Wireless sensor network (WSN) has found widespread applications in many domains such as smart home and healthcare systems. Group communication for WSN offers enhanced energy efficiency and reduced network overhead. However, existing group communication protocols encounter difficulties in managing the rekeying process efficiently for a dynamic group or require computationally expensive public key primitives for shared secret handshaking to overcome this challenge. Moreover, the security of most of the existing protocols rely primarily on safe keeping some secrets on the group members' devices. To overcome these limitations, we propose a novel physical unclonable function (PUF)-based lightweight secure group communication protocol. PUF enables lightweight key-less authentication for resource constrained IoT devices. The proposed protocol utilizes the device's PUF and the one-time pad (OTP) to eliminate secure key storage at both group verifier and prover nodes. The proposed protocol also supports efficient group key renewal for the admission and withdrawal of group members. We achieve this by using a full binary tree as a secret vault for sharing and updating distributed secrets with Chinese Reminder Theorem. Meantime, this data structure also reduces the computation and communication complexity for key renewal to O(log 2 N) at the cluster head and O(1) at the sensor nodes. A comparative analysis shows that the proposed protocol surpasses related protocols in terms of security features and overheads in computation, communication as well as secret storage requirements.

Peer to Peer (P2P) or direct connection IoT has become increasingly popular owing to its lower latency and higher privacy compared to database-driven or server-based IoT. However, wireless vulnerabilities raise severe concerns on IoT device-to-device communication. This is further aggravated by the challenge to achieve lightweight direct mutual authentication and secure key exchange between IoT peer nodes in P2P IoT applications. Physical unclonable function (PUF) is a key enabler to lightweight, low-power and secure authentication of resource-constrained devices in IoT. Nevertheless, current PUF-enabled authentication protocols, with or without the challenge-response pairs (CRPs) of each of its interlocutors stored in the verifier’s side, are incompatible for P2P IoT scenarios due to the security, storage and computing power limitations of IoT devices. To solve this problem, a new lightweight PUF-based mutual authentication and key-exchange protocol is proposed. It allows two resource-constrained PUF embedded endpoint devices to authenticate each other directly without the need for local storage of CRP or any private secrets, and simultaneously establish the session key for secure data exchange without resorting to public-key algorithm. The proposed protocol is evaluated using the Mao and Boyd logic as well as the automatic security analysis tool ProVerif to corroborate its mutual authenticity, secrecy, and resistance against replay and man-in-the-middle attacks. Using two Avnet Ultra96-V2 boards to emulate the two IoT endpoint devices of a network, a physical prototype system is also constructed to demonstrate and validate the feasibility of the proposed secure P2P connection scheme.