Applied Sciences (Apr 2024)

FeRHA: Fuzzy-Extractor-Based RF and Hardware Fingerprinting Two-Factor Authentication

  • Mona Alkanhal,
  • Mohamed Younis,
  • Abdulaziz Alali,
  • Suhee Sanjana Mehjabin

DOI
https://doi.org/10.3390/app14083363
Journal volume & issue
Vol. 14, no. 8
p. 3363

Abstract

Read online

The Internet of Things (IoT) reflects the internetworking of numerous devices with limited computational capabilities. Given the ad-hoc network formation and the dynamic nature of node membership, secure device authentication mechanisms are critical. This paper proposes a novel two-factor authentication protocol for IoT devices. The protocol integrates physical unclonable functions (PUFs) and radio frequency fingerprints (RFFs), providing a unique identification method for each device. Compared with existing PUF-based schemes, the proposed protocol facilitates the mutual authentication of two devices without the need for a trusted third party. Our design is resilient to the intrinsic noise associated with PUFs and RFFs, ensuring reliable authentication, even under various operational conditions. Furthermore, we have implemented an obfuscation technique to secure shared authentication data against eavesdropping attempts aimed at modeling the security primitive, i.e., the PUF, through machine learning algorithms. We have validated the performance of our protocol and demonstrated its efficacy against various security threats, including impersonation, message replay, and PUF modeling attacks. Notably, the validation results indicate that predicting any given PUF response bit’s accuracy does not exceed 56%, making it as unpredictable as a random guess.

Keywords