PUFbased Identity Authentication for Internet of Things Against Machine Learning Attacks in Zerotrust Architecture#br#

Abstract

Abstract: To enable scalable IoT systems, edge computing, as a new decentralized model, is introduced into IoT scenarios. Zero trust architecture (ZTA) is wellsuited for cloudedgeend systems with blurred boundaries, offering continuous dynamic authentication and improved security. Due to their lightweight and unclonable properties, physical unclonable functions (PUFs) are often used to generate hardware fingerprint identities for devices. PUFs exploit inherent randomness introduced during hardware fabrication processes to generate unique and nonpredictable challengeresponse pairs. If an attacker collects many plaintext CRPs during continuous authentication, he may model and predict future responses, enabling machine learning attacks. This paper proposes a PUFbased authentication solution (PAMLCA). It enhances privacy protection against machine learning attacks by leveraging oblivious pseudorandom function techniques to obfuscate CRP transmission. The solution combines static and continuous multilayer dynamic verification protocols, limiting implicit trust domains within a session. Security analysis and performance comparisons demonstrate that PAMLCA offers better security, functionality, communication, and computational efficiency compared to other related solutions.

Key words: Internet of things, zero trust, identity authentication, physical unclonable function, privacy preservation

摘要： 为构建高扩展物联网系统，边缘计算作为一种新兴的去中心化计算模式被引入物联网场景.零信任架构可以很好契合模糊边界的云边端系统，满足持续的动态认证并提升安全性.在频繁的认证需求下，物理不可克隆函数因其轻量化和不可克隆的特点常被用作生成设备的硬件指纹身份.物理不可克隆函数利用硬件工艺的随机因素，生成唯一且不可预测的挑战响应对.如果攻击者在持续的认证中收集到大量的明文挑战响应对，就能建模预测接下来的响应输出而完成机器学习攻击.提出了一种基于物理不可克隆函数的认证解决方案(PAMLCA)，针对抗机器学习攻击进行隐私保护增强，通过不经意伪随机函数技术实现挑战响应对盲化传输.方案整体结构为静态与持续结合的多层动态验证方案，能够在会话中控制隐含信任域.通过安全性分析和性能对比，证明了PAMLCA较其他相关方案能够提供更好的安全性、功能、通信和计算成本.

关键词: 物联网, 零信任, 身份认证, 物理不可克隆函数, 隐私保护

CLC Number:

TP309.2

司雪鸽, 贾洪勇, 曾俊杰, 李云聪, . 零信任中基于PUF的物联网抗机器学习攻击身份认证[J]. 信息安全研究, 2026, 12(1): 33-.

References

［1］Nalbandian S. A survey on Internet of things: Applications and challenges［C］ Proc of the 2015 Int Congress on Technology, Communication and Knowledge (ICTCK). Piscataway, NJ: IEEE, 2015: 165169［2］Kong L, Tan J, Huang J, et al. Edgecomputingdriven Internet of things: A survey［J］. ACM Computing Surveys, 2022, 55(8): 141［3］Stafford V. Zero trust architecture［EBOL］. 2020 ［20251211］. https:tsapps.nist.govpublicationget_pdf.cfm?pub_id=930420［4］Casacuberta S, Hesse J, Lehmann A. SoK: Oblivious pseudorandom functions［C］ Proc of the 7th IEEE European Symp on Security and Privacy (EuroS&P). Piscataway, NJ: IEEE, 2022: 625646［5］Freedman M J, Ishai Y, Pinkas B, et al. Keyword search and oblivious pseudorandom functions［C］ Proc of the 2nd Theory of Cryptography Conference. Berlin:Springer, 2005: 303324［6］Azad M A, Abdullah S, Arshad J, et al. Verify and trust: A multidimensional survey of zerotrust security in the age of IoT［J］. Internet of Things, 2024,27: 101227［7］DeCusatis C, Liengtiraphan P, Sager A, et al. Implementing zero trust cloud networks with transport access control and first packet authentication［C］ Proc of the 2016 IEEE Int Conf on Smart Cloud (SmartCloud). Piscataway, NJ: IEEE, 2016: 510［8］Lukaseder T, Halter M, Kargl F. Contextbased access control and trust scores in zero trust campus networks［COL］ Proc of the SICHERHEIT 2020 ［20251211］. https:dl.gi.deitemsf67b267356c24b0e8e8dad59c8080114［9］Bhattacharjya S, Saiedian H. Anovel simplified framework to secure IoT communications［COL］ Proc of the 7th Int Conf on Information Systems Security and Privacy. 2021: 399406 ［20251211］. https:www.academia.edu127801913A_Novel_Simplified_Framework_to_Secure_IoT_Communications［10］Gai K, She Y, Zhu L, et al. A blockchainbased access control scheme for zero trust crossorganizational data sharing［J］. ACM Trans on Internet Technology, 2023, 23(3): 125［11］Bamasag O O, YoucefToumi K. Towards continuous authentication in Internet of things based on secret sharing scheme［C］ Proc of the Workshop on Embedded Systems Security. New York: ACM, 2015: 18［12］Chen D, Zhang N, Qin Z, et al. S2M: A lightweight acoustic fingerprintsbased wireless device authentication protocol［J］. IEEE Internet of Things Journal, 2016, 4(1): 88100［13］Shah S W, Syed N F, Shaghaghi A, et al. LCDA: Lightweight continuous devicetodevice authentication for a zero trust architecture (ZTA)［J］. Computers & Security, 2021, 108: 102351［14］Meng L, Huang D, An J, et al. A continuous authentication protocol without trust authority for zero trust architecture［J］. China Communications, 2022, 19(8): 198213［15］Aman M N, Chua K C, Sikdar B. Mutual authentication in IoT systems using physical unclonable functions［J］. IEEE Internet of Things Journal, 2017, 4(5): 13271340［16］Chatterjee U, Govindan V, Sadhukhan R, et al. Building PUF based authentication and key exchange protocol for IoT without explicit CRPs in verifier database［J］. IEEE Trans on Dependable and Secure Computing, 2019, 16(3): 424437［17］Suganthi S D, Anitha R, Sureshkumar V, et al. End to end light weight mutual authentication scheme in IoTbased healthcare environment［J］. Journal of Reliable Intelligent Environments, 2020, 6: 313［18］Liu Z, Guo C, Wang B. A physically secure, lightweight threefactor and anonymous user authentication protocol for IoT［J］. IEEE Access, 2020, 8: 195914195928［19］Subramani J, Maria A, Rajasekaran A S, et al. Lightweight privacy and confidentiality preserving anonymous authentication scheme for WBANs［J］. IEEE Trans on Industrial Informatics, 2021, 18(5): 34843491［20］Babaei A, Schiele G. Physical unclonable functions in the Internet of things: State of the art and open challenges［J］. Sensors, 2019, 19(14): 3208［21］Li S, Zhang T, Yu B, et al. A provably secure and practical PUFbased endtoend mutual authentication and key exchange protocol for IoT［J］. IEEE Sensors Journal, 2021, 21(4): 54875501

[1]	. Internet of Things Intrusion Detection Model Based on Federated Learning [J]. Journal of Information Security Reserach, 2025, 11(9): 788-.
[2]	. Research on Lightweight Implicit Certificate Scheme for #br# Resourceconstrained Devices in Distribution Networks#br# #br# [J]. Journal of Information Security Reserach, 2025, 11(9): 845-.
[3]	. Lightweighted Mutual Authentication and Key Agreement in V2N IoV [J]. Journal of Information Security Reserach, 2025, 11(8): 753-.
[4]	. A PUFbased Identity Authentication and Key Negotiation Protocol for Telemedicine [J]. Journal of Information Security Reserach, 2025, 11(7): 626-.
[5]	. Research and Implementation of a Blockchainbased Biometric #br# Information Sharing Scheme#br# [J]. Journal of Information Security Reserach, 2025, 11(5): 402-.
[6]	. Research on Frontier Technologies for Critical Information Infrastructure Security Protection [J]. Journal of Information Security Reserach, 2025, 11(12): 1075-.
[7]	. A Lightweight PUFbased Anonymous Authentication Protocol for Wireless Medical Sensor Networks [J]. Journal of Information Security Reserach, 2025, 11(12): 1134-.
[8]	. Research on Zero Trust Access Control Model Based on Role and Attribute#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(3): 241-.
[9]	. Research on Identity Authentication Technology Based on Block Chain and PKI [J]. Journal of Information Security Reserach, 2024, 10(2): 148-.
[10]	. Research for Zero Trust Security Model [J]. Journal of Information Security Reserach, 2024, 10(10): 886-.
[11]	. A Retrospective and Future Development Study of Zero Trust Architecture [J]. Journal of Information Security Reserach, 2024, 10(10): 896-.
[12]	. Design of SDP Trust Evaluation Model Based on Federated Learning [J]. Journal of Information Security Reserach, 2024, 10(10): 903-.
[13]	. Research and Implementation of Intelligent Permission Management [J]. Journal of Information Security Reserach, 2024, 10(10): 912-.
[14]	. Application of Behavior Anomaly Detection in Zero Trust Access #br# Control Method#br# [J]. Journal of Information Security Reserach, 2024, 10(10): 921-.
[15]	. Data Sharing Access Control Method for Distribution Terminal IoT #br# Based on Zero Trust Architecture and Least Privilege Principle#br# [J]. Journal of Information Security Reserach, 2024, 10(10): 937-.

PUFbased Identity Authentication for Internet of Things Against Machine Learning Attacks in Zerotrust Architecture#br#

零信任中基于PUF的物联网抗机器学习攻击身份认证

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics