A puf-based lightweight authentication device and authentication method

Abstract

The invention discloses a PUF-based lightweight authentication device and an authentication method. The authentication device includes a control module, a ring oscillator array connected to the control module, a selection module, a counter group, a comparator group, an error correction module and a communication module. module; the communication module is responsible for inputting the excitation signal to the control module, the control module clears the counter group and comparator group, resets the error correction module and inputs the excitation signal to the selection module; the selection module selects a pair of RO pairs to connect to the counter; the control module uses Ring oscillator array, the counter counts the number of RO circuit oscillations and transmits the count value to the comparator; the comparator generates the original PUF response and sends it to the error correction module for error correction coding, and then sends it back to other devices through the communication module. The lightweight authentication method of the present invention has the advantages of no need to store password resources, no need to possess complex password calculation capabilities, simple authentication protocol, and small communication volume.

Description

technical field [0001] The invention relates to a PUF-based lightweight authentication device and an authentication method. Background technique [0002] With the rapid development of computer and network technology. In various information systems, identity authentication is a very important security mechanism, which can ensure the authenticity of the identity of personnel or equipment. On the basis of legality inspection, it can manage resources authorization for users or platforms and prevent illegal personnel from using them. Or illegal equipment access to the information system poses a security threat. There are many ways to realize identity authentication, the simpler way is based on user name and password authentication, the more complex way is based on biometric fingerprint, digital certificate, USB-shield authentication, etc. Commonly used information systems generally support basic user name and password authentication methods , and other methods can be used as au...

AI Technical Summary

Problems solved by technology

[0003] (1) It is difficult for password authentication equipment to have both high security and ease of use

[0004] Password authentication devices need to store private keys or secret information securely. A safer way is to store private keys or secret information in non-volatile memory, encrypted and protected based on the root key, and the root key is stored separately. , part of the root key is stored in the non-volatile memory, and the other part of the root key is injected externally when the device is in use. This method requires adding a key injection interface on the device hardware, and an external injection device is required when using it, which is very inconvenient. While achieving high security, it loses the convenience of use; another more convenient way is that the private key or secret information is stored in a non-volatile memory and encrypted and protected by a prefabricated key, which is also clearly present in the device when it leaves the factory. Among them, this method is convenient to use, but once the prefabricated key is leaked, it will cause great harm and does not have high security

[0005] (2) The price of password authentication equipment is relatively high

[0006] Password authentication equipment needs to perform complex cryptographic operations, and software and hardware modules that support cryptographic operations need to be added to the device. Due to the security requirements of use, cryptographic operations are usually implemented using dedicated cryptographic chips or FPGA chips, and the hardware and development costs are high. As a result, it is difficult to reduce the price of the product, and it is not convenient to use a large number of equipment

[0007] (3) The management cost of password authentication equipment is relatively high

[0008] The password authentication device is loaded with password resources, and there is a greater risk of loss, which may lead to the need to replace password resources in a large area

In addition, the device itself has the risk of being cloned. After the attacker obtains the private key or secret information through certain means, he can clone a device that can pass the identity authentication.

Images