An Improved PUF-Based Privacy-Preserving IoT Protocol for Cloud Storage
The IoT technology allows many types of personal data to be measured by many kinds of devices and sensors, and to be sent over the Internet for various applications. However, this data transmission has to be secure and the privacy of the users should ideally be preserved. In this work, we propose a SRAM PUF-based privacy-preserving IoT protocol for cloud storage based on an existing protocol from the literature. Proposals are made to increase the supply chain security of the PUF construction used by a device, to extend the secure lifetime of this device by increasing the number of keys it may generate and avoiding reboot-based attacks, and to allow a PUF construction to be used for different applications. These proposals only require changes on the device enrollment and on the master key generation procedure, leaving the PUF construction, the fuzzy extractor construction and the cryptographic key derivation unchanged. Benefits and limitations of this new protocol are evaluated and security objectives achieved with these proposals are analyzed.