Algorithm 1 The mutual authentication between IoT device and server.

Input: An IoT device with identity IDd, and server that stores the IoT device’s information (SRAMk, CRP, and IDd);

Output: A mutual authentication between the IoT device and the server;

Begin

1: The IoT device generates a SRAM PUF cryptography key SRAMk, a timestamp TS1, and HMAC(SRAMk, TS1) message;

2: IoT device sends its IDd, TS1, and HMAC(SRAMk, TS1) message to the server;

3: If (the server finds IDd in its repository) then

4:   The server loads the SRAMk, and CRP (C, R) that belongs to the IDd from its repository to its memory;

5:   The server calculates HMAC(SRAMk, TS1) message;

6:   If (the calculated hash message in step 5 matches the hash message that was sent in step 2)

then

7:     The server generates a timestamp TS2, calculates (C ‖ TS2), and generates HMAC(SRAMk, C ‖ TS2) message;

8:     The server sends C, TS2, and HMAC(SRAMk, C ‖ TS2) message to the IoT device;

9:   else

Go to step 21;

end if

10: else

Go to step 21;

end if

11: The IoT device calculates (C ‖ TS2), and generates HMAC(SRAMk, C ‖ TS2) message;

12: If (the calculated hash message in step 11 matches the hash message that was sent in step 8)

then

The authenticity of the server is verified;

13:   The IoT device passes the challenge C to its Arbiter PUF, and generates a response R;

14:   The IoT device generates a timestamp TS3, calculates (R ‖ TS3), and generates HMAC(SRAMk, R ‖ TS3) message;

15: The IoT device sends TS3, and HMAC(SRAMk, R ‖ TS3) message to the server;

16: else

Go to step 21;

end if

17: The server calculates (R ‖ TS3), and generates HMAC(SRAMk, R ‖ TS3) message;

18: If (the calculated hash message in step 17 matches the hash message that was sent in step 15)

then

The authenticity of the IoT device is verified;

19:   A mutual authentication between the IoT device and the server is established;

20: else

Go to step 21;

then

21: Stop (terminates the connection);

End