Advancing Secure Authentication for Data Security with Dynamic Risk Assessment and Machine Learning in PUF-Based Systems
  IJCTT-book-cover
 		          
 
© 2024 by IJCTT Journal
Volume-72 Issue-6
Year of Publication : 2024
Authors : Priyanka Neelakrishnan
DOI :  10.14445/22312803/IJCTT-V72I6P106

How to Cite?

Priyanka Neelakrishnan, "Advancing Secure Authentication for Data Security with Dynamic Risk Assessment and Machine Learning in PUF-Based Systems," International Journal of Computer Trends and Technology, vol. 72, no. 6, pp. 36-49, 2024. Crossref, https://doi.org/10.14445/22312803/IJCTT-V72I6P106

Abstract
Phishing is considered one of the fraudulent social engineering techniques that applies deceitful tactics to commit cybercrimes. The process involves stealing users’ sensitive data, such as login credentials, credit card numbers, etc. A Physical Unclonable Function (PUF) is a physical object based on given inputs, creates solutions, and provides a physically defined Digital Fingerprint output that serves as a unique identifier. The attacker then uses the traffic to challenge the nodes in the PUFbased authentication protocol. Applying the developed theory that, in using internet-enabled devices, ensure physical security systems, such as PUF-based authentication, are installed to eliminate data leakage and harmful intrusion solves these threats. The two well-known phishing attacks in IoT are Man-in-the-Middle (MITM) and Denial of Service (DoS) attacks. Therefore, creating wireless nodes in the authentication security protocol will help control security during MITM or DoS attacks. Therefore, this research proposes exploiting the power of asymmetric encryption, which will be sent to the server side through a USB token. A robust PUF-based USB device for digital authentication token generation; a proof architecture to ensure security measures for sensitive military and intelligence applications, incorporating Dynamic Risk Assessment (DRA) models, such as Random Forest and XGBoost, into the PUF-based authentication framework has significantly enhanced its capability to discern and mitigate sophisticated phishing threats in real-time. These models leverage behavioral biometrics and user interaction patterns to dynamically adjust authentication protocols, fortifying the system’s resilience against MITM and DoS attacks in the IoT landscape. A detailed review of client-side and server-side protection through the proposed mechanism; Rigorous testing that proves that the proposed architecture is state-of-the-art and paradigm-changing for sensitive applications.

Keywords
User authentication, Data security, Cybersecurity, PUF, Client-Server, Phishing, Protocol .

Reference

[1] Charles Herder et al., “Physical Unclonable Functions and Applications: A Tutorial,” Proceedings of the IEEE, vol. 102, no. 8, pp. 1126– 1141, 2014.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Zhangqing He et al., “A Highly Reliable Arbiter PUF with Improved Uniqueness in FPGA Implementation using Bit-Self-Test,” IEEE Access, vol. 8, pp. 181751–181762, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[3] Mario Barbareschi et al., “Enforcing Mutual Authentication and Confidentiality in Wireless Sensor Networks Using Physically Unclonable Functions: A Case Study,” Quality of Information and Communications Technology, vol. 1439, pp. 297–310, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Zhao Huang, and Quan Wang, “A PUF-Based Unified Identity Verification Framework for Secure IoT Hardware via Device Authentication,” World Wide Web, vol. 23, no. 2, pp. 1057–1088, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Richard G. Brody et al., “Pharming and Identity Theft,” Academy of Accounting & Financial Studies Journal, vol. 11, no. 3, pp. 43-56, 2007.
[Google Scholar] [Publisher Link]
[6] Lance James, Phishing Exposed, Elsevier, 2005.
[Google Scholar] [Publisher Link]
[7] John Thompson Okpa, Benjamin Okorie Ajah, and Joseph Egidi Igbe, “Rising Trend of Phishing Attacks on Corporate Organizations in Cross River State, Nigeria,” International Journal of Cyber Criminology, vol. 14, no. 2, pp. 460–478, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Kang Leng Chiew, Kelvin Sheng Chek Yong, and Choon Lin Tan, “A Survey of Phishing Attacks: Their Types, Vectors and Technical Approaches,” Expert Systems with Applications, vol. 106, pp. 1–20, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Zane Zheng Ma, “Understanding the Trust Relationships of the Web PKI,” Ph.D Thesis, University of Illinois at Urbana-Champaign, 2021.
[Google Scholar] [Publisher Link]
[10] Ayesha Arshad et al., “A Systematic Literature Review on Phishing and Anti Phishing Techniques,” arXix, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Jingguo Wang et al., “Research Article Phishing Susceptibility: An Investigation into the Processing of a Targeted Spear Phishing Email,” IEEE Transactions on Professional Communication, vol. 55, no. 4, pp. 345–362, 2012.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Jukka Komulainen, Abdenour Hadid, and Matti Pietikäinen, “Context Based Face Anti-Spoofing,” IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems, Arlington, VA, USA, pp. 1-8, 2013.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Guang Xiang, and Jason I. Hong, “A Hybrid Phish Detection Approach by Identity Discovery and Keywords Retrieval,” Proceedings of the 18th International Conference on World Wide Web, pp. 571-580, 2009.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Xiaohai Tian et al., “Spoofing Detection from a Feature Representation Perspective,” IEEE International Conference on Acoustics, Speech and Signal Processing, Shanghai, China, pp. 2119–2123, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Amir Ashtari, Ahmad Shabani, and Bijan Alizadeh, “A Comparative Study of Machine Learning Classifiers for Secure RF-PUF-Based Authentication in Internet of Things,” Microprocessors and Microsystems, vol. 93, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Aydin Aysu et al., “End-to-End Design of a PUF-Based Privacy Preserving Authentication Protocol,” Cryptographic Hardware and Embedded Systems, vol. 9293, pp. 556–576, 2015.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Jeong Min Oh, Ik Rae Jeong, and Jin Wook Byun, “An Enhanced Scheme of PUF-Assisted Group Key Distribution in SDWSN,” Journal of the Korea Institute of Information Security & Cryptology, vol. 29, no. 1, pp. 29–43, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[18] Urbi Chatterjee et al., “Building PUF Based Authentication and Key Exchange Protocol for IoT without Explicit CRPS in Verifier Database,” IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 3, pp. 424–437, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[19] Vishalini Laguduva Ramnath, Sathyanarayanan N. Aakur, and Srinivas Katkoori, “Latent Space Modeling for Cloning Encrypted PUF-Based Authentication,” IFIP International Internet of Things Conference, pp. 142-158, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[20] K. Nimmy, Sriram Sankaran, and Krishnashree Achuthan, “A Novel Lightweight PUF based Authentication Protocol for IoT without Explicit CRPs in Verifier Database,” Journal of Ambient Intelligence and Humanized Computing, vol. 14, pp. 6227-6242, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[21] Armin Babaei, Gregor Schiele, and Michael Zohner, “Reconfigurable Security Architecture (RESA) Based on PUF for FPGA-Based IoT Devices,” Sensors, vol. 22, no. 15, pp. 1-20, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Basel Halak, Mark Zwolinski, and M. Syafiq Mispan, “Overview of PUF-Based Hardware Security Solutions for the Internet of Things,” IEEE 59th International Midwest Symposium on Circuits and Systems, Abu Dhabi, United Arab Emirates, pp. 1–4, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Yuanjun et al., “Single-Atom Catalysts: Synthetic Strategies and Electrochemical Applications,” Joule, vol. 2, no. 7, pp. 1242–1264, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[24] Vishalini Laguduva et al., “Machine Learning Based IoT Edge Node Security Attack and Countermeasures,” IEEE Computer Society Annual Symposium on VLSI, Miami, FL, USA, pp. 670–675, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[25] Li-Jun Zhang et al., “The Impact of Deep-Tier Burrow Systems in Sediment Mixing and Ecosystem Engineering in Early Cambrian Carbonate Settings,” Scientific Reports, vol. 7, no. 1, pp. 1–9, 2017.
[CrossRef] [Google Scholar] [Publisher Link]