Zhang, Y;
Li, B;
Liu, B;
Chang, J;
(2024)
Building PUF as a Service: Distributed Authentication and Recoverable Data Sharing With Multidimensional CRPs Security Protection.
IEEE Internet of Things Journal
10.1109/JIOT.2024.3358011.
(In press).
Preview |
Text
Building_PUF_as_a_Service_Distributed_Authentication_and_Recoverable_Data_Sharing_With_Multidimensional_CRPs_Security_Protection.pdf - Accepted Version Download (1MB) | Preview |
Abstract
Physically Unclonable Functions (PUFs) have emerged as hardware fingerprints for IoT devices in the form of challenge-response pairs (CRPs). This mapping behaviour is regarded as a physically secure primitive, activating mechanisms of authentication and data protection. However, multidimensional security threats to CRPs, including impersonation attacks, availability attacks, machine learning attacks, and single point failure, impede the applications of PUFs technology. To simultaneously solve these threats, this paper not only leverages Shamir secret sharing (SSS) to provide comprehensive CRPs protection, but also integrates blockchain to address trust issues of synchronization, supervision, and deployment brought by the SSS system. Specifically, we first propose a security-enhanced and reliable CRPs management method. This method leverages SSS and its homomorphic addition feature to protect CRPs storage, sharing, and backup processes. Meanwhile, blockchain is involved in the SSS system to synchronize CRPs and supervise sharing behaviours. Then, a PUF-as-a-service (PaaS) framework is constructed, which utilizes blockchain to trace the change of the SSS system and integrate different PUFs-based security mechanisms. Once deployed in PaaS, users can always utilize transactions to build secure on-chain channels with SSS system and employ the PUF service. Based on our CRPs management method and PaaS framework, we successfully constructed PUFs-based distributed authentication and recoverable data sharing with multidimensional CRPs protection. The security proof and discussions of our scheme are also provided. Moreover, a proof-of-concept prototype was implemented to conduct experimental evaluations and comparative analysis. The results and additional discussions demonstrate that our work is efficient, practical, and suitable for IoT deployment.
Type: | Article |
---|---|
Title: | Building PUF as a Service: Distributed Authentication and Recoverable Data Sharing With Multidimensional CRPs Security Protection |
Open access status: | An open access version is available from UCL Discovery |
DOI: | 10.1109/JIOT.2024.3358011 |
Publisher version: | http://dx.doi.org/10.1109/jiot.2024.3358011 |
Language: | English |
Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
Keywords: | Physically Unclonable Functions, blockchain, Shamir secret sharing, Internet of Things (IoT), authentication and data sharing, CRPs security protection, security and privacy |
UCL classification: | UCL UCL > Provost and Vice Provost Offices > School of Life and Medical Sciences UCL > Provost and Vice Provost Offices > School of Life and Medical Sciences > Faculty of Medical Sciences UCL > Provost and Vice Provost Offices > School of Life and Medical Sciences > Faculty of Medical Sciences > Div of Surgery and Interventional Sci UCL > Provost and Vice Provost Offices > School of Life and Medical Sciences > Faculty of Medical Sciences > Div of Surgery and Interventional Sci > Department of Surgical Biotechnology |
URI: | https://discovery.ucl.ac.uk/id/eprint/10190812 |
Archive Staff Only
View Item |