PUF-derived IoT identities in a zero-knowledge protocol for blockchain

Abstract

As the internet of things moves into increasingly sensitive domains, connected devices need to be secured against data manipulation and counterfeiting. Where the underlying business processes involve multiple independent parties, a blockchain platform can provide a common source of truth. If changes to the common state depend on IoT devices, the authenticity and integrity of the IoT input must be ensured. Employing a blockchain platform for authenticating devices makes the process independent of the device manufacturer. This paper shows how cryptographic keys derived from a device’s physical fingerprint can be employed in a zero-knowledge protocol to authenticate a device. As the keys are regenerated at boot time rather than stored, the approach does not need an expensive secure element. An efficient implementation enables even lightweight devices to prove their identity and sign messages. Experimental results demonstrate the robustness of the approach.