Research On Modeling-Attack-Resistant Strong PUF Circuit And Relevant Security Authentication Protocol

In recent years,with the rapid development of the Internet of Things(IoT)industry,the security problem of the IoT has become increasingly prominent.The key to solve this problem is to realize the security authentication of terminal devices.Traditional IoT identity authentication usually uses software encryption algorithm,which is not only costly but also vulnerable to physical attacks such as intrusion.As a new lightweight hardware security primitive,physical unclonable function(PUF)can utilize the process variation generated in the manufacture process of integrated circuits to generate the unique "chip fingerprint".However,strong PUF circuit suitable for lightweight device authentication has some problems,such as high linearity and vulnerability to modeling attacks.In addition,existing lightweight authentication protocol cannot take account of system cost and security,and cannot meet the security requirements of IoT applications.Therefore,it is especially meaningful to study the modeling-attack-resistant strong PUF circuit and relevant security authentication protocol for the security of IoT.In this thesis,an LFSR time-variant obfuscation structure(LTVO)was proposed to resist the modeling attack.In this structure,the LFSR module is introduced in the front stage of strong PUF circuit to obfuscate the mapping between challenge and response of APUF,and the time-variant challenge obfuscation mode is adopted to enhance its nonlinearity and the ability to resist modeling attack.LTVO-APUF circuit was implemented based on LFSR time-variant obfuscation structure and Arbiter PUF(APUF),and the security of LTVO-APUF circuit was analyzed from the following three aspects:Firstly,it was proved mathematically that LTVO-APUF circuit can resist modeling attack effectively.Then,the simulation circuit of LTVO-APUF was established,and the modeling attack resistance of LTVO-APUF circuit was measured by using four algorithms including logistic regression,support vector machine,covariance matrix adaptive evolution strategy and artificial neural network.Finally,the LTVO-APUF circuit was implemented and measured on Xilinx FPGA.The experimental results show that the LTVO-APUF circuit can effectively resist the modeling attack of the four algorithms without affecting the reliability,indicating the rationality of the mathematical proof and simulation circuit measurement results.In addition,by increasing the Base value of LTVO-APUF circuit,the prediction accuracy of the four algorithms can be reduced to about 50%,which is close to random guessing.Aiming at the demand of IoT application for security authentication protocol,a lightweight supply chain RFID authentication protocol based on cloud server and PUF(LSRP-CP)was proposed in this thesis.The LSRP-CP,combined with Shuffle algorithm and quadratic residual algorithm,utilizes the proposed the ultra-lightweight encryption bitstream function(Cover),LTVO-APUF circuit for assigning a unique encryption function to each tag and reader to protect the security of RFID system.In addition,LSRP-CP stores the data of the cloud server in ciphertext form,and realizes two independent encryption mechanisms between tags and readers,and between readers and cloud server,so as to prevent the privacy disclosure of cloud server,thus threatening the security of RFID system.Formal and informal security analysis shows that LSRP-CP protects the security and privacy of RFID system while ensuring low cost of resource-constrained RFID tags,and can resist not only a variety of common malicious attacks,but also cloning attack and reverse design attack.Compared with the relevant protocols,LSRP-CP makes up for the security defects of RFID protocols,and the resource cost is lower,while ensuring high security to achieve lightweight,suitable for resource-constrained RFID supply chain authentication scenarios.