The Internet of Things (IoT) has improved people's lives by seamlessly integrating into many facets of modern life and facilitating information sharing across platforms. Device Authentication and Key exchange are major challenges for the IoT. High computational resource requirements for cryptographic primitives and message transmission during Authentication make the existing methods like PKI and IBE not suitable for these resource constrained devices. PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE. PUF provides an unclonable and tamper sensitive unique signature based on the PUF chip by using manufacturing process variability. Therefore, in this study, we use lightweight bitwise XOR, hash function, and PUF to Authenticate IoT devices. Despite several studies employing the PUF to authenticate communication between IoT devices, to the authors' knowledge, existing solutions require intermediary gateway and internet capabilities by the IoT device to directly interact with a Server for Authentication and hence, are not scalable when the IoT device works on different technologies like BLE, Zigbee, etc. To address the aforementioned issue, we present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself. The results of a thorough security study are validated against adversarial attacks and PUF modeling attacks. For formal security validation, the AVISPA verification tool is also used. Performance study recommends this protocol's lightweight characteristics. The proposed protocol's acceptability and defenses against adversarial assaults are supported by a prototype developed with ESP32.

翻译：物联网通过无缝融入现代生活的诸多方面并促进跨平台信息共享，显著提升了人们的生活品质。设备身份认证与密钥交换是物联网面临的主要挑战。由于现有方法（如PKI和IBE）在身份认证过程中对密码原语和消息传输的计算资源需求较高，因此不适用于资源受限设备。PUF（物理不可克隆函数）作为一种实用且经济的安全机制，可替代PKI和IBE等传统复杂密码系统。PUF利用制造工艺的差异性，基于PUF芯片提供不可克隆且对篡改敏感的唯一签名。因此，本研究采用轻量级按位异或运算、哈希函数与PUF对物联网设备进行身份认证。尽管已有研究利用PUF实现物联网设备间的通信认证，但据作者所知，现有解决方案需要物联网设备通过中介网关或互联网能力直接与服务器交互进行认证，因此当设备采用蓝牙低功耗（BLE）、Zigbee等不同通信技术时缺乏可扩展性。针对上述问题，我们提出一种无需设备持续保持活跃互联网连接即可与服务器完成自主身份认证的系统方案。通过对抗性攻击与PUF建模攻击验证了全面安全性分析的结果，并采用AVISPA验证工具进行形式化安全验证。性能研究表明该协议具有轻量化特性。基于ESP32开发的原型系统验证了所提协议的可行性及其对抗攻击的防御能力。