PHAP: Password based Hardware Authentication using PUFs

Hardware security is gaining significant importance with more emphasis on integrated circuit identification and authentication. To facilitate this process, Physically Unclonable Functions (PUFs) have been proposed as a viable solution. Many of the existing PUF based authentication protocols help to authenticate the device and does not authenticate the user. Here, we present Password based Hardware Authentication using PUF (PHAP), a system that can distinguish between a trusted party and an adversary based on a simple user password during authentication. The hardware authentication is accomplished by providing a seed to a Linear Feedback Shift Register (LFSR) in PHAP, whose output will serve as the final challenge for a PUF block. The seed is obtained by interleaving a shared secret key (session password) with an initial PUF response corresponding to the challenge sent by trusted authority for authentication. We also show that the time difference between real time execution of the system by a trusted party and simulation time by an adversary can be very large which is an attractive property of the new Simulation Possible but Laborious (SIMPL) systems. Our simulation results show that the probability of an adversary successfully attacking the system (by predicting user/session password) is very low (<;10^-6%) for a given t_max (10 ms), where t_max is the time within which the response must be computed for valid authentication.