HSC-IoT: A Hardware and Software Co-Verification Based Authentication Scheme for Internet of Things

The Internet of Things (IoT) have become popular in diverse domains because of their accessibility and mobility as well as cost-efficient manufacturing, deployment, and maintenance process. The widespread deployment of IoT devices makes them an attractive target for an attacker trying to gain unauthorized access to an IoT-based system. An adversary clones a real hardware device or compromises embedded software to impersonate a legitimate device, and thus gains unauthorized access to sensitive information and performs security-critical operations. The existing security schemes for the mobile systems cannot be applied directly to an IoT-enabled infrastructure since devices are resource constrained regarding storage, processing power, and communication bandwidth. Additionally, the current security approaches for the IoT systems are unable to identify physically compromised IoT devices. In this paper, we propose HSC-IoT, a resource-efficient Physical Unclonable Function (PUF)-based security protocol that ensures both software and hardware integrity of IoT devices. HSC-IoT also provides a lightweight mutual authentication scheme for the resource-limited devices based on Elliptic Curve Cryptography. We present a detailed analysis of the security strength of HSC-IoT. We implemented a prototype of HSC-IoT on IoT devices powered by Contiki OS and provided an extensive comparative analysis of HSC-IoT with contemporary IoT security protocols.