Identification for the Internet of Things

Summary of the project

The project "IDentification for the Internet Of Things" is a cooperation between TU Eindhoven, INRIA (France) and the University of Geneva. The topic is privacy-preserving algorithms for authentication and identification of huge numbers of low-power devices. The Internet of Things (IoT) will contain a huge number of devices and objects that have very low or nonexistent processing and communication resources, coupled to a small number of high-power devices. The weakest devices, which are most ubiquitous, will not be able to authenticate themselves using cryptographic methods. Other important tasks in the IoT will be to verify if an object is authentic, or to identify an object. Our plan is to address these issues using Physical Unclonable Functions (PUFs). PUFs, and especially Quantum Readout PUFs, are ideally suited to the IoT setting because they allow for the authentication and identification of physical objects without requiring any crypto or storage of secret information. Furthermore, we foresee that back-end systems will not be able to provide security and privacy via cryptographic primitives due to the sheer number of IoT devices. Our plan is to address these problems using privacy-preserving database structures and algorithms with good scaling behaviour. Approximate Nearest Neighbour (ANN) search algorithms, which have remarkably good scaling behaviour, have recently become highly efficient, but do not yet have the right security properties and have not yet been applied to PUF data. Summarised in a nutshell, the project aims to improve the theory and practice of tech- nologies such as PUFs and ANN search in the context of generic IoT authentication and identification scenarios.


The advent of the Internet of Things (IoT) will exacerbate existing security problems by adding large numbers of extra devices, and introduce new problems by creating use scenarios that involve low-resource devices. The ubiquitous presence of sensor-equipped devices close to (and attached to) people will cause a major privacy threat unless constraints on data communication and storage are strictly enforced. To make things worse, even a well designed privacy-preserving system can fail due to security breaches. Our aim is to provide IoT schemes that are secure and privacy-preserving even given all these threats. In our view this aim has to be achieved through a combination of information-theoretic and physics-based techniques. As IoT devices are low-resource, advanced cryptographic techniques will not work; the alternative is to organize communication and storage in such a way that a breach does not expose useful information. Furthermore, in the absence of cryptography one can authenticate devices only based on physical properties such as Physical Unclonable Functions (PUFs) [1,2]. Our global objective is to capture the essence of the most powerful state-of-the-art techniques in information-theoretic and physics-based security, and from this generate a general security and privacy toolbox for the IoT. We will address a number of generic scenarios that will play a role no matter how the IoT develops in the future.

This proposal is built on the belief that PUFs will play an important role in IoT. It aims at making PUF technologies more practical. We do not address the physical and engineering problems (they will be solved by others) but the protocols that will enable authentication, identification, and group membership verification.


Measurements on optical PUFs are now publicly available, see Data. Two papers have been written, see publications.