security-demanding devices such as IoT devices. The proposed FC-MA PUF has been successfully implemented on a Field-Programmable Gate Array (FPGA) platform. Experimental results for the selected 4-stage FC-MA PUF configuration show a bias, inter-chip uniqueness, and bit error rate (BER) of 49.88%, 49.68%, and 0.018%, respectively. Furthermore, the structure allows for flexible configuration of the number of feed-forward modules based on practical application requirements: a greater number of feed-forward modules enhances security but also leads to an increased BER and a decreased proportion of stable challenge-response pairs. Experimental results based on a training set of 1,000,000 challenge-response pairs demonstrate that: with two feed-forward units, the stable (Challenge Response Pair)CRP ratio is 39.72% and the Covariance Matrix Adaptation Evolutionary Strategies (CMA-ES) attack prediction success rate is 58.20%; with three units, the ratio decreases to 29.12% and the prediction rate drops to 54.91%; with four units, these values further decline to 20.18% and 52.33% respectively. These results confirm that the proposed FC-MA PUF effectively resists multiple modeling attacks, including Logistic Regression (LR), Support Vector Machine (SVM), and CMA-ES. Full article

In Social Internet of Vehicles (SIoV) environments, fog computing plays a crucial role in supporting real-time services by reducing the latency inherent in cloud-based architectures. However, fog nodes are typically deployed in physically exposed roadside environments and can be operated by several system operators, making them vulnerable to physical compromise and unauthorized access. Despite these threats, many existing authentication schemes assume fog nodes to be fully trusted or honest-but-curious, allowing them to decrypt transmitted data using a session key shared among vehicles, fog nodes, and cloud servers. To overcome these limitations, this paper proposes a quantum-secure pairwise key agreement scheme that establishes distinct session keys for vehicle–fog, fog–cloud, and vehicle–cloud communications. This design effectively prevents the disclosure of sensitive information even in the event of fog node compromise. Furthermore, Physical Unclonable Functions (PUFs) are employed to mitigate physical capture attacks, while lattice-based cryptography based on the Module Learning with Errors (MLWE) problem is integrated to ensure resistance against quantum computing attacks. The security of the proposed protocol is rigorously validated through formal analysis using AVISPA, BAN logic, and the Real-or-Random (RoR) model, in addition to informal security analysis. Comparative performance evaluations against related schemes demonstrate that the proposed approach achieves a balance between efficiency and security, making it well suited for practical deployment in SIoV environments. Full article

Targeting resource-constrained Internet of Things (IoT) devices, this paper proposes Stuck-at-Fault Physical Unclonable Function (SAF-PUF), a lightweight Resistive Random-Access Memory (RRAM)-based PUF that exploits the intrinsic addresses of manufacturing-induced SAF defects as a stable entropy source. By using the coordinates of Stuck-at-1 (SA1) cells to seed a 32-bit Linear Feedback Shift Register (LFSR), SAF-PUF generates robust, variable-length responses with zero Bit Error Rate (BER) across a wide temperature range from −40 °C to 125 °C, without any error-correction circuitry. Experimental results based on 100,000 Challenge–Response Pairs (CRPs) demonstrate strong resilience against machine learning (ML) attacks, with prediction accuracies of logistic regression (LR), support vector machines (SVM), neural networks (NN) and convolutional neural networks (CNNs) remaining close to 50%. Moreover, a “use-then-conceal” mechanism is introduced to enhance post-authentication security, enabling response obfuscation with minimal cell reconfiguration. These features make SAF-PUF a high-security, low-overhead hardware root of trust suitable for IoT applications. Full article

The proliferation of Internet of Things (IoT) devices and embedded processors has recently spurred rapid advances in hardware-level security. This paper systematically reviews developments in securing microcontroller units (MCUs) and constrained embedded platforms from 2020 to 2026, a period marked by the finalization of NIST’s post-quantum cryptography standards and accelerated commercial deployment of hardware security primitives. Through analysis of the peer-reviewed literature, industry implementations, and standardization efforts, we survey five critical areas: post-quantum cryptography (PQC) implementations on resource-constrained hardware, physically unclonable functions (PUFs) for device authentication, hardware Roots of Trust and secure boot mechanisms, side-channel attack mitigations, and Trusted Execution Environments (TEEs) for microcontroller-class devices. For each domain, we analyze technical mechanisms, deployment constraints (power, memory, cost), security guarantees, and commercial maturity. Our review distinguishes itself through its integration perspective, examining how these primitives must be composed to secure real-world embedded systems, and its emphasis on post-standardization PQC developments. We highlight critical gaps including PQC memory overhead challenges, ML-resistant PUF designs, and TEE developer friction, while documenting commercial progress such as PSA Level 3 certified components and 500+ million PUF-enabled devices deployed. This synthesis provides practitioners with practical guidance for securing the next generation of IoT and embedded systems. Full article

The integration of unmanned aerial vehicles (UAVs) into vehicular ad hoc networks (VANETs) has emerged as a promising solution to overcome the limited coverage of conventional roadside unit (RSU)-based infrastructures. However, UAVs operate in open environments and cannot be fully trusted, while the rapid advancement of quantum computing threatens the long-term security of classical public-key cryptographic systems. As a result, many existing UAV-based VANET authentication schemes face fundamental limitations in future deployments. Most existing schemes either lack post-quantum security or incur excessive computational and communication overhead, making them unsuitable for real-time and high-mobility vehicular environments. In addition, the common assumptions of trusted UAVs do not align with realistic threat models. To address these issues, this paper proposes a lightweight post-quantum authentication and key exchange protocol based on the module learning with errors (MLWE) problem and physically unclonable functions (PUFs). The proposed scheme treats UAVs as untrusted relay nodes and excludes them from session key generation. Its security is evaluated using informal analysis, the real-or-random (RoR) model, BAN logic, and AVISPA, while performance evaluation indicates improved efficiency compared to existing schemes. Full article

Flying Ad Hoc Networks (FANETs) formed by cooperative Unmanned Aerial Vehicles (UAVs) require formally proven secure and resource-efficient authentication because open wireless channels allow active adversaries to inject commands, replay traffic, and impersonate nodes. Conventional certificate-based mechanisms impose key management overhead and remain vulnerable under device capture, while existing lightweight and Physical Unclonable Function (PUF)-assisted proposals commonly assume stable connectivity, lack formal adversarial verification, or are evaluated only through simulation. This paper presents a lightweight PUF-assisted authentication protocol designed for dynamic multi-hop FANET operation. The scheme provides mutual UAV–Ground Station (GS) authentication and session key establishment and further enables secure UAV–UAV communication using an off-path ticket mechanism that eliminates continuous infrastructure dependence. The protocol is constructed through verification-driven refinement and formally analysed under the Dolev–Yao model, establishing authentication and session key secrecy and resistance to replay and impersonation attacks. Implementation-oriented latency measurements on Raspberry-Pi-class embedded platforms demonstrate that cryptographic processing time can be further reduced with hardware improvements, while the overall end-to-end delay is still largely determined by channel conditions and connection behaviour. Comparative evaluation shows reduced communication cost and broader security coverage relative to existing UAV authentication schemes, indicating practical deployability in large-scale FANET environments. Full article

With the rise of smart cities, technology has enabled more efficient urban management. A key part of this is the Internet of Vehicles (IoVs), which connects vehicles to smart city systems to improve transportation safety and efficiency. This integrated system enables wireless connection between vehicles, allowing for the sharing of essential traffic information. However, with all this connectivity, there are growing concerns about IoV security and privacy. This paper presents a new privacy-preserving authentication scheme for Autonomous Vehicles (AVs) in the IoV field using physical unclonable functions (PUFs). This scheme employs a bilinear pairing-based encryption technique that supports search over encrypted data. The primary aim of this scheme is to authenticate AVs inside the IoV architecture. A novel PUF design generates random keys for our authentication technique, hence boosting security. This dual-layer security strategy safeguards against a range of cyber threats, including identity fraud, man-in-the-middle attacks, and unauthorized access to personal user data. The PUF design will guarantee the true randomness of the AVs’ users’ secret keys. To handle the large amount of data involved, we use hardware acceleration with different Field-Programmable Gate Arrays (FPGAs). Our examination of privacy and security demonstrates the achievement of the defined design goals. The proposed authentication framework was fully implemented and validated on FPGA platforms to demonstrate its hardware feasibility and efficiency. The integrated heterogeneous PUF achieves an average reliability exceeding $98.5\%$ across a wide temperature range, while maintaining near-ideal randomness with an average Hamming weight of $49.7\%$ over multiple challenge sets. Furthermore, the uniqueness metric approaches $49.9\%$, confirming strong inter-device distinguishability among different PUF instances. The complete authentication architecture was synthesized on Nexys-100T, Zynq-104, and Kintex-116 devices, where the design utilizes less than $80\%$ of slice Look-Up Tables (LUTs), under $27\%$ of on-chip memory resources, and below $16\%$ of DSP blocks, demonstrating low hardware overhead. Full article

In the current situation of the Internet of Things (IoT) with its billions of interconnected devices, security in this low-resource environment is paramount. A Physical Unclonable Function (PUF) is a very useful cryptographic primitive which allows us to extract unique information from a particular device in a non-reproducible way. This allows us to use a PUF in cryptography for authentication or secret-key generation. Ring Oscillators (ROs) and Transient Effect Ring Oscillators (TEROs) are oscillating structures used in both FPGAs and ASICs to build PUFs. In this paper we present an FPGA implementation of a PUF based on what we call the “TERORO” cell (TERO + RO), which is a hybrid structure that allows us to use the different functionalities of both RO and TERO in a single building block. We assess all the possible methods of extracting bits of information from the PUF based on TERORO cells. Finally, we tested the circuit and presented experimental results in terms of its uniqueness, uniformity, and reliability. In RO-counter mode, we obtain $49.74\%$ uniqueness, $54.66\%$ uniformity, and $97.81\%$ reliability across devices, while TERO-based XOR mixing achieves $52.83\%$ uniformity, $45.79\%$ uniqueness, and $93.15\%$ reliability. The FPGA footprint is 142 LUTs, 36 registers, and 82 slices. Full article

Wireless sensor systems can collect and share a large amount of data for different kinds of applications, but are also vulnerable to cyberattacks. The impact of cyberattacks on systems’ confidentiality, integrity, and availability can be mitigated by using authentication procedures and cryptographic algorithms. Authentication passwords and cryptographic keys may be stored in a non-volatile memory, which may be easily tampered with. Alternately, Physical Unclonable Functions (PUFs) can be adopted. They generate a chip’s unique fingerprint, by exploiting the randomness of process parameters’ variations occurring during chip fabrication, thus constituting a more secure alternative to the adoption of non-volatile memories for password storage. PUF reliability is of primary concern to guarantee a system’s availability. In this paper, the reliability of a Static Random Access Memory (SRAM)-based PUF implemented by a standard 32 nm CMOS technology is investigated, as a function of different operating conditions, such as noise, power supply voltage, and temperature, and considering different values of transistor conduction threshold voltages. The achieved results will show that transistor threshold voltage and noise are the operating conditions mostly affecting PUF reliability, while the impact of temperature variations is lower, and that of power supply variations is negligible. Full article

Secure real-time data interaction between vehicles and transportation infrastructure, such as RSUs (V2R), can achieve intelligent and safe driving, as well as efficient travel services, in Internet of Vehicles (IoV), a secure and efficient V2R authentication protocol, which plays an important role. Recently, scholars have proposed a two-factor V2R authentication protocol for the IoV. However, subsequent research has shown that this protocol is vulnerable to insider and ephemeral secret leakage attacks, and cannot achieve perfect forward secrecy. To address these security flaws, an improved scheme was further proposed. Nevertheless, this paper points out that the improved scheme still has shortcomings: it cannot provide anonymity and perfect forward secrecy, exhibits insufficient session key secrecy, and remains vulnerable to password guessing attacks, RSU capture attacks, and suffers from inappropriate pseudo-identity update mechanisms. Therefore, a novel Physical Unclonable Function-based Lightweight V2R Authentication (PUF-LA) scheme is proposed, which uses Elliptic Curve Cryptography (ECC) to achieve perfect forward secrecy, uses PUF to resist devices captured attacks, and achieves two-factor secrecy protection against password guessing attacks. The security performance of PUF-LA is theoretically proved by leveraging the random oracle model. In contrast with relevant authentication schemes, PUF-LA is more secure and has low computation costs. Full article

Autonomous drone swarms are increasingly deployed in critical domains such as infrastructure inspection, environmental monitoring, and emergency response. While their distributed operation enables scalability and resilience, it also introduces new vulnerabilities, particularly in authentication and trust establishment. Conventional cryptographic solutions, including public key infrastructures (PKI) and symmetric key protocols, impose computational and connectivity requirements unsuited to resource-constrained and external infrastructure-free swarm deployments. In this paper, we present a decentralized authentication scheme rooted in hardware security primitives (HSPs); specifically, Physical Unclonable Functions (PUFs) and True Random Number Generators (TRNGs). The protocol leverages master-initiated token broadcasting, iterative HSP seed evolution, randomized response delays, and statistical trust evaluation to detect cloning, replay, and impersonation attacks without reliance on centralized authorities or pre-distributed keys. Simulation studies demonstrate that the scheme achieves lightweight operation, rapid anomaly detection, and robustness against wireless interference, making it well-suited for real-time swarm systems. Full article