Hardware-Level Side-Channel Attack Mitigation for PUF-Based Authentication in Smart Cities
Received: 19 May 2025 | Revised: 27 June 2025, 2 July 2025, 10 July 2025, and 13 July 2025 | Accepted: 16 July 2025 | Online: 6 October 2025
Corresponding author: Mahmood A. Al-Shareeda
Abstract
Smart city infrastructure requires robust authentication mechanisms, yet existing lightweight techniques lack sufficient resistance to Side-Channel Attacks (SCAs) and biometric noise. This work presents a new authentication protocol that integrates a dual-Physically Unclonable Function (PUF) architecture with biometric binding, fuzzy extractors, response masking, and challenge randomization to strengthen immunity against SCA. Formal security analysis under the Real-Or-Random (ROR) model guarantees session-key secrecy, whereas informal analysis demonstrates resilience against impersonation, replay attacks, and physical-layer information leakage. Simulation results indicate that the recovery rate of the SCA key drops significantly from 84.2% to 6.7%. The protocol provides mutual authentication with an overhead of 2.1 kbit and a latency of 150 ms when supporting 1,000 devices, making it suitable for resource-limited settings. This paper presents a lightweight, secure, and scalable authentication scheme tailored for smart city applications.
Keywords:
Side-Channel Attack (SCA), authentication protocol, smart cities, Physically Unclonable Function (PUF), lightweight cryptography, secure key agreement, fuzzy extractorDownloads
References
S. Pandya et al., "Federated learning for smart cities: A comprehensive survey," Sustainable Energy Technologies and Assessments, vol. 55, Feb. 2023, Art. no. 102987.
A. Khang, S. K. Gupta, S. Rani, and D. A. Karras, Smart Cities: IoT Technologies, Big Data Solutions, Cloud Platforms, and Cybersecurity Techniques, 1st ed. Boca Raton, FL, USA: CRC Press, 2023.
M. A. Al-Shareeda, M. Anbar, S. Manickam, and I. H. Hasbullah, "Towards Identity-Based Conditional Privacy-Preserving Authentication Scheme for Vehicular Ad Hoc Networks," IEEE Access, vol. 9, pp. 113226–113238, 2021.
M. A. Al-Shareeda et al., "Provably Secure with Efficient Data Sharing Scheme for Fifth-Generation (5G)-Enabled Vehicular Networks without Road-Side Unit (RSU)," Sustainability, vol. 14, no. 16, pp. 1–19, Aug. 2022.
F. A. Almalki et al., "Green IoT for Eco-Friendly and Sustainable Smart Cities: Future Directions and Opportunities," Mobile Networks and Applications, vol. 28, no. 1, pp. 178–202, Feb. 2023.
P. Mall, R. Amin, A. K. Das, M. T. Leung, and K.-K. R. Choo, "PUF-Based Authentication and Key Agreement Protocols for IoT, WSNs, and Smart Grids: A Comprehensive Survey," IEEE Internet of Things Journal, vol. 9, no. 11, pp. 8205–8228, June 2022.
M. A. Al-Shareeda, M. Anbar, S. Manickam, and I. H. Hasbullah, "Password-Guessing Attack-Aware Authentication Scheme Based on Chinese Remainder Theorem for 5G-Enabled Vehicular Networks," Applied Sciences, vol. 12, no. 3, Feb. 2022, Art. no. 1383.
B. A. Mohammed, M. A. Al-Shareeda, S. Manickam, Z. G. Al-Mekhlafi, A. M. Alayba, and A. A. Sallam, "ANAA-Fog: A Novel Anonymous Authentication Scheme for 5G-Enabled Vehicular Fog Computing," Mathematics, vol. 11, no. 6, Mar. 2023, Art. no. 1446.
D. Chen, P. Wawrzynski, and Z. Lv, "Cyber security in smart cities: A review of deep learning-based applications and case studies," Sustainable Cities and Society, vol. 66, Mar. 2021, Art. no. 102655.
N. M. Alzahrani and F. A. Alfouzan, "Augmented Reality (AR) and Cyber-Security for Smart Cities—A Systematic Literature Review," Sensors, vol. 22, no. 7, Apr. 2022, Art. no. 2792.
B. N. Bukke, K. Manjunathachari, and S. Sabbavarapu, "Implementation of a Finite Impulse Response Filter using PUFs to Avoid Trojans," Engineering, Technology & Applied Science Research, vol. 13, no. 6, pp. 12151–12157, Dec. 2023.
M. H. Panahi Rizi and S. A. Hosseini Seno, "A systematic review of technologies and solutions to improve security and privacy protection of citizens in the smart city," Internet of Things, vol. 20, Nov. 2022, Art. no. 100584.
A. K. M. B. Haque, B. Bhushan, and G. Dhiman, "Conceptualizing smart city applications: Requirements, architecture, security issues, and emerging trends," Expert Systems, vol. 39, no. 5, June 2022, Art. no. e12753.
E. Ismagilova, L. Hughes, N. P. Rana, and Y. K. Dwivedi, "Security, Privacy and Risks Within Smart Cities: Literature Review and Development of a Smart City Interaction Framework," Information Systems Frontiers, vol. 24, no. 2, pp. 393–414, Apr. 2022.
S. Sharma and N. Mishra, "Horizoning recent trends in the security of smart cities: Exploratory analysis using latent semantic analysis," Journal of Intelligent & Fuzzy Systems, vol. 46, no. 1, pp. 579–596, Jan. 2024.
S. Otoom, "Risk auditing for Digital Twins in cyber physical systems: A systematic review," Journal of Cyber Security and Risk Auditing, vol. 2025, no. 1, pp. 22–35, Jan. 2025.
A. AlShuaibi, M. W. Arshad, and M. Maayah, "A Hybrid Genetic Algorithm and Hidden Markov Model-Based Hashing Technique for Robust Data Security," Journal of Cyber Security and Risk Auditing, vol. 2025, no. 3, pp. 42–56, May 2025.
A. Al-Meer and S. Al-Kuwari, "Physical Unclonable Functions (PUF) for IoT Devices," ACM Computing Surveys, vol. 55, no. 14s, July 2023, Art. no. 314.
A. Yadav, S. Kumar, and J. Singh, "A Review of Physical Unclonable Functions (PUFs) and Its Applications in IoT Environment," in Ambient Communications and Computer Systems: Proceedings of RACCCS 2021, Ajmer, India, 2022, pp. 1–13.
D. P. Podugu, A. K. Kumari, and S. Sabbavarapu, "Intellectual Property Design with PUF-based Hardware Security," Engineering, Technology & Applied Science Research, vol. 14, no. 4, pp. 15559–15563, Aug. 2024.
A. Davarasan, J. Samual, K. Palansundram, and A. Ali, "A Comprehensive Review of Machine Learning Approaches for Android Malware Detection," Journal of Cyber Security and Risk Auditing, vol. 2024, no. 1, pp. 38–60, Dec. 2024.
R. Djehaiche, S. Aidel, A. Sawalmeh, N. Saeed, and A. H. Alenezi, "Adaptive Control of IoT/M2M Devices in Smart Buildings Using Heterogeneous Wireless Networks," IEEE Sensors Journal, vol. 23, no. 7, pp. 7836–7849, Apr. 2023.
A. Aldossary, T. Algirim, I. Almubarak, and K. Almuhish, "Cyber Security in Data Breaches," Journal of Cyber Security and Risk Auditing, vol. 2024, no. 1, pp. 14–22, Dec. 2024.
S. Biswas, R. S. Goswami, and K. H. K. Reddy, "Advancing quantum steganography: a secure IoT communication with reversible decoding and customized encryption technique for smart cities," Cluster Computing, vol. 27, no. 7, pp. 9395–9414, Oct. 2024.
N. Minhas, "Post-Quantum Authentication Scheme for IoT Security in Smart Cities." Preprints, July 30, 2024.
S. Ang, M. Ho, S. Huy, and M. Janarthanan, "Utilizing IDS and IPS to Improve Cybersecurity Monitoring Process," Journal of Cyber Security and Risk Auditing, vol. 2025, no. 3, pp. 77–88, July 2025.
M. A. Almedires, A. Elkhalil, and M. Amin, "Adversarial Attack Detection in Industrial Control Systems Using LSTM-Based Intrusion Detection and Black-Box Defense Strategies," Journal of Cyber Security and Risk Auditing, vol. 2025, no. 3, pp. 4–22, May 2025.
B. Almelehy, M. Ahmad, G. Nassreddine, M. Maayah, and A. Achanta, "Analytical Analysis of Cyber Threats and Defense Mechanisms for Web Application Security," Journal of Cyber Security and Risk Auditing, vol. 2025, no. 3, pp. 57–76, July 2025.
S. Singh, A. Pise, O. Alfarraj, A. Tolba, and B. Yoon, "A cryptographic approach to prevent network incursion for enhancement of QoS in sustainable smart city using MANET," Sustainable Cities and Society, vol. 79, Apr. 2022, Art. no. 103483.
S. A. M. Taqi and S. Jalili, "LSPA-SGs: A lightweight and secure protocol for authentication and key agreement based Elliptic Curve Cryptography in smart grids," Energy Reports, vol. 8, no. 9, pp. 153–164, Nov. 2022.
S. Gupta et al., "Secure and Lightweight Authentication Protocol for Privacy Preserving Communications in Smart City Applications," Sustainability, vol. 15, no. 6, Mar. 2023, Art. no. 5346.
A. Aldosary and M. Tanveer, "PAAF-SHS: PUF and authenticated encryption based authentication framework for the IoT-enabled smart healthcare system," Internet of Things, vol. 26, July 2024, Art. no. 101159.
N. Frederick and A. Ali, "Enhancing DDoS Attack Detection and Mitigation in SDN Using Advanced Machine Learning Techniques," Journal of Cyber Security and Risk Auditing, vol. 2024, no. 1, pp. 23–37, Dec. 2024.
B. Alouffi, M. Hasnain, A. Alharbi, W. Alosaimi, H. Alyami, and M. Ayaz, "A Systematic Literature Review on Cloud Computing Security: Threats and Mitigation Strategies," IEEE Access, vol. 9, pp. 57792–57807, 2021.
D.-Z. Sun, Y.-N. Gao, and Y. Tian, "On the Security of a PUF-Based Authentication and Key Exchange Protocol for IoT Devices," Sensors, vol. 23, no. 14, July 2023, Art. no. 6559.
J. Choi, S. Son, D. Kwon, and Y. Park, "A PUF-Based Secure Authentication and Key Agreement Scheme for the Internet of Drones," Sensors, vol. 25, no. 3, Feb. 2025, Art. no. 982.
V. O. Nyangaresi, A. A. AlRababah, G. K. Yenurkar, R. Chinthaginjala, and M. Yasir, "Anonymous Authentication Scheme Based on Physically Unclonable Function and Biometrics for Smart Cities," Engineering Reports, vol. 7, no. 1, Jan. 2025, Art. no. e13079.
Z. S. Alzaidi, A. A. Yassin, Z. A. Abduljabbar, and V. O. Nyangaresi, "A Fog Computing and Blockchain-based Anonymous Authentication Scheme to Enhance Security in VANET Environments," Engineering, Technology & Applied Science Research, vol. 15, no. 1, pp. 19143–19153, Feb. 2025.
N. Ammour, Y. Bazi, and N. Alajlan, "Multimodal Approach for Enhancing Biometric Authentication," Journal of Imaging, vol. 9, no. 9, Sept. 2023, Art. no. 168.
A. Tareef, K. Al-Tarawneh, and A. Sleit, "Block-based Watermarking for Robust Authentication and Integration of GIS Data," Engineering, Technology & Applied Science Research, vol. 14, no. 5, pp. 16340–16345, Oct. 2024.
Downloads
How to Cite
License
Copyright (c) 2025 Wafaa Mohammed Breesam, Wafaa Mohammed Ridha, Hayder Ali Hameed, Mahmood A. Al-Shareeda, Mohammed Amin Almaiah, Rami Shehab
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
