Refillable PUF authentication protocol for constrained devices

Connected devices are deployed at a rapid rate and in broad domains like home automation or industry, forming the Internet of Things. Those devices need to be secure and trusted to prevent malicious use. However some connected devices are low-cost, memory constrained, power constrained, etc.. This greatly limits the deployment of usual security solutions. As the absence of security is not acceptable, it is necessary to search for lightweight security solutions adapted to such devices. Physical Unclonable Function (PUF) technology can support new lightweight security mechanisms and several lightweight security protocols using this technology have been proposed over the years. Those protocols look promising, however there are still some unaddressed challenges which have slowed down a large scale adoption. This article presents the design of a new authentication protocol for constrained devices which takes into account those challenges. This protocol is implemented on a hardware platform used for connected devices development, which is then used to evaluate the security level and performances of the protocol in a realistic scenario. This evaluation shows that the protocol is secure and can meet industrial time constraints.