Lightweight Group Authentication Scheme Leveraging Shamir's Secret Sharing and PUFs

With the proliferation of edge-computing (EC), Internet-of-things (IoT), and smart applications, many challenging security scenarios arise. For example, a common scenario in the edge-computing paradigm is having many nodes requesting authentication from one edge-server. To this end, Group Authentication Schemes (GASs) were introduced recently in the literature. However, most of the proposed GAS are valid for one-time-authentication, lack of flexibility, and key-agreement feature. In this paper, we exploit the advantages of two security primitives, physically unclonable functions (PUFs) and Shamir's secret sharing scheme (SSS) to design a lightweight group authentication scheme (GAS) for edge-computing applications. Specifically, we apply PUFs on SSS and utilize the SSS-homomorphic property to achieve multiple-time group-authentications with the same set of shares. Our PUF-GAS scheme is lightweight, establishes a new group key-agreement per session, and supports efficient node-evicting mechanism. Furthermore, in PUF-GAS, the group nodes do not store any shares; instead, the nodes derive their secret-shares from their PUF-responses. We formally analyze our protocol theoretically and with AVISPA to show that our scheme achieves message secrecy and authenticity. Additionally, we evaluate our scheme in terms of storage, computational complexity, and communication overhead. Specifically, we evaluate the cryptographic operations used in PUF-GAS on an Arduino-Mega, an 8-bit RISC-based ATmega2560 micro-controller. Finally, we present a comparative evaluation of our scheme with others in terms of security and performance.