Authenticating IoT Devices with Physically Unclonable Functions Models

Wirelessly connected smart embedded devices, forming the so called Internet of Things network, have achieved unprecedented levels of diffusion as they are adopted in many application domains, ranging from goods transportation to eHealth monitoring infrastructure. As they are always inherently connected, hence exposed to attacks, and as they densely populate our daily life collecting, managing and elaborating data, security has drawn a lot of attention in the literature. In a crowded network, classical security approaches may be not adequate, since they require secret sharing or public key distribution infrastructures. Physically Unclonable Functions (PUFs), introduced so far, are exploitable as security primitives, providing easy authentication and secure key storage mechanisms. Traditional PUF authentication schemes rely on the enrollment of some challenge/response pairs (CRPs), extracted before each device is issued, as it is not feasible to retrieve the whole CRPs set. Moreover, accomplishing such a procedure may introduce a significant overhead due to the cardinality of extracted CRPs and due to size of the device population. To avoid these issues, in this paper we exploit the knowledge of a PUF model in order to make available the whole CRPs set, and, by adopting an encryption scheme, we hide it to avoid model based attacks which can be performed on CRPs sent in clear. To this aim, we show an implementation based on the Anderson PUF and on AES, realized on a Xilinx Zynq-7000 Field Programmable Gate Array.