UDhashing: Physical Unclonable Function Based User-Device Hash for Endpoint Authentication

With IT consumerization, access control to remote system by endpoint user and endpoint device is mandatory for security and privacy protection. Existing systems bind an end-user with his/her registered devices but authenticate only the user and device independently. This work presents a novel UDhashing scheme, which is capable of providing a bipartite authentication of both end-user and end-device as a whole, and mutual authentication between the endpoint and the verifier. Non-contact facial biometric is extracted as user identity and physical unclonable function (PUF) is embedded into the device to generate a device "fingerprint". UDhashing serves as an intermediary to unify the macroscopic human biometric and microscopic silicon entropy source into a single identity. The scheme is demonstrated using measured silicon data of a diode-clamped inverter based strong PUF fabricated in 40nm 1.1V CMOS technology, and the ORL and Ext. Yale B face databases. The experimental results show that the proposed system has good authentication performance with excellent discriminability for different (challenge, user, device) tuples. Besides, the proposed system is analyzed to be resilient to several known attacks. Its reliability and authentication performance can be easily enhanced by low-cost error-correction technique without compromising security.