Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Lightweight Cryptography for Security and Privacy

LightSec 2016: Lightweight Cryptography for Security and Privacy pp 128–148Cite as

Concealing Ketje: A Lightweight PUF-Based Privacy Preserving Authentication Protocol

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10098))

Abstract

In this paper, we focus on the design of a novel authentication protocol that preserves the privacy of embedded devices. A Physically Unclonable Function (PUF) generates challenge-response pairs that form the source of authenticity between a server and multiple devices. We rely on Authenticated Encryption (AE) for confidentiality, integrity and authenticity of the messages. A challenge updating mechanism combined with an authenticate-before-identify strategy is used to provide privacy. The major advantage of the proposed method is that no shared secrets need to be stored into the device’s non-volatile memory. We design a protocol that supports server authenticity, device authenticity, device privacy, and memory disclosure. Following, we prove that the protocol is secure, and forward and backward privacy-preserving via game transformations. Moreover, a proof of concept is presented that uses a 3-1 Double Arbiter PUF, a concatenation of repetition and BCH error-correcting codes, and the AE-scheme Ketje. We show that our device implementation utilizes 8,305 LUTs on a 28 nm Xilinx Zynq XC7Z020 System on Chip (SoC) and takes only 0.63 ms to perform an authentication operation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    A modification of challenge X in non-volatile memory does not break the security of the protocol, only the theoretical privacy preservation because an attacker can distinguish a device with modified challenge X (cannot successfully authenticate) from a device with unmodified challenge X (can successfully authenticate).

References

  1. Avnet Inc.: ZedBoard (2016). http://zedboard.org/product/zedboard. Accessed 19 August 2016

  2. Aysu, A., Gulcan, E., Moriyama, D., Schaumont, P., Yung, M.: End-to-end design of a puf-based privacy preserving authentication protocol. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 556–576. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48324-4_28

    Chapter  Google Scholar 

  3. Bernstein, D., et al.: CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness (2016). http://competitions.cr.yp.to/caesar.html

  4. Bertoni, G., Daemen, J., Peeters, M., Van Asche, G., Van Keer, R.: CAESAR submission: Ketje v1. http://ketje.noekeon.org/Ketje-1.1.pdf

  5. Bösch, C., Guajardo, J., Sadeghi, A.-R., Shokrollahi, J., Tuyls, P.: Efficient helper data key extractor on FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 181–197. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85053-3_12

    Chapter  Google Scholar 

  6. Delvaux, J., Peeters, R., Gu, D., Verbauwhede, I.: A survey on lightweight entity authentication with strong pufs. ACM Comput. Surv. 48(2), 26:1–26:42. http://doi.acm.org/10.1145/2818186

  7. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24676-3_31

    Chapter  Google Scholar 

  8. Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: Physical unclonable functions and public-key crypto for FPGA IP protection. In: 2007 International Conference on Field Programmable Logic and Applications, pp. 189–195, August 2007

    Google Scholar 

  9. Herrewege, A., Katzenbeisser, S., Maes, R., Peeters, R., Sadeghi, A.-R., Verbauwhede, I., Wachsmann, C.: Reverse fuzzy extractors: enabling lightweight mutual authentication for PUF-enabled RFIDs. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 374–389. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32946-3_27

    Chapter  Google Scholar 

  10. Kelsey, J., Schneier, B., Ferguson, N.: Yarrow-160: notes on the design and analysis of the yarrow cryptographic pseudorandom number generator. In: Heys, H., Adams, C. (eds.) SAC 1999. LNCS, vol. 1758, pp. 13–33. Springer, Heidelberg (2000). doi:10.1007/3-540-46513-8_2

    Chapter  Google Scholar 

  11. Lee, M.Z., Dunn, A.M., Waters, B., Witchel, E., Katz, J.: Anon-pass: practical anonymous subscriptions. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 319–333, May 2013

    Google Scholar 

  12. Machida, T., Yamamoto, D., Iwamoto, M., Sakiyama, K.: A New Arbiter PUF for Enhancing Unpredictability on FPGA. Sci. World J. http://dx.doi.org/10.1155/2015/864812

  13. Maes, R.: Physically unclonable functions: Constructions, properties and applications. Ph.D. thesis, Dissertation, University of KU Leuven (2012)

    Google Scholar 

  14. Maes, R., Herrewege, A., Verbauwhede, I.: PUFKY: a fully functional PUF-based cryptographic key generator. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 302–319. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33027-8_18

    Chapter  Google Scholar 

  15. Moriyama, D., Matsuo, S., Yung, M.: PUF-Based RFID Authentication Secure and Private under Memory Leakage. Cryptology ePrint Archive, Report 2013/712 (2013). http://eprint.iacr.org/2013/712.pdf

  16. Rogaway, P.: Authenticated-encryption with associated-data. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, NY, USA, pp. 98–107 (2002). http://doi.acm.org/10.1145/586110.586125

  17. Xilinx Inc.: Zynq-7000 All Programmable SoC Overview, Product Specification DS190 (v1.9). http://www.xilinx.com/support/documentation/data_sheets/ds190-Zynq-7000-Overview.pdf. Accessed 19 August 2016

Download references

Acknowledgments

I would like to thank Lejla Batina, Joan Daemen, Gergely Alpár and Antonio de la Piedra of the Digital Security Group at the Radboud University for their guidance and support which lead to the publication of this work.

Author information

Authors and Affiliations

  1. Institute for Computing and Information Sciences, Radboud University, Nijmegen, The Netherlands

    Gerben Geltink

Authors
  1. Gerben Geltink
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gerben Geltink .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Andrey Bogdanov

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Geltink, G. (2017). Concealing Ketje: A Lightweight PUF-Based Privacy Preserving Authentication Protocol. In: Bogdanov, A. (eds) Lightweight Cryptography for Security and Privacy. LightSec 2016. Lecture Notes in Computer Science(), vol 10098. Springer, Cham. https://doi.org/10.1007/978-3-319-55714-4_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-55714-4_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-55713-7

  • Online ISBN: 978-3-319-55714-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation