T2T-MAP: A PUF-Based Thing-to-Thing Mutual Authentication Protocol for IoT

As security has always been an afterthought of innovation, the security of IoT (Internet of Things), in general, and authentication, in particular, has become a serious research challenge. Although many authentication protocols have been proposed in the literature during the past decade, most of them do not fulfill the IoT security and performance requirements. Furthermore, only a very small number of these protocols can be used in Thing-to-Thing (T2T) architectures, where Things autonomously authenticate each other without involving any human intervention. In this paper, we propose a novel lightweight T2T mutual authentication protocol (T2T-MAP) using PUFs (Physical Unclonable Functions). The protocol employs PUFs technology to allow each Thing to uniquely identify and authenticate itself in an IoT infrastructure by using the physical randomness of its circuitry. We design the protocol and perform a security analysis to show that it is secure against known attacks. Also, we prove the security of the protocol using a security protocol prover. Finally, we implement a prototype of the protocol on resource-constrained devices and then conduct a performance analysis to demonstrate that the protocol allows fast authentication, reasonable communication overhead, and low energy consumption.