In database-driven Internet of Things (IoT), the connection between two IoT devices is performed indirectly through a server. Data collected on one IoT device needs to flow to the server before reaching another IoT device. By contrast, Peer-to-Peer (P2P) IoT enables direct connection between two IoT endpoints. IoT data is shared directly between two ‘peers’ and a server is only needed to enroll the devices in the P2P network for a direct connection. P2P IoT has much lower latency and higher privacy than database-driven IoT. However, current practices of addressing the wireless vulnerability by using the server to mediate a direct end-to-end encrypted connection between two IoT endpoints is too complex and inefficient.
This technology offer is a lightweight and secure protocol for mutual authentication and key exchange directly between two endpoints in P2P IoT. The protocol exploits physically unclonable function (PUF) derived from manufacturing process variations of integrated circuits as device “biometrics”. The PUF circuit is lightweight and can be embedded in an endpoint device to generate unique, unpredictable, and unforgeable identity only upon query. PUF-based device identity is tamper-aware and hence more secure than hardcoded or memory-based identity. This PUF-based protocol is significantly more efficient and secure than cryptographic-key based protocols for P2P IoT applications. It enables any pair of IoT devices after enrollment to directly authenticate each other. Upon successful authentication, a secure and fresh shared session key is automatically established for encrypted communication, which directly overcomes the existing key distribution and management problem in P2P IoT.
This protocol uses hardware-intrinsic root of trust to achieve robust security and privacy protection against impersonation attacks. Existing protocols rely mainly on public and private key cryptographic algorithms, which require the secret keys to be stored locally on device’s memory. Secret keys stored persistently on IoT devices are vulnerable to memory, side-channel, and tamper attacks. This protocol creates puzzles that can be solved only by the genuine interlocutors using their respective PUFs (“silicon biometrics”) without storing any secrets on device. The secret required to solve the puzzle can be generated-upon-request by the device PUF and cannot be tampered.
This protocol has the following unique advantages:
The proposed protocol can be used to benefit smart home and secure peer-to-peer communications in IoT applications, e.g.,
By eliminating the need for a relay server, this protocol greatly reduces an expensive and long-term cost of server traffic. Besides, the proposed protocol enables end-to-end data encryption, which can protect information like video streaming from being leaked. Unlike existing hardware-based or software-based solutions, no secret is required to be stored in those IoT devices, which greatly reduces the risk of tampering attacks. Knowing authentication handshake messages and states of the device in each authentication session will not help the adversary to gain any useful information and advantage for attacking any other sessions. The protocol can work with any PUF design that suit the endpoint and have the right quality and performance for the end point.
The technology owner is keen to license this protocol to IoT device developers and IoT service providers who are developing P2P IoT devices.
IoT devices appear in every aspect of modern living, and typically work as data-collector and controllers. For efficiency and privacy reasons, these intelligent devices should to “talk” to each other directly without involving a server in each communication. On the other hand, it is desirable that the direct communication in the public channels is secure even though the IoT devices themselves cannot provide much protection due to their resource constraint and limited computing power. This protocol can perfectly help with these requirements. Using this technology, customers can:
Tampering of IoT devices for impersonation can be detected.