Abstract: This paper proposes a lightweight protocol that enables secure authentication between a cryptographic device（Device） and a server （Server） with a PUF entity and establishes a shared session key. The protocol uses fuzzy extractor for authentication and key extraction, and adopts the pseudo random function and XOR encryption for message authentication and data encryption communication at the same time, can effectively reduce the execution cost. In the protocol, the server only needs to store one challenge-response pair of the PUF in the device, which is used for the subsequent key update and exchange, and avoids the consumption of storage resources and data leakage problems caused by the acquisition of a large amount of challenge-response pairs. The analysis results show that the proposed protocol achieves mutual authentication and secure key exchange, can resist eavesdropping, tampering attacks, man-in-the-middle attack, DOS attack, modeling attack, invasive attack and other attack techniques.

Key words: key exchange protocol, Physical Unclonable Function（PUF）, fuzzy extractor, message authentication

摘要： 提出了一个轻量级的两方认证及会话密钥交换协议，在一个拥有PUF实体的密码设备（Device）与服务器（Server）之间进行安全认证并建立共享会话密钥。协议采用了模糊提取器来进行认证和密钥提取，同时使用伪随机函数和异或加密来进行消息认证和通信数据加密，有效降低了执行开销。协议中Server只需要获取并存储Device中PUF的一条激励-响应信息，用于后续的密钥更新与交换，避免了因采集大量的激励-响应信息而带来的存储资源的消耗和数据泄露隐患。分析表明提出的协议实现了双向认证和可靠的密钥交换，能够抵抗窃听攻击、篡改攻击、中间人攻击、DOS攻击、建模攻击、物理探测攻击等各种攻击技术。

关键词: 密钥交换协议, 物理不可克隆函数, 模糊提取器, 消息认证