Lightweight Framework for PUF based IoT Authentication without Fuzzy Extractor

The widespread adoption of Internet of Things (IoT) devices has underscored the critical importance of robust authentication mechanisms to protect against misuse and security breaches. Traditional authentication systems that rely on stored keys are vulnerable to theft, prompting a shift towards keyless authentication methods. Among these, Physical Unclonable Functions (PUFs) have emerged as a promising solution by leveraging the inherent physical uniqueness of each device to generate cryptographic keys dynamically. To address the inherent variability and noise in PUF responses, modern systems often employ Fuzzy Extractors, cryptographic tools designed to stabilize these responses. However, the integration of Fuzzy Extractors introduces notable challenges, including increased computational overhead, potential vulnerabilities in implementation, and the risk of exposing sensitive information, making such solutions less suitable for resource-constrained IoT devices.This study proposes a novel authentication framework that utilizes PUFs without relying on Fuzzy Extractors, thereby addressing the limitations of existing approaches. The proposed method enhances security by exploiting the unpredictability of PUF challenge-response pairs, ensuring that attackers face significant uncertainty in guessing the correct responses. Additionally, an implementation based on SRAM-PUF is presented as a practical use case of the framework. By eliminating the need for Fuzzy Extractors, the proposed framework mitigates risks associated with data leakage and modeling attacks while reducing computational complexity.