Abstract
In this paper, we focus on the design of a novel authentication protocol that preserves the privacy of embedded devices. A Physically Unclonable Function (PUF) generates challenge-response pairs that form the source of authenticity between a server and multiple devices. We rely on Authenticated Encryption (AE) for confidentiality, integrity and authenticity of the messages. A challenge updating mechanism combined with an authenticate-before-identify strategy is used to provide privacy. The major advantage of the proposed method is that no shared secrets need to be stored into the device’s non-volatile memory. We design a protocol that supports server authenticity, device authenticity, device privacy, and memory disclosure. Following, we prove that the protocol is secure, and forward and backward privacy-preserving via game transformations. Moreover, a proof of concept is presented that uses a 3-1 Double Arbiter PUF, a concatenation of repetition and BCH error-correcting codes, and the AE-scheme Ketje. We show that our device implementation utilizes 8,305 LUTs on a 28 nm Xilinx Zynq XC7Z020 System on Chip (SoC) and takes only 0.63 ms to perform an authentication operation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
A modification of challenge X in non-volatile memory does not break the security of the protocol, only the theoretical privacy preservation because an attacker can distinguish a device with modified challenge X (cannot successfully authenticate) from a device with unmodified challenge X (can successfully authenticate).
References
Avnet Inc.: ZedBoard (2016). http://zedboard.org/product/zedboard. Accessed 19 August 2016
Aysu, A., Gulcan, E., Moriyama, D., Schaumont, P., Yung, M.: End-to-end design of a puf-based privacy preserving authentication protocol. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 556–576. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48324-4_28
Bernstein, D., et al.: CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness (2016). http://competitions.cr.yp.to/caesar.html
Bertoni, G., Daemen, J., Peeters, M., Van Asche, G., Van Keer, R.: CAESAR submission: Ketje v1. http://ketje.noekeon.org/Ketje-1.1.pdf
Bösch, C., Guajardo, J., Sadeghi, A.-R., Shokrollahi, J., Tuyls, P.: Efficient helper data key extractor on FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 181–197. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85053-3_12
Delvaux, J., Peeters, R., Gu, D., Verbauwhede, I.: A survey on lightweight entity authentication with strong pufs. ACM Comput. Surv. 48(2), 26:1–26:42. http://doi.acm.org/10.1145/2818186
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24676-3_31
Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: Physical unclonable functions and public-key crypto for FPGA IP protection. In: 2007 International Conference on Field Programmable Logic and Applications, pp. 189–195, August 2007
Herrewege, A., Katzenbeisser, S., Maes, R., Peeters, R., Sadeghi, A.-R., Verbauwhede, I., Wachsmann, C.: Reverse fuzzy extractors: enabling lightweight mutual authentication for PUF-enabled RFIDs. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 374–389. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32946-3_27
Kelsey, J., Schneier, B., Ferguson, N.: Yarrow-160: notes on the design and analysis of the yarrow cryptographic pseudorandom number generator. In: Heys, H., Adams, C. (eds.) SAC 1999. LNCS, vol. 1758, pp. 13–33. Springer, Heidelberg (2000). doi:10.1007/3-540-46513-8_2
Lee, M.Z., Dunn, A.M., Waters, B., Witchel, E., Katz, J.: Anon-pass: practical anonymous subscriptions. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 319–333, May 2013
Machida, T., Yamamoto, D., Iwamoto, M., Sakiyama, K.: A New Arbiter PUF for Enhancing Unpredictability on FPGA. Sci. World J. http://dx.doi.org/10.1155/2015/864812
Maes, R.: Physically unclonable functions: Constructions, properties and applications. Ph.D. thesis, Dissertation, University of KU Leuven (2012)
Maes, R., Herrewege, A., Verbauwhede, I.: PUFKY: a fully functional PUF-based cryptographic key generator. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 302–319. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33027-8_18
Moriyama, D., Matsuo, S., Yung, M.: PUF-Based RFID Authentication Secure and Private under Memory Leakage. Cryptology ePrint Archive, Report 2013/712 (2013). http://eprint.iacr.org/2013/712.pdf
Rogaway, P.: Authenticated-encryption with associated-data. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, NY, USA, pp. 98–107 (2002). http://doi.acm.org/10.1145/586110.586125
Xilinx Inc.: Zynq-7000 All Programmable SoC Overview, Product Specification DS190 (v1.9). http://www.xilinx.com/support/documentation/data_sheets/ds190-Zynq-7000-Overview.pdf. Accessed 19 August 2016
Acknowledgments
I would like to thank Lejla Batina, Joan Daemen, Gergely Alpár and Antonio de la Piedra of the Digital Security Group at the Radboud University for their guidance and support which lead to the publication of this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Geltink, G. (2017). Concealing Ketje: A Lightweight PUF-Based Privacy Preserving Authentication Protocol. In: Bogdanov, A. (eds) Lightweight Cryptography for Security and Privacy. LightSec 2016. Lecture Notes in Computer Science(), vol 10098. Springer, Cham. https://doi.org/10.1007/978-3-319-55714-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-55714-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-55713-7
Online ISBN: 978-3-319-55714-4
eBook Packages: Computer ScienceComputer Science (R0)