Physically secure mutual authentication for IoT

Many devices in the Internet of things (IoT) have special and challenging design requirements including limited size, energy, storage, and processing capabilities. Moreover, many IoT devices may be deployed in the open and in public places, making them vulnerable to physical and cloning attacks. These characteristics dictate that any security protocol designed for IoT devices should not only be efficient but should also provide security even if an IoT device is captured by an adversary. To solve this issue, we present mutual authentication protocols for IoT devices that are not only efficient but also secure against physical and cloning attacks. To provide security to physically unprotected devices, the proposed protocols use physical unclonable functions (PUFs) and avoid storing sensitive information on the device. A security and performance analysis of the proposed protocols is presented.