Resilient IoT Authentication Against Physical Tampering and Side Channel Attacks

Waleed Khalid Al-Zubaidi; Abdalrahman Fatikhan Ataalla; Huda Mohammed Alsayednoor; Mahmood A. Al-Shareeda; Mohammed Almaiah; Marwan Albahar

doi:10.48084/etasr.13464

Authors

Waleed Khalid Al-Zubaidi College of Biomedical Informatics, University of Information Technology and Communications, Baghdad, Iraq
Abdalrahman Fatikhan Ataalla Department of Computer Engineering Techniques, College of Technical Engineering, University of Al Maarif, Al Anbar, Iraq
Huda Mohammed Alsayednoor Shatt Al-Arab University College, Basra, Iraq
Mahmood A. Al-Shareeda Department of Information Technology, Management Technical College, Southern Technical University, Basrah, Iraq | College of Engineering, Al-Ayen University, Thi-Qar, Iraq
Mohammed Almaiah Department of Computer Science, King Abdullah the II IT School, The University of Jordan, Amman, Jordan
Marwan Albahar Department of Computing, College of Engineering and Computing in Al-Lith, Umm Al-Qura University, Makkah, Saudi Arabia

Volume: 15 | Issue: 6 | Pages: 28787-28795 | December 2025 | https://doi.org/10.48084/etasr.13464

Received: 17 July 2025 | Revised: 26 August 2025, 3 September 2025, and 6 September 2025 | Accepted: 7 September 2025 | Online: 8 December 2025

Corresponding author: Mahmood A. Al-Shareeda

Abstract

The security of IoT devices operating in open and physically accessible areas is being directly jeopardized by sophisticated adversary methods such as side-channel, fault injection, and invasive attacks. However, common authentication techniques are effective for network-level protection but ineffective against these low-level physical attacks, rendering cryptographic keys and protocol logic susceptible to being extracted and subverted. This paper presents a lightweight, tamper-resistant authentication protocol for resource-constrained IoT devices. The proposed approach combines randomized masking, redundant response computation, fault injection detection, and tamper evidence in a five-phase technique to ensure reliable identity verification in a hostile environment. The proposed scheme provides mutual authentication, forward secrecy, and zeroization-based lockout protection without the need for specialized hardware or high computational overhead. Simulation results show that the protocol achieves complete authentication in 5.6 ms with less than 1.15 µJ per session and 1.3 KB of SRAM. The proposed technique is suitable for deployment in critical IoT applications where both logical and physical integrity are needed, as the additional overhead is small while offering better physical-layer resilience compared to current solutions.

Keywords:

IoT security, authentication protocol, side-channel attack, fault injection, physical tampering, lightweight cryptography, tamper detection, secure embedded systems, leakage resilience, mutual authentication

Downloads

Download data is not yet available.

References

J. V. Kailas, B. S. Nivrutti, and B. S. Atul, "A Detailed Study of An Internet of Things (IoT): Review, Recent Research Directions and Complete Journey Towards Sustainable and Smart Future," International Journal of Advanced Research in Science, Communication and Technology, pp. 572–578, Aug. 2024. DOI: https://doi.org/10.48175/IJARSCT-19373

K. Shafique, B. A. Khawaja, F. Sabir, S. Qazi, and M. Mustaqim, "Internet of Things (IoT) for Next-Generation Smart Systems: A Review of Current Challenges, Future Trends and Prospects for Emerging 5G-IoT Scenarios," IEEE Access, vol. 8, pp. 23022–23040, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.2970118

A. A. Khan, A. A. Laghari, Z. A. Shaikh, Z. Dacko-Pikiewicz, and S. Kot, "Internet of Things (IoT) Security With Blockchain Technology: A State-of-the-Art Review," IEEE Access, vol. 10, pp. 122679–122695, 2022. DOI: https://doi.org/10.1109/ACCESS.2022.3223370

A. Abdullah, R. Hamad, M. Abdulrahman, H. Moala, and S. Elkhediri, "CyberSecurity: A Review of Internet of Things (IoT) Security Issues, Challenges and Techniques," in 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS), Riyadh, Saudi Arabia, May 2019, pp. 1–6. DOI: https://doi.org/10.1109/CAIS.2019.8769560

B. Kaur et al., "Internet of Things (IoT) security dataset evolution: Challenges and future directions," Internet of Things, vol. 22, Jul. 2023, Art. no. 100780. DOI: https://doi.org/10.1016/j.iot.2023.100780

K. Mabodi, M. Yusefi, S. Zandiyan, L. Irankhah, and R. Fotohi, "Multi-level trust-based intelligence schema for securing of internet of things (IoT) against security threats using cryptographic authentication," The Journal of Supercomputing, vol. 76, no. 9, pp. 7081–7106, Jun. 2020. DOI: https://doi.org/10.1007/s11227-019-03137-5

S. E. Nouma and A. A. Yavuz, "Practical Cryptographic Forensic Tools for Lightweight Internet of Things and Cold Storage Systems," in Proceedings of the 8th ACM/IEEE Conference on Internet of Things Design and Implementation, San Antonio, TX, USA, Feb. 2023, pp. 340–353. DOI: https://doi.org/10.1145/3576842.3582376

C. Liptak, S. Mal-Sarkar, and S. A. P. Kumar, "Power Analysis Side Channel Attacks and Countermeasures for the Internet of Things," in 2022 IEEE Physical Assurance and Inspection of Electronics (PAINE), Huntsville, AL, USA, Oct. 2022, pp. 1–7. DOI: https://doi.org/10.1109/PAINE56030.2022.10014854

H. D. Tsague and B. Twala, "Practical Techniques for Securing the Internet of Things (IoT) Against Side Channel Attacks," in Internet of Things and Big Data Analytics Toward Next-Generation Intelligence, N. Dey, A. E. Hassanien, C. Bhatt, A. S. Ashour, and S. C. Satapathy, Eds. Springer International Publishing, 2018, pp. 439–481. DOI: https://doi.org/10.1007/978-3-319-60435-0_18

S. K. Sahu and K. Mazumdar, "Exploring security threats and solutions Techniques for Internet of Things (IoT): from vulnerabilities to vigilance," Frontiers in Artificial Intelligence, vol. 7, May 2024. DOI: https://doi.org/10.3389/frai.2024.1397480

Z. Siddiqui, J. Gao, and M. K. Khan, "An Improved Lightweight PUF–PKI Digital Certificate Authentication Scheme for the Internet of Things," IEEE Internet of Things Journal, vol. 9, no. 20, pp. 19744–19756, Jul. 2022. DOI: https://doi.org/10.1109/JIOT.2022.3168726

L. Huang, P. Liu, X. Chen, C. Jiang, L. Kuang, and J. Lu, "A Consolidated Game Framework for Cooperative Defense Against Cross-Domain Cyber Attacks in Satellite-Enabled Internet of Things," IEEE Internet of Things Journal, vol. 12, no. 9, pp. 12853–12868, Feb. 2025. DOI: https://doi.org/10.1109/JIOT.2024.3522558

A. Zainudin, M. A. P. Putra, R. N. Alief, R. Akter, D. S. Kim, and J. M. Lee, "Blockchain-Inspired Collaborative Cyber-Attacks Detection for Securing Metaverse," IEEE Internet of Things Journal, vol. 11, no. 10, pp. 18221–18236, Feb. 2024. DOI: https://doi.org/10.1109/JIOT.2024.3364247

M. Hossain, G. Kayas, R. Hasan, A. Skjellum, S. Noor, and S. M. R. Islam, "A Holistic Analysis of Internet of Things (IoT) Security: Principles, Practices, and New Perspectives," Future Internet, vol. 16, no. 2, Feb. 2024, Art. no. 40. DOI: https://doi.org/10.3390/fi16020040

P. William, Poornashankar, A. Shrivastava, N. Tripathi, Anil, and A. Singh, "Secure Authentication Protocols For Internet Of Things (Iot) Devices," in 2023 6th International Conference on Contemporary Computing and Informatics (IC3I), Gautam Buddha Nagar, India, Sep. 2023, pp. 1569–1574. DOI: https://doi.org/10.1109/IC3I59117.2023.10397626

O. A. Ibrahim, S. Sciancalepore, and R. Di Pietro, "MAG-PUFs: Authenticating IoT devices via electromagnetic physical unclonable functions and deep learning," Computers & Security, vol. 143, Aug. 2024, Art. no. 103905. DOI: https://doi.org/10.1016/j.cose.2024.103905

N. Joshi et al., "Error-Resilient PUF-Based Authentication on IoT Edge Devices Using Machine Learning," in 2025 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA, Jan. 2025, pp. 1–6. DOI: https://doi.org/10.1109/ICCE63647.2025.10929847

S. Othmen, W. Mansouri, and S. Asklany, "Robust and Secure Routing Protocol Based on Group Key Management for Internet of Things Systems," Engineering, Technology & Applied Science Research, vol. 14, no. 3, pp. 14402–14410, Jun. 2024. DOI: https://doi.org/10.48084/etasr.7115

M. Khalid, U. Mujahid, M. Najam-ul-Islam, H. Choi, I. Alam, and S. Sarwar, "Ultralightweight resilient mutual authentication protocol for IoT based edge networks," Journal of Ambient Intelligence and Humanized Computing, Jan. 2021. DOI: https://doi.org/10.1007/s12652-020-02732-2

S. K. Chandrasekaran and V. A. Rajasekaran, "Blended clustering energy efficient routing and PUF based authentication in IoT enabled smart agriculture systems," Scientific Reports, vol. 15, no. 1, Jul. 2025, Art. no. 24682. DOI: https://doi.org/10.1038/s41598-025-07917-3

A. M. Alharthi and F. S. Altuwaijri, "Lightweight IoT Authentication Protocol Using PUFs in Smart Manufacturing Industry," Electronics, vol. 14, no. 9, Jan. 2025, Art. no. 1788. DOI: https://doi.org/10.3390/electronics14091788

E. M. Timofte, A. Ligia Balan, and T. Iftime, "Designing an Authentication Methodology in IoT Using Energy Consumption Patterns," in 2024 International Conference on Development and Application Systems (DAS), Suceava, Romania, May 2024, pp. 64–70. DOI: https://doi.org/10.1109/DAS61944.2024.10541246

A. O. Aljahdali, A. Habibullah, and H. Aljohani, "Efficient and Secure Access Control for IoT-based Environmental Monitoring," Engineering, Technology & Applied Science Research, vol. 13, no. 5, pp. 11807–11815, Oct. 2023. DOI: https://doi.org/10.48084/etasr.6193

S. Yoon, S. Han, and E. Hwang, "Joint Heterogeneous PUF-Based Security-Enhanced IoT Authentication," IEEE Internet of Things Journal, vol. 10, no. 20, pp. 18082–18096, Jul. 2023. DOI: https://doi.org/10.1109/JIOT.2023.3279847

D. Z. Alotaibe, "IoT Security Model for Smart Cities based on a Metamodeling Approach," Engineering, Technology & Applied Science Research, vol. 14, no. 3, pp. 14109–14118, Jun. 2024. DOI: https://doi.org/10.48084/etasr.7132

D. Commey, S. Hounsinou, and G. V. Crosby, "Securing Blockchain-based IoT Systems with Physical Unclonable Functions and Zero-Knowledge Proofs," in 2024 IEEE 49th Conference on Local Computer Networks (LCN), Normandy, France, Oct. 2024, pp. 1–7. DOI: https://doi.org/10.1109/LCN60385.2024.10639679

M. R. Pandeeswari, P. Dharshini, and S. K. Prakash, "EnConvo: Secure End-to-End Encrypted Messaging Application," in 2025 International Conference on Electronics and Renewable Systems (ICEARS), Tuticorin, India, Feb. 2025, pp. 995–1002. DOI: https://doi.org/10.1109/ICEARS64219.2025.10940216

S. Otoom, "Risk auditing for Digital Twins in cyber physical systems: A systematic review," Journal of Cyber Security and Risk Auditing, vol. 2025, no. 1, pp. 22–35, Jan. 2025. DOI: https://doi.org/10.63180/jcsra.thestap.2025.1.3

S. R. Addula, S. Norozpour, and M. Amin, "Risk Assessment for Identifying Threats, vulnerabilities and countermeasures in Cloud Computing," Jordanian Journal of Informatics and Computing, vol. 2025, no. 1, pp. 37–48, Mar. 2025. DOI: https://doi.org/10.63180/jjic.thestap.2025.1.5

R. S. Mousa, and R. Shehab, "Applying risk analysis for determining threats and countermeasures in workstation domain," Journal of Cyber Security and Risk Auditing, vol. 2025, no. 1, pp. 12–21, Jan. 2025. DOI: https://doi.org/10.63180/jcsra.thestap.2025.1.2

M. A. Al-Shareeda, M. Anbar, S. Manickam, and I. H. Hasbullah, "Password-Guessing Attack-Aware Authentication Scheme Based on Chinese Remainder Theorem for 5G-Enabled Vehicular Networks," Applied Sciences, vol. 12, no. 3, Jan. 2022, Art. no. 1383. DOI: https://doi.org/10.3390/app12031383

A. A. Almazroi, E. A. Aldhahri, M. A. Al-Shareeda, and S. Manickam, "ECA-VFog: An efficient certificateless authentication scheme for 5G-assisted vehicular fog computing," PLOS ONE, vol. 18, no. 6, 2023, Art. no. e028729. DOI: https://doi.org/10.1371/journal.pone.0287291

M. A. Al-Shareeda, A. A. H. Ghadban, A. A. H. Glass, E. M. A. Hadi, and M. A. Almaiah, "Efficient implementation of post-quantum digital signatures on Raspberry Pi," Discover Applied Sciences, vol. 7, no. 6, Jun. 2025, Art. no. 597. DOI: https://doi.org/10.1007/s42452-025-07201-z