The Internet-of-Things (IoT), which refers to the interconnection of heterogeneous devices, has gained a lot of interest lately, and it witnessed a large growth in the number of IoT devices due to the importance of such systems in today’s communication networks. On the other hand, the authentication of entities (devices) is a major concern and a main security challenge in IoT systems since any weakness in the identification or authentication process will allow a compromised entity to establish communication, inject false data and launch dangerous attacks leading to system malfunction. Currently, most IoT authentication mechanisms are based on single-factor cryptographic solutions. These techniques are not practical for IoT devices that have limited computational capabilities. In this paper, we propose a lightweight and secure multi-factor device authentication protocol for IoT devices. The scheme is based on two concepts, configurable physical unclonable functions (PUF) within IoT devices, and channel-based parameters. It uses few and simple cryptographic operations such as the bit-wise exclusive-OR operation and a one-way hash function. The unique PUF value serves as the mutual secret identifier between a pair of users, which frequently changes for every session. Moreover, the proposed protocol exploits the random channel characteristics to provide high robustness against different kinds of attacks, while maintaining low complexity. To the best of the authors’ knowledge, this is the first work that combines physical layer security with PUFs to authenticate communicating devices, dynamically. Security and performance analysis prove the security and efficiency of the proposed protocol, which is designed with minimum overhead in terms of computations and communication costs.

物联网（IoT）是指异构设备的互连，最近引起了人们的极大兴趣，由于这种系统在当今通信网络中的重要性，它见证了IoT设备数量的大幅增长。 。另一方面，对实体（设备）的身份验证是物联网系统中的主要问题和主要的安全挑战，因为身份验证或身份验证过程中的任何弱点都将允许受感染的实体建立通信，注入虚假数据并发起危险的攻击，系统故障。当前，大多数物联网身份验证机制都基于单因素加密解决方案。这些技术不适用于计算能力有限的IoT设备。在本文中，我们为IoT设备提出了一种轻量级且安全的多因素设备身份验证协议。该方案基于两个概念，即物联网设备中的可配置物理不可克隆功能（PUF）和基于通道的参数。它使用很少和简单的密码运算，例如按位异或运算和单向哈希函数。唯一的PUF值用作一对用户之间的相互秘密标识符，该标识符对于每个会话都会频繁更改。此外，所提出的协议利用随机信道特性来提供针对各种攻击的高鲁棒性，同时保持较低的复杂性。据作者所知，这是将物理层安全性与PUF结合起来以动态认证通信设备的第一项工作。