{"id":"https://openalex.org/W7117874006","doi":"https://doi.org/10.1109/milcom64451.2025.11310263","title":"SPEAK: a Secure PUF-Enabled Authentication and Key-Exchange Protocol for IoT Devices","display_name":"SPEAK: a Secure PUF-Enabled Authentication and Key-Exchange Protocol for IoT Devices","publication_year":2025,"publication_date":"2025-10-06","ids":{"openalex":"https://openalex.org/W7117874006","doi":"https://doi.org/10.1109/milcom64451.2025.11310263"},"language":null,"primary_location":{"id":"doi:10.1109/milcom64451.2025.11310263","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom64451.2025.11310263","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2025 - 2025 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5121727166","display_name":"Ian Donovan","orcid":null},"institutions":[{"id":"https://openalex.org/I52669646","display_name":"Western Washington University","ror":"https://ror.org/05wn7r715","country_code":"US","type":"education","lineage":["https://openalex.org/I52669646"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ian Donovan","raw_affiliation_strings":["Western Washington University,Department of Computer Science,Bellingham,United States of America"],"affiliations":[{"raw_affiliation_string":"Western Washington University,Department of Computer Science,Bellingham,United States of America","institution_ids":["https://openalex.org/I52669646"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054514035","display_name":"Tarek Idriss","orcid":"https://orcid.org/0000-0003-4446-9444"},"institutions":[{"id":"https://openalex.org/I52669646","display_name":"Western Washington University","ror":"https://ror.org/05wn7r715","country_code":"US","type":"education","lineage":["https://openalex.org/I52669646"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tarek Idriss","raw_affiliation_strings":["Western Washington University,Department of Computer Science,Bellingham,United States of America"],"affiliations":[{"raw_affiliation_string":"Western Washington University,Department of Computer Science,Bellingham,United States of America","institution_ids":["https://openalex.org/I52669646"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5121727166"],"corresponding_institution_ids":["https://openalex.org/I52669646"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.73085817,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1414","last_page":"1419"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10964","display_name":"Wireless Communication Security Techniques","score":0.0005000000237487257,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.0003000000142492354,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.5942000150680542},{"id":"https://openalex.org/keywords/authentication-protocol","display_name":"Authentication protocol","score":0.5509999990463257},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5475000143051147},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5267000198364258},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5254999995231628},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.48980000615119934},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.4668000042438507},{"id":"https://openalex.org/keywords/replay-attack","display_name":"Replay attack","score":0.4620000123977661},{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.45350000262260437}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7750999927520752},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.5942000150680542},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5655999779701233},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.5509999990463257},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5475000143051147},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5267000198364258},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5254999995231628},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4909999966621399},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.48980000615119934},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.4668000042438507},{"id":"https://openalex.org/C11560541","wikidata":"https://www.wikidata.org/wiki/Q1756025","display_name":"Replay attack","level":3,"score":0.4620000123977661},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.45350000262260437},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.44119998812675476},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.41830000281333923},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.39320001006126404},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.3919999897480011},{"id":"https://openalex.org/C131129157","wikidata":"https://www.wikidata.org/wiki/Q1059963","display_name":"Challenge\u2013response authentication","level":4,"score":0.3864000141620636},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.38359999656677246},{"id":"https://openalex.org/C39217717","wikidata":"https://www.wikidata.org/wiki/Q1432354","display_name":"Hardware security module","level":3,"score":0.3531000018119812},{"id":"https://openalex.org/C8643368","wikidata":"https://www.wikidata.org/wiki/Q4046262","display_name":"Physical unclonable function","level":3,"score":0.33469998836517334},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.32760000228881836},{"id":"https://openalex.org/C91069110","wikidata":"https://www.wikidata.org/wiki/Q1919060","display_name":"Reflection attack","level":5,"score":0.3124000132083893},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.29679998755455017},{"id":"https://openalex.org/C99674996","wikidata":"https://www.wikidata.org/wiki/Q1414155","display_name":"Key exchange","level":4,"score":0.29420000314712524},{"id":"https://openalex.org/C157764524","wikidata":"https://www.wikidata.org/wiki/Q1383412","display_name":"Throughput","level":3,"score":0.27379998564720154},{"id":"https://openalex.org/C128619300","wikidata":"https://www.wikidata.org/wiki/Q15263584","display_name":"Authenticated encryption","level":3,"score":0.26260000467300415},{"id":"https://openalex.org/C22111027","wikidata":"https://www.wikidata.org/wiki/Q1070427","display_name":"Internet security","level":4,"score":0.25870001316070557},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.2540000081062317}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/milcom64451.2025.11310263","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom64451.2025.11310263","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2025 - 2025 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W2112036188","https://openalex.org/W2551620606","https://openalex.org/W2801237935","https://openalex.org/W2891953071","https://openalex.org/W2901658766","https://openalex.org/W2909046507","https://openalex.org/W2909528514","https://openalex.org/W2946681730","https://openalex.org/W2978098707","https://openalex.org/W3000483445","https://openalex.org/W3013543200","https://openalex.org/W3094284910","https://openalex.org/W3094335079","https://openalex.org/W4205154926","https://openalex.org/W4281781226","https://openalex.org/W4312795443","https://openalex.org/W4385188943","https://openalex.org/W4385190039","https://openalex.org/W4388016173","https://openalex.org/W4410352943"],"related_works":[],"abstract_inverted_index":{"The":[0],"Internet":[1],"of":[2,89,116,127],"Things":[3],"(IoT)":[4],"faces":[5],"myriad":[6],"threats,":[7],"serves":[8],"countless":[9],"users,":[10],"and":[11,41,55,64,74,100,125,143,162,183],"is":[12],"largely":[13],"populated":[14],"by":[15],"computationally":[16],"constrained":[17],"devices":[18],"that":[19,33,145,156],"necessitate":[20],"lightweight":[21],"security":[22,31,108,149],"solutions.":[23],"Physically":[24],"Unclonable":[25],"Functions":[26],"(PUFs)":[27,68],"offer":[28],"a":[29,57,96,114,181],"promising":[30],"primitive":[32],"requires":[34],"minimal":[35],"computation":[36],"overhead,":[37],"consumes":[38],"little":[39],"power,":[40],"naturally":[42],"resists":[43],"physical":[44],"tampering.":[45],"In":[46],"this":[47],"work,":[48],"we":[49,131],"introduce":[50],"SPEAK":[51,90,146,157,179],"(Secure":[52],"PUF-Enabled":[53],"Authentication":[54],"Key-Exchange),":[56],"novel":[58],"protocol":[59,185],"leveraging":[60],"TRNG-powered":[61],"random":[62],"obfuscation":[63],"physically":[65],"unclonable":[66],"functions":[67],"to":[69,166],"achieve":[70],"efficient":[71],"key":[72],"exchange":[73],"built-in":[75],"authentication":[76],"without":[77],"the":[78,87],"need":[79],"for":[80,172,186],"conventional":[81],"encryption":[82],"or":[83],"hashing.":[84],"We":[85],"detail":[86],"implementation":[88],"on":[91],"an":[92],"ESP32-C3":[93],"microcontroller,":[94],"utilizing":[95],"128-bit":[97],"XOR-2":[98],"MemPUF,":[99],"evaluate":[101],"its":[102],"practical":[103,182],"deployment":[104],"over":[105],"MQTT.":[106],"Our":[107],"analysis":[109],"demonstrates":[110],"SPEAK\u2019s":[111],"resilience":[112],"against":[113,150],"range":[115],"attack":[117],"vectors,":[118],"including":[119,138],"replay":[120],"attacks,":[121,124,137],"man-in-the-middle":[122],"(MITM)":[123],"denial":[126],"service":[128],"attacks.":[129],"Furthermore,":[130],"conduct":[132],"extensive":[133],"machine":[134],"learning-based":[135],"modeling":[136],"those":[139],"employing":[140],"CMA-ES":[141],"metaheuristics,":[142],"show":[144],"maintains":[147],"robust":[148],"such":[151],"adversaries.":[152],"Experimental":[153],"results":[154],"reveal":[155],"achieves":[158],"significantly":[159],"lower":[160],"latency":[161],"improved":[163],"throughput":[164],"compared":[165],"SSL/TLS-based":[167],"solutions,":[168],"while":[169],"remaining":[170],"well-suited":[171],"ultra-lightweight":[173],"IoT":[174,191],"endpoints.":[175],"These":[176],"findings":[177],"position":[178],"as":[180],"scalable":[184],"secure":[187],"communication":[188],"in":[189],"next-generation":[190],"environments.":[192]},"counts_by_year":[],"updated_date":"2026-02-23T20:09:44.859080","created_date":"2026-01-01T00:00:00"}