TY - JOUR
T1 - Comments on Physically Unclonable Function Based Two-Factor Authentication Protocols
AU - Byun, Jin Wook
AU - Jeong, Ik Rae
N1 - Funding Information:
Acknowledgements This work was supported as part of Military Crypto Research Center (UD170109ED) funded by Defense Acquisition Program Administration(DAPA) and Agency for Defense Development (ADD).
Publisher Copyright:
© 2019, Springer Science+Business Media, LLC, part of Springer Nature.
PY - 2019/6/1
Y1 - 2019/6/1
N2 - Physically unclonable function (PUF) is an embedded hardware-based function in a device and cannot be cloned or reproduced on another device. Due to its unclonability, the PUF has been one of the hot issues in IoT devices over pervasive communication network. Recently, there have been attempts to combine a password with an input of PUF for more efficient authentication over insecure communication. In this paper, we firstly raise a question that “Is it really secure if a password is used for an input of PUF?”. Up to now, to the best of our knowledge, only two password-based PUF authentications have been introduced in the literature. We revisit two schemes in view of an off-line password guessing attack. Under a practical PUF assumption, however, we observe that two protocols are susceptible to an off-line dictionary attack. We also present a quite simple but powerful countermeasure.
AB - Physically unclonable function (PUF) is an embedded hardware-based function in a device and cannot be cloned or reproduced on another device. Due to its unclonability, the PUF has been one of the hot issues in IoT devices over pervasive communication network. Recently, there have been attempts to combine a password with an input of PUF for more efficient authentication over insecure communication. In this paper, we firstly raise a question that “Is it really secure if a password is used for an input of PUF?”. Up to now, to the best of our knowledge, only two password-based PUF authentications have been introduced in the literature. We revisit two schemes in view of an off-line password guessing attack. Under a practical PUF assumption, however, we observe that two protocols are susceptible to an off-line dictionary attack. We also present a quite simple but powerful countermeasure.
KW - Authentication
KW - Password guessing attack
KW - Physical unclonable function
UR - http://www.scopus.com/inward/record.url?scp=85061998134&partnerID=8YFLogxK
U2 - 10.1007/s11277-019-06211-6
DO - 10.1007/s11277-019-06211-6
M3 - Article
AN - SCOPUS:85061998134
VL - 106
SP - 1243
EP - 1252
JO - Wireless Personal Communications
JF - Wireless Personal Communications
SN - 0929-6212
IS - 3
ER -