Mutual Authentication in IoT Systems Using Physical Unclonable Functions

The Internet of Things (IoT) represents a great opportunity to connect people, information, and things, which will in turn cause a paradigm shift in the way we work, interact, and think. IoT devices are usually small, low cost, and have limited resources, which makes them vulnerable to physical, side-channel, and cloning attacks. Therefore, any protocol designed for IoT systems should not only be secure but also efficient in terms of usage of chip area, energy, storage, and processing. To address this issue, we present light-weight mutual authentication protocols for IoT systems based on physical unclonable functions. Protocols for two scenarios are presented, one when an IoT device and server wish to communicate and the other when two IoT devices want to establish a session. A security and performance analysis of the protocols shows that they are not only robust against different types of attacks, but are also very efficient in terms of computation, memory, energy, and communication overhead. The proposed protocols are suitable for real time applications and are an attractive choice for implementing mutual authentication in IoT systems.