计算机工程与应用 ›› 2022, Vol. 58 ›› Issue (1): 122-127.DOI: 10.3778/j.issn.1002-8331.2012-0494

• 网络、通信与安全 • 上一篇    下一篇

基于BST-PUF模型的轻量型认证与会话密钥交换协议

贺章擎,项链,汪晨,吴铁洲   

  1. 湖北工业大学 太阳能高效利用湖北省协同创新中心,武汉 430068
  • 出版日期:2022-01-01 发布日期:2022-01-06

Lightweight Authentication and Session Key Exchange Protocol Based on BST-PUF

HE Zhangqing, XIANG Lian, WANG Chen, WU Tiezhou   

  1. Hubei Key Laboratory for High-Efficiency Utilization of Solar Energy and Operation Control of Energy Storage System, Hubei University of Technology, Wuhan 430068, China
  • Online:2022-01-01 Published:2022-01-06

摘要: 为解决现有PUF密钥交换协议存在的纠错机制复杂、辅助数据过大而导致的高开销问题,利用新提出的比特自检PUF电路(BST-PUF)设计了一种轻量型认证与密钥交换协议,在含有PUF的密码设备与服务器之间进行安全认证并建立共享会话密钥。协议能实现双向认证与可靠的密钥交换,抵抗篡改攻击、中间人攻击、DoS攻击、物理探测攻击与建模攻击等各种攻击技术。协议采用BST-PUF电路和鲁棒响应提取器来生成可靠的响应,取代传统PUF和纠错码组合,将可靠性标志F作为辅助数据用来恢复密钥,大幅降低纠错复杂性,减少辅助数据长度并提升PUF利用率。

关键词: 纠错, 辅助数据, BST-PUF电路, 认证与密钥交换, 建模攻击, 鲁棒响应提取器, 可靠性标志

Abstract: In order to solve the problem of high overhead caused by the complicated error correction mechanism and excessive Helper data in the existing PUF key exchange protocol, this paper uses the newly proposed Bit Self-Test physical unclonable function(PUF) circuit(BST-PUF) to design a lightweight authentication with the key exchange protocol, security authentication is performed between the cryptographic device containing the PUF and the server and a shared session key is established. The protocol can realize two-way authentication and reliable key exchange, and resist various attack techniques such as tampering attacks, man-in-the-middle attacks, DoS attacks, physical detection attacks and modeling attacks. The protocol uses BST-PUF circuits and robust response extractors to generate reliable responses, replacing the traditional PUF and error correction code combination. The reliability flag F is used as auxiliary data to recover the key, which greatly reduces the complexity of error correction, and reduces the length of auxiliary data and improves PUF utilization.

Key words: error correction, helper data, Bit Self-Test PUF circuit, authentication and key exchange, modeling attacks, robust response extractor, reliability sign