This study addresses the lack of a unified and scalable authentication mechanism for heterogeneous IoT devices employing diverse physical unclonable functions (PUFs). To overcome this challenge, the authors propose a reference-data-free open-set PUF authentication framework that encodes raw responses from various PUF types—including strong, weak, and hybrid variants—into a common image representation. Coupled with an OpenGAN-based classifier, the framework enables one-shot authentication while effectively rejecting impostors. Notably, it is the first approach to support unified open-set authentication across heterogeneous PUFs, breaking the scalability barrier of prior methods limited to 3–5 devices and demonstrating efficient authentication of up to 45 distinct devices. Experimental results show 100% closed-set accuracy and near-zero open-set error rates across four noisy PUF datasets, with a Raspberry Pi prototype achieving single authentication in just 0.67 seconds—approximately 30× faster than existing open-set baselines.

As modern cyber systems scale to include large populations of heterogeneous IoT devices, securing them against impersonation and forgery is a critical cybersecurity challenge. Physical Unclonable Functions (PUFs) offer a lightweight, hardware-rooted trust anchor for IoT security. However, different PUF architectures possess distinct challenge-response spaces and raw response reliabilities, making existing authentication protocols PUF-type specific. To bridge this interoperability bottleneck, this paper proposes a scalable, helper-data-free, open-set PUF authentication framework that leverages an OpenGAN-based classifier to manage heterogeneous fleets of IoT devices. Our method addresses the limitations of traditional database-centric and digital-twin modeling methods by encoding raw responses from diverse PUF types, including strong, weak and hybrid PUFs, into a unified image representation. This enables robust, single-pass classification and impostor rejection. We integrate the classifier into a generic protocol employing hybrid encryption and Bloom filter-based replay detection. Evaluated across four different types of noisy PUF data (Arbiter, SRAM, DRAM, and heterogeneous PUFs), our framework achieves 100% closed-set accuracy and near-zero open-set error rates with up to 45 devices, a significant improvement over the 3 to 5 devices in prior classification-based approaches. Prototyped on a Raspberry Pi, our framework completes one authentication cycle within 0.67 s, approximately 30x faster than the state-of-the-art open-set baselines.