Simple authentication protocols based on conventional physical unclonable function (PUF) are vulnerable to modeling attacks and other security threats. This paper proposes an arbiter PUF based on a linear feedback shift register (LFSR-APUF). Different from the previously reported linear feedback shift register for challenge extension, the proposed scheme feeds the external random challenges into the LFSR module to obfuscate the linear mapping relationship between the challenge and response. It can prevent attackers from obtaining valid challenge-response pairs (CRPs), increasing its resistance to modeling attacks significantly. A 64-stage LFSR-APUF has been implemented on a field programmable gate array (FPGA) board. The experimental results reveal that the proposed design can effectively resist various modeling attacks such as logistic regression (LR), evolutionary strategy (ES), Artificial Neuro Network (ANN), and support vector machine (SVM) with a prediction rate of 51.79% and a slight effect on the randomness, reliability, and uniqueness. Further, a lightweight authentication protocol is established based on the proposed LFSR-APUF. The protocol incorporates a low-overhead, ultra-lightweight, novel private bit conversion Cover function that is uniquely bound to each device in the authentication network. A dynamic and timevariant obfuscation scheme in combination with the proposed LFSR-APUF is implemented in the protocol. The proposed authentication protocol not only resists spoofing attacks, physical attacks, and modeling attacks effectively, but also ensures the security of the entire authentication network by transferring important information in encrypted form from the server to the database even when the attacker completely controls the server.

翻译：基于传统物理不可克隆函数（PUF）的简单认证协议易受建模攻击及其他安全威胁。本文提出一种基于线性反馈移位寄存器的仲裁器PUF（LFSR-APUF）。与已有报道中用于挑战扩展的线性反馈移位寄存器不同，所提方案将外部随机挑战输入LFSR模块，以混淆挑战与响应之间的线性映射关系。该方法可阻止攻击者获取有效挑战-响应对（CRP），从而显著提升其抗建模攻击能力。已在现场可编程门阵列（FPGA）开发板上实现64级LFSR-APUF。实验结果表明，该设计能有效抵御逻辑回归（LR）、进化策略（ES）、人工神经网络（ANN）及支持向量机（SVM）等多种建模攻击，预测率为51.79%，且对随机性、可靠性与唯一性影响甚微。进一步地，基于所提LFSR-APUF建立了一种轻量级认证协议。该协议采用一种与认证网络中每个设备唯一绑定的低开销、超轻量级新型私有比特转换覆盖函数。协议中实现了结合所提LFSR-APUF的动态时变混淆方案。所提认证协议不仅能有效抵抗欺骗攻击、物理攻击和建模攻击，即使在攻击者完全控制服务器的情况下，也能通过将重要信息以加密形式从服务器传输至数据库，从而保障整个认证网络的安全性。