Verification of PUF-based IoT Protocols with AVISPA and Scyther
Authors
Rabas, T.; Lórencz, R.; Buček, J.
Year
2022
Published
Proceedings of the 19th International Conference on Security and Cryptography. Madeira: SciTePress, 2022. p. 627-635. ISSN 2184-7711. ISBN 978-989-758-590-6.
Type
Proceedings paper
Departments
Annotation
Paper from 2020 (Buchovecká et al., 2020) suggests protocols suitable for lightweight IoT Devices. They are based on physical unclonable functions (PUF) which among others simplify the problem of key management on simple hardware devices and microcontrollers. These protocols are supposed to authenticate a device and distribute keys safely so that only the intended parties can know the key. We analysed suggested protocols using two automated verification tools AVISPA and Scyther. The analysis shows that there are several issues concerning the authentication property. We demonstrate the results from the tools and describe several attacks that exploit this vulnerability. Finally, we provide modified versions of these protocols that are resistant to those attacks and satisfy authentication as desired.