2020 International Conference on Computational Science and Computational Intelligence (CSCI)

An IoT mutual scheme based on PUF and

Ore Ndiaye Diedhiou, Cherif Diallo Laboratoire d’Alg`ebre, de Cryptographie, Codes et Applications (LACCA) Dept Informatique, UFR Sciences Appliqu´eeset Technologie (UFR SAT) Universit´eGaston Berger (UGB), BP 234, Saint-Louis, S´en´egal E-mail: [email protected], [email protected]

Abstract—Security is one of the major challenges of the (IoT). In an IoT network, data are processed and exchanged without human intervention. Because of this autonomy, objects must authenticate each other as well as to ensure the integrity of the exchanged data. An efficient authentication scheme allows to protect the net- work against several attacks. Several IoT authen- tication schemes have already been proposed but they are mostly ineffective and sometimes have lim- itations. This work proposes a new mutual authen- tication scheme for IoT based on digital signatures, the Physical Unclonable Functions (PUF) and the blockchain technology. The Global Assessment and analyses show that our new protocol gives more resistance to different types of attacks, and that it also provides a better performance in terms of computing load although it requires fewer storage Fig. 1: An illustration of IoT network architecture resources. Index Terms—IoT, Mutual Authentication, PUF, Currently, with the development of the Internet of Blockchain, Things, the number of connected devices is increasing exponentially. Ease deployment of ”connected objects” is an asset that makes them easy to integrate in a lot of market such as: smart waste management, environmental monitoring, smart transportation systems, smart parking, traffic management, smart I. Introduction navigation system for users of public urban transport, the smart grid. In addition, IoT has made possible the evolution of many other areas like: from manufacturing plants to what is actually called Industry 4.0, from The IoT was born out of the aggregation of several agriculture to smart agriculture, from health to smart technologies such as RFID, NFC, wireless sensors and health. actuators, M2M, 3/4G, IPv6, 6lowPAN, RPL, etc. Conceptually, the Internet of Things characterizes For its various applications, the data exchanged physical objects connected and communicating with (which can be critical) must meet many security stan- each other.This network creates a bridge between the dards in order to ensure security services such as physical world and the virtual world. From a technical authentication, confidentiality, availability and data standpoint, the IoT consists of a standardized integrity. Only authorized data exchanges should pro- numerical identification (IP address, smtp, protocols, ceed without any alteration or interruption. Many http, etc.) of a physical object thanks to an wireless IoT security solutions have been proposed. These communication system (Fig.1) that can be used to solutions can be applied at one or more levels of communicate a RFID chip, Bluetooth, Wi-Fi, etc. the Internet of Things ecosystem. However, the first level of security to ensure is authentication. Most of the proposed authentication schemes are based on several mechanisms such as cryptographic algorithms, hash functions, digital signatures, digital certificates, This work is supported by CEA-MITIC (Centre object characteristics, etc. Other recently borrowed d’Excellence en Mathematiques, Informatique et TIC, http : //www.ceamitic.sn/). techniques such as blockchain, are adapted to the IoT

978-1-7281-7624-6/20/$31.00 ©2020 IEEE 1034 DOI 10.1109/CSCI51800.2020.00193 and used in authentication. Our work focuses primarily on authentication, which In this paper, we first present a small review of au- consists of allowing a legitimate user to access re- thentication schemes recently proposed in the Internet sources, as well as denying access to a malicious or of Things. Next, we will present a new solution that attacking person [11]. Many solutions are known for combines the Physical Unclonable Function (PUF) [2] authentication, they are based on all or part of the 3 and the blockchain technology [3] [4] in order to gain commonly accepted authentication factors : in efficiency and to have more resistance of attacks. • ”What we know”, which refers to knowledge that To carry out our work, this document is organized as only the user is supposed to have, for example a follows: section II provides a brief description of IoT secret code. security with an emphasis on authentication; in the • ”‘What we are”, which refers to the nature of the next two sections (III and IV), some recently proposed person, in what is most distinctive about him or authentication schemes and preliminary background her. This point is generally solved by . are reviewed, before being presented in section V, our Biometrics is based on the recognition of physical proposal, a new mutual authentication system based or behavioural features. on PUF and blockchain. Finally, we give our conclusion • ”What we have”, which is based on a possession in section VI. that only the user is supposed to have, for example II. IoT Security a personal . Internet of Things authentication schemes must have The Internet is the medium of the IoT. Therefore certain characteristics: almost all security threats inherent to the Internet are • It must be lightweight because many IoT objects propagated to the IoT as well [5] [6] [7]. Based on [8] have low computing power, low power consump- [9] [10] [11] we’ve categorized the attacks according to tion and limited memory. the different layers of the Internet architecture of the • It must be efficient in order to find a compromise objects (Fig. 2). Some of these attacks are described between the level of security required and the total in [5] [6]. cost of resource consumption. • It must be robust so that the loss of nodes does not affect the security of communications throughout the network. III. Related works Several authentication schemes in IoT systems have been proposed in the literature [13]. In [1] the proposed scheme uses the TLS secure channel, digital signatures and a functional operation performed on the nuncio. the scheme is efficient and lightweight. The use of timestamping allows resistance Fig. 2: IoT Attacks against . Cryptographic keys are stored locally, making the scheme vulnerable to attacks re- Unlike traditional nodes, the nodes of the IoT are sulting from physical capture of the object. constrained by their low capacity and limited re- The scheme proposed in [2] is based on the use of sources. The wider adoption of the Internet of Things PUF (Physical Unclonable Function) and hash func- lies in the ability to meet many security requirements tions. The PUF is a function that associates a set in order to avoid catastrophic consequences on hu- of challenges to a set of responses. The use of the man life [12]. In order to ensure effective security PUF in the proposed authentication protocol protects of Internet of Things data, different mechanisms are against cloning attacks. The proposed scheme has the used to ensure authentication, access control and flow advantage of using very few factors, it does not require management (Fig. 3). a secret key stored in the object; the node stores only its identifier. On the other hand, this scheme requires a lot of sent messages and verifications, which can quickly flood all the communication medium in case of high activity. The paper [3] proposes an authentication scheme based on the blockchain. In this scheme, nodes are divided into virtual zones called Bubbles-of-Trust in which nodes could authenticate and trust each other. The use of the blockchain ensures the scalability of Fig. 3: The different levels of security the network. The scheme is resistant to sybil, re- play and malicious node intrusion attacks. However

1035 in this scheme, communications are considered as tion is effective only once. transactions and must be validated by the blockchain It is also resistant to the middle man attack because (implemented with the Ethereum blockchain). The the AN account being confidential, even if the attacker blockchain includes financial costs, in the Ethereum succeeds in intercepting the random factor RT ,he blockchain, the consensus protocol takes 14 seconds will not be able to calculate the hash SHA1 function to validate a transaction, which is considered long for (RT AN). On the other hand, the schema requires some critical applications. many factors and other information that are stored In [4], the authors propose an authentication scheme at the IoT object level, which makes it vulnerable to based on asymmetric cryptography and blockchain. attacks resulting from a physical capture of the object. Each node is a node in the blockchain network. Two During the design of our solution, we have focused types of nodes are thus defined: consensus nodes and on works [2] [3] [4] in order to improve efficiency and non-consensus nodes. The consensus nodes participate performance. Authors of [2] used the PUF technique in the consensus process, generate and distribute the whereas [3] and [4] are based on blockchain techniques. blocks to non-consensus nodes which only transfer These solutions provide more security at the IoT node, data. The authentication scheme includes the three but they have the disadvantage of causing memory steps: enrollment of devices, identity authentication problems. The PUF principle which is an authenti- and integrity verification. cation factor referring to ”What we are”, and what This authentication method [4] is simple and makes it attractive for security is that because of its lightweight. The blockchain technology used has made physical basis, it is immensely difficult if not impossible it possible not only to do without the traditional IoT to produce a physical clone of a PUF [2]. However, the authentication scheme requiring a central authority solution proposed by [2] is neither enough scalable nor (such as a server) but also to create an environment providing all security services. In order to overcome of trust because authentication is becoming decen- this issue, we add the blockchain feature combined tralized. The information stored in the blockchain with the PUF technique to our solution, in such a when registering nodes is used to ensure integrity. Any way that it provides great scalability and more security change to the data can be detected immediately. This services. So, [3] and [4] are based on blockchain mutual method is therefore resistant to man in the middle authentication solutions providing both a good level attack, node compromise, malicious node intrusion, of security. However, the required memory and the and even DDoS attack. The system will still work well computation load could be reduced with our approach. even if some of the nodes suffer from a DDoS attack Before describing our solution in section V, we will first because the blockchain registry is decentralized. How- present its preliminary basics in what follows. ever, the entire security of the method depends on the IV. Preliminary background robustness algorithm of PBFT (Practical Byzantine Fault Tolerance) which is the consensus algorithm used In this section we will give a description of PUF in the scheme for the blockchain. Since the system and blockchain technology which will be the basis of is considered to be a blockchain system, the block our new proposal. register is stored at node level and occupies memory A. PUF space, and greater energy consumption could lead to shortening the lifetime of consensus nodes. When the cryptographic key/identifier is stored in a memory, it opens the door to potential attacks In [11], the authors propose a mutual authentication to recover the key, including attacks to force access, scheme applicable between two nodes or between a reverse engineering. To address these vulnerabilities, node and a user. The proposed schema uses ECC to es- minimum requirements for the generation and storage tablish a public, private key pair. It describes 3 phases: of the key/identifier must be taken into account. an initialization phase, a mutual authentication phase and a key establishment phase. The schema is resistant • Use a truly random source that ensures unpre- to replay attack because the time factor used Ti allows dictability and key/identifier uniqueness. to check the time stamping of messages. It is also • Protect memory from unauthorized parties for vulnerable to DDoS and man-in-the-middle attacks, reliable key/identifier storage. however is vulnerable to attacks related to the physical Physical Unclonable Functions (PUFs) appear to be a capture of the node. solution alternative to traditional cryptographic tech- The authors of [14] propose an authentication niques. PUFs are comparable to biometrics for elec- schema based on the SHA1 hash function and feature tronic components. The principle of PUFs is based on extraction. Feature extraction consists in simplifying the fact that the physical behavior of electronic com- the amount of resources needed to describe a large ponents is random, constant and unclonable. There are dataset with precision. They use two classes of fea- 3 main properties that a PUF system must have: tures: variance and energy. The proposed scheme is • Unpredictability: the generated PUF response resistant to replay attack because the random factor varies randomly from one chip to another. But RT used guarantees that the authentication informa- it is static on the same chip.

1036 • Non clonability: the random variation of the man- and minimize the need for trusted intermediaries” [5]. ufacturing process makes the PUF structure very Often associated with the Ethereum protocol, which is difficult to clone. positioned as a more programmable version of Bitcoin, • Tamper resistance: PUF must be robust against considerably broadening the scope of the decentralized physical attacks. For example, invasive attacks applications, the term ”smart contract” has only re- should not be able to force the PUF response, or cently become popular. detect it. A smart contract can therefore perform calculations, A PUF can be characterized by a challenge-response store information, expose properties, automatically pair, where C is the challenge and R is the response send funds to other accounts, and so on. The smart for that specific challenge. A PUF can be represented contract, being on the blockchain, is also inviolable as follows: R = P(C) and resistant and can therefore be used (among other things) as a trusted third party. V. Proposal of a mutual authentication scheme based on PUF and blockchain In this section, we describe our new IoT mutual authentication proposal which is mainly based on the two technologies detailed above. As discussed before, we are particularly interested in the weaknesses of [2], [3], in order to propose a scheme that could bring an improvement to them. Firstly, we give a summary of Fig. 4: Principle of PUF. used notations in TABLE I, before presenting some assumptions in the next subsection. PUFs can be used for several applications: - Document and device authentication TABLE I: Notations table - Cryptographic key generation Notations Descriptions - The protection of intellectual property. C The initial challenge R Response to the initial challenge B. Blockchain Ci The ith challenge of of a node are tamper-proof digital registries im- Ri The ith response to the challenge Ci plemented in a distributed system (i.e. without a ID The identifier of a node central repository) and usually without a central au- P The private key of a node thority (i.e. a bank, a company or a government). Each PK The public key of a node exchange made by its users is recorded as a block that H() A hash function forms a chain, hence the notion of a blockchain. T the time at which the message is sent t* the current at the reception of the message A. Assumptions We make the following assumptions for the proposed scheme. • As in [2], we consider that each IoT node is an embedded system. Any attempt to remove the Fig. 5: A chain of blocks. PUF from the device will result in the destruction of the PUF. The nodes in a blockchain can be divided into two • Is not possible to eavesdrop or alter the commu- groups: nication between a device’s microcontroller and - A complete node: This refers to a node that stores PUF [2]. the entire blockchain, the complete node can also be a publishing node, i.e. a node that also publishes new We consider three types of nodes in our authentication blocks. scheme: - A lightweight node: it is a node that does not store • initiator node: The initiator node must initiate or keep a copy of the ledger and must transmit its the network. It will be in charge of creating a transaction to the full nodes. The blockchain consists C challenge that it will send to the other nodes of several components including smart contracts. The and the blockchain for the creation of a trusted overall objectives of intelligent contract design are to network. This node stores its IDi, its private key satisfy common contractual conditions (such as pay- Pi. ment terms, privileges, confidentiality, and even appli- • Trusted nodes : trusted nodes are complete nodes cation), minimize malicious and accidental exceptions, of the blockchain. They are nodes in passive mode,

1037 i.e. they do not generate blocks (which could - Registrationg of nodes at the blockchain reduce the computational load compared to the nodes) but will have a copy of the block. A trusted node will store its IDc, its private key Pc and the public key Pki of the initiator node. • Simple nodes: Simple nodes are the other nodes. This type of node stores its IDs, its private key Ps and the public key Pki of the initiator node. • We also assume that each node has a pub- lic/private key pair that allows it to sign its messages. B. System model The following figure (Fig. 6) describes the system model for our authentication scheme.

Fig. 8: Registration of nodes at the blockchain

Before initiating an authentication procedure, the must register at the blockchain level (step 1). To register, node A which receives the challenge signed by the initiating node decrypts it and calculates its result on the challenge using the PUF with the input C: RA = P (C). It then sends to the concatenation (IDA||PkA||(C)signedwith(Pi)||RA) signed by its private key to the blockchain. At the blockchain level, the following checks are performed : If transactionverifiedwith(PkA) = ok: the integrity Fig. 6: System model of the transaction is checked using the public key of node A. Our system model is composed of 3 phases: If ((C)signedwith (Pi))verifiedwith(Pki) = ok: the validity of the challenge is checked using the public - Initialization phase key of the initiator node. The initiator node creates a challenge C and calculates If IDA is unique: the uniqueness of the identifier is its response to this challenge, Ri = P(C), checked. If all checks are successful, the IDA, Pki,C, PA information is stored in the blockchain, the registration is completed. - Authentication procedure

Fig. 7: Initialization phase

It then sends to the blockchain the concatenation of IDi||Pki||C||Ri signed by its private key Pi. It then sends the challenge signed by its private key Pi to the other nodes that want to access the network.

1038 Fig. 9: Authentication procedure // returns an error message

To explain the authentication procedure, we will as- sume that a node A wishes to communicate with a node B. Node A sends its identity and TA timestamp to node B (step 2). If node B is a simple node, it requests information from node A to a trusted node (step 3). The trusted node that holds a copy of the block register sends it the information of node A stored in the block chain (step 4). Thus, node B sends the concatenation of challenge C and its timestamp (which it will encrypt with A’s public key) to node A (step 5). Finally, Node A calculates the result RA and sends the concatenation of its response RA and its timestamp TA to the node B. Node B then compares the result with the result received from the trusted node. If these two results are equal, then node A is authenticated; otherwise, the request is rejected. If node B is a trusted node, the number of sent messages decreases. There is a last phase that will take place after the authentication has been successful, this is a phase that updates the node specific challenge. After the authentication, node B generates a new challenge that it will send to node A, which calculates the response and sends it to node B. Node B if it is not a trusted node sends again the concatenation of the updated information from node i i A(IDA||PkA||C ||RA), which the node will store in the blockchain. The interaction between the peripherals and the blockchain is carried out as a transaction. Following our system model, we have defined 3 types of transac- tions by smart contracts. The smart contract receives C. Global assessment, analysis and discussion requests from the nodes and performs various opera- tions such as writing and reading in the blockchain Our scheme allows distributed authentication using according to different requests. The interaction be- the blockchain. The use of the blockchain guarantees tween the nodes and the blockchain is illustrated in the availability of the IoT network (TABLE II). The the following figure : loss of a node does not prevent the system from work- ing. Communications are validated by the blockchain, which also guarantees non repudiation and the infor- mation stored in the system when nodes are registered is used to ensure integrity. In article [2], the authors use a server and all nodes must authenticate to this server which is a single point of failure. Thus, the availability feature in article [2] is closely related to the server Fig. 10: Smart contract availability feature.

Definition of parameters and functions for our TABLE II: Security services features algorithms The parameters : Services Our scheme [2] [3] [4] B : the blockchain Integrity     Obj:object Non repudiation    Function: IdExist (integer ID, Blockchain B) Confidentiality // check if the identifier is already used in the Mutual authentication     blockchain or not Availability    Function: IntegrityCheck(integer Message, integer PublicKey, Blockchain B) The proposed authentication scheme contributes to // verify the integrity of a transaction. reduce the memory occupation of the nodes. Indeed, Function: Error () in all nodes, it is enough to store the identifier and the

1039 private key of the node (the public key of the initiating [4] Dongxing Li, Wei Peng, Wenping Deng, and Fangyu Gai. node will be deleted in the other nodes after they ”A blockchain-based authentication and security mecha- nism for iot”. In 2018 27th International Conference on are stored in the blockchain). When registering nodes Computer Communication and Networks (ICCCN), pages in the blockchain, the sent messages are signed, this 1–6. IEEE, 2018. ensures integrity, In addition, the nodes’ information [5] Cherif Diallo, ”Security Issues and Solutions related to Data Aggregation Process in WSN”. In International Journal of are stored in the blockchain, which also reinforces Computer Science and Network Security, IJCSNS, VOL.17 integrity. The use of the blockchain ensures scalability No.4, pages 59–71, April 2017. of the system. [6] Cherif Diallo, Abdoulaye Saware and Maimouna Tedy Sow. ”Security Issues and Solutions in Wireless Sensor Networks”. In International Journal of Computer Science TABLE III: Attacks resistance and Information Security, IJCSIS ISSN 1947-5500, VOL.15 No.3, pages 6-17, March 2017. [7] Ioannis Andrea, Chrysostomos Chrysostomou, and George Attacks Our scheme [2] [3] [4] Hadjichristofi. ”Internet of things: Security vulnerabilities Node compromise     and challenges”. In 2015 IEEE Symposium on Computers   and Communication (ISCC), pages 180–187. IEEE, 2015. DoS attack [8] Jyoti Deogirikar and Amarsinh Vidhate. ”Securityattacksin Man in the middle    iot: A survey”. In 2017 International Conference on I-SMAC Sybil   (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), pages 32–37. IEEE, 2017. Replay attack    [9] Quandeng Gou, Lianshan Yan, Yihe Liu, and Yao Li. Malicious node intrusion    ”Construction and strategies in iot security system”. In 2013 IEEE international conference on green computing The TABLE III above shows the resistance of different and communications and IEEE internet of things and IEEE solutions to certain attacks. Our solution is resistant cyber, physical and social computing, pages 1129–1132. IEEE, 2013. to attacks related to a physical capture of the node. [10] Mukrimah Nawir, Amiza Amir, Naimah Yaakob, and Ong Indeed, the node only stores the object’s identifier and Bi Lynn. ”Internet of things (iot): Taxonomy of security private key, if a malicious person succeeds in extracting attacks”. In 2016 3rd International Conference on Electronic Design (ICED), pages 321–326. IEEE, 2016. this information, there is also another level of security [11] Ning Ye, Yan Zhu, Ru-chuan Wang,Reza Malekian and Lin which is the PUF challenge. So the physical capture of Qiao-Min. ”An efficient authentication and access control a can not harm the network. scheme for perception layer of internet of things”. Applied Mathematics and Information Sciences, 8(4):16–17, 2014. The included timestamp provides resistance against [12] Rwan Mahmoud, Tasneem Yousuf, Fadi Aloul, and Imran replay attacks. The scheme is also resistant to DoS at- Zualkernan. ”Internet of things (iot) security : Current tack, because we have multiple trusted nodes, so if one status, challenges and prospective measures”. In 2015 10th International Conference for Internet Technology and Se- of the trusted nodes suffers a denial of service attack, cured Transactions (ICITST), pages 336–341. IEEE, 2015. the other trusted nodes will continue to authenticate. [13] Mohammed El-hajj, Ahmad Fadlallah, Maroun Chamoun, and Ahmed Serhrouchni. ”A survey of internet of things VI. Conclusion and future works (iot) authentication schemes”. Sensors (Basel), 2019 Mar 6;19(5), pii: E1141, doi: 10.3390/s19051141, 2019. The Internet of Things presents many security chal- [14] Guanglei Zhao, Xianping Si, Jingcheng Wang, Xiao Long lenges, and its applications are part of our daily life. and Ting Hu. ”A novel mutual authentication scheme for internet of things”. In Proceedings of 2011 International The blockchain technology allows a distributed archi- Conference on Modelling, Identification and Control, pages tecture and some solutions rely on it. We propose, 563–566. IEEE, 2011. in this document, a new IoT mutual authentication based on PUF and blockchain technology. We also compare our solution with some authentication sys- tems. Overall assessment and analysis show that our new scheme gives more resistance to the different types attacks, and it also has better performance in terms of computational load, although it requires less storage resources. In future work, we will run different simulations scenarios with other performance criteria. References

[1] Zahoor Ahmed Alizai, Noquia Fatima Tareen, and Iqra Jadoon. ”Improved iot device authentication scheme using device capability and digital signatures”. In 2018 Interna- tional Conference on Applied and Engineering Mathematics (ICAEM), pages 1–5. IEEE, 2018. [2] Muhammad Naveed Aman, Kee Chaing Chua, and Biplab Sikdar. ”A light-weight mutual authentication protocol for iot systems”. In GLOBECOM 2017-2017 IEEE Global Com- munications Conference, pages 1–6. IEEE, 2017. [3] Mohamed Tahar Hammi, Badis Hammi, Patrick Bellot,and Ahmed Serhrouchni. ”Bubbles of trust: A decentralized blockchain-based authentication system for iot”. Computers and Security, 78:126–142, 2018.

1040