Efficient PUF-Based IoT Authentication Framework without Fuzzy Extractor

The extensive integration of Internet of Things (IoT) devices within various critical industrial and non-industrial environments accentuates the indispensable significance of authentication mechanisms in safeguarding applications against. Authentication protocols that do not rely on storing keys, which are susceptible to theft, leverage mechanisms based on Physical Unclonable Function (PUF), exploiting the unique characteristics of the device to generate keys. Modern implementations of PUFs employ cryptographic tools known as Fuzzy Extractors to mitigate inherent variability and noise. However, the adoption of this component presents various challenges and constraints, including the potential extraction of sensitive data, vulnerabilities in implementation and computational overhead. This study introduces a novel framework for devising authentication mechanisms utilizing any kind of PUFs for resource-constrained devices without necessitating a Fuzzy Extractor. The effectiveness of these security mechanisms depends on the attacker's uncertainty in guessing the correct response to each challenge compared to that of the authentic device. Additionally, we propose an implementation of the framework using SRAM-PUF, which achieves a security level comparable to guessing a 128-bit key. By avoiding the use of a fuzzy extractor, the proposed authentication framework aims to mitigate data leakage issues, modelling attacks and achieve a lighter scheme compared to the state of the art.