Comments on Physically Unclonable Function Based Two-Factor Authentication Protocols

Jin Wook Byun; ik rae Jeong

doi:10.1007/s11277-019-06211-6

Comments on Physically Unclonable Function Based Two-Factor Authentication Protocols

Jin Wook Byun, ik rae Jeong

Graduate School of Information Security

Research output: Contribution to journal › Article

1 Citation (Scopus)

Abstract

Physically unclonable function (PUF) is an embedded hardware-based function in a device and cannot be cloned or reproduced on another device. Due to its unclonability, the PUF has been one of the hot issues in IoT devices over pervasive communication network. Recently, there have been attempts to combine a password with an input of PUF for more efficient authentication over insecure communication. In this paper, we firstly raise a question that “Is it really secure if a password is used for an input of PUF?”. Up to now, to the best of our knowledge, only two password-based PUF authentications have been introduced in the literature. We revisit two schemes in view of an off-line password guessing attack. Under a practical PUF assumption, however, we observe that two protocols are susceptible to an off-line dictionary attack. We also present a quite simple but powerful countermeasure.

Original language	English
Journal	Wireless Personal Communications
DOIs	https://doi.org/10.1007/s11277-019-06211-6
Publication status	Published - 2019 Jan 1

Keywords

Authentication
Password guessing attack
Physical unclonable function

ASJC Scopus subject areas

Computer Science Applications
Electrical and Electronic Engineering

Access to Document

10.1007/s11277-019-06211-6

Fingerprint Dive into the research topics of 'Comments on Physically Unclonable Function Based Two-Factor Authentication Protocols'. Together they form a unique fingerprint.

Cite this

Byun, J. W., & Jeong, I. R. (2019). Comments on Physically Unclonable Function Based Two-Factor Authentication Protocols. Wireless Personal Communications. https://doi.org/10.1007/s11277-019-06211-6

@article{cc2a3f9fb4e84b15b671d02f642a17a8,

title = "Comments on Physically Unclonable Function Based Two-Factor Authentication Protocols",

abstract = "Physically unclonable function (PUF) is an embedded hardware-based function in a device and cannot be cloned or reproduced on another device. Due to its unclonability, the PUF has been one of the hot issues in IoT devices over pervasive communication network. Recently, there have been attempts to combine a password with an input of PUF for more efficient authentication over insecure communication. In this paper, we firstly raise a question that “Is it really secure if a password is used for an input of PUF?”. Up to now, to the best of our knowledge, only two password-based PUF authentications have been introduced in the literature. We revisit two schemes in view of an off-line password guessing attack. Under a practical PUF assumption, however, we observe that two protocols are susceptible to an off-line dictionary attack. We also present a quite simple but powerful countermeasure.",

keywords = "Authentication, Password guessing attack, Physical unclonable function",

author = "Byun, {Jin Wook} and Jeong, {ik rae}",

year = "2019",

month = jan,

day = "1",

doi = "10.1007/s11277-019-06211-6",

language = "English",

journal = "Wireless Personal Communications",

issn = "0929-6212",

publisher = "Springer Netherlands",

}

TY - JOUR

T1 - Comments on Physically Unclonable Function Based Two-Factor Authentication Protocols

AU - Byun, Jin Wook

AU - Jeong, ik rae

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Physically unclonable function (PUF) is an embedded hardware-based function in a device and cannot be cloned or reproduced on another device. Due to its unclonability, the PUF has been one of the hot issues in IoT devices over pervasive communication network. Recently, there have been attempts to combine a password with an input of PUF for more efficient authentication over insecure communication. In this paper, we firstly raise a question that “Is it really secure if a password is used for an input of PUF?”. Up to now, to the best of our knowledge, only two password-based PUF authentications have been introduced in the literature. We revisit two schemes in view of an off-line password guessing attack. Under a practical PUF assumption, however, we observe that two protocols are susceptible to an off-line dictionary attack. We also present a quite simple but powerful countermeasure.

AB - Physically unclonable function (PUF) is an embedded hardware-based function in a device and cannot be cloned or reproduced on another device. Due to its unclonability, the PUF has been one of the hot issues in IoT devices over pervasive communication network. Recently, there have been attempts to combine a password with an input of PUF for more efficient authentication over insecure communication. In this paper, we firstly raise a question that “Is it really secure if a password is used for an input of PUF?”. Up to now, to the best of our knowledge, only two password-based PUF authentications have been introduced in the literature. We revisit two schemes in view of an off-line password guessing attack. Under a practical PUF assumption, however, we observe that two protocols are susceptible to an off-line dictionary attack. We also present a quite simple but powerful countermeasure.

KW - Authentication

KW - Password guessing attack

KW - Physical unclonable function

UR - http://www.scopus.com/inward/record.url?scp=85061998134&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061998134&partnerID=8YFLogxK

U2 - 10.1007/s11277-019-06211-6

DO - 10.1007/s11277-019-06211-6

M3 - Article

AN - SCOPUS:85061998134

JO - Wireless Personal Communications

JF - Wireless Personal Communications

SN - 0929-6212

ER -