P/key: PUF based second factor authentication
Uysal, Ertan, author.

P/key: PUF based second factor authentication

Uysal, Ertan, author.

Yazar Ek Girişi
Uysal, Ertan, author.

Fiziksel Tanımlama
ix, 51 leaves: 1 computer laser optical disc.

Second-factor authentication mechanisms increase the security of authentication processes by implementing an additional auxiliary layer to a single factor. As a second factor, using one-time passwords (OTP) is mainly preferred due to their hardware independence and easy generation. OTP generation protocols should be evaluated in two main categories: time and security. In time-based OTP mechanisms (TOTP), client and server store a shared secret key. However, if attackers compromise the server, attackers can generate new OTPs using the key and impersonate the client. To solve this problem, protocols based on the hash chain mechanism have been proposed; however, these methods have weaknesses mainly due to the authentication speed and the limited number of OTPs they generate. This thesis proposes a server-side tamper-proof and fast response physical unclonable function (PUF) based second-factor authentication protocol on overcoming these problems. PUF is a digital fingerprint that ensures that every device produced is unique due to uncontrollable factors in the production stages of devices. It generates responses that correspond to challenges. Since PUF is based on the micro-level differences in devices, micro-level structure changes in the event of an attack, and the PUF takes to generate different responses. Although PUF is a fast response function, it is impossible to reach the challenge from the response it generates. In the proposed protocol, the PUF inside the server generates key values and used to store clients’ secret seed values securely. In case of side-channel attack on server-side, the key values of the clients cannot be obtained by the attackers, as the PUF structure will be corrupted. Even if the attacker obtains the server’s credentials and gains access to the system, they cannot get the secret seed values of the clients and cannot generate the OTPs. In this way, the attacker cannot authenticate by impersonating the client.

Konu Başlığı
Computer security

Yazar Ek Girişi
Akgün, Mete,
Şahin, Serap,

Tüzel Kişi Ek Girişi
İzmir Institute of Technology. Computer Engineering.

Tek Biçim Eser Adı
Thesis (Master)--İzmir Institute of Technology:Computer Engineering.
İzmir Institute of Technology: Energy Engineering --Thesis (Master).

Elektronik Erişim
Access to Electronic Versiyon.

KütüphaneMateryal TürüDemirbaş NumarasıYer NumarasıDurumu/İade Tarihi
IYTETezT002476QA76.9.A25 U97 2022Tez Koleksiyonu