Deep learning-based device fingerprinting has recently
been recognized as a key enabler for automated network access
authentication. Its robustness to impersonation attacks due to the
inherent difficulty of replicating physical features is what distinguishes
it from conventional cryptographic solutions. Although
device fingerprinting has shown promising performances, its
sensitivity to changes in the network operating environment still
poses a major limitation. This paper presents an experimental
framework that aims to study and overcome the sensitivity
of LoRa-enabled device fingerprinting to such changes. We
first begin by describing RF datasets we collected using our
LoRa-enabled wireless device testbed. We then propose a new
fingerprinting technique that exploits out-of-band distortion
information caused by hardware impairments to increase the
fingerprinting accuracy. Finally, we experimentally study and
analyze the sensitivity of LoRa RF fingerprinting to various
network setting changes. Our results show that fingerprinting
does relatively well when the learning models are trained and
tested under the same settings. However, when trained and tested
under different settings, these models exhibit moderate sensitivity
to channel condition changes and severe sensitivity to protocol
configuration and receiver hardware changes when IQ data is
used as input. However, with FFT data is used as input, they
perform poorly under any change.
more »
« less
Behavioral Fingerprinting of IoT Devices
The Internet-of-Things (IoT) has brought in new challenges in device identification --what the device is, and authentication --is the device the one it claims to be. Traditionally, the authentication problem is solved by means of a cryptographic protocol. However, the computational complexity of cryptographic protocols and/or problems related to key management, render almost all cryptography based authentication protocols impractical for IoT. The problem of device identification is, on the other hand, sadly neglected. Almost always an artificially created identity is softly associated with the device. We believe that device fingerprinting can be used to solve both these problems effectively. In this work, we present a methodology to perform IoT device behavioral fingerprinting that can be employed to undertake strong device identification. A device behavior is approximated using features extracted from the network traffic of the device. These features are used to train a machine learning model that can be used to detect similar device-types. We validate our approach using five-fold cross validation; we report a identification rate of 93-100 and a mean accuracy of 99%, across all our experiments. Furthermore, we show preliminary results for fingerprinting device categories, i.e., identifying different devices having similar functionality.
more »
« less
- Award ID(s):
- 1650573
- NSF-PAR ID:
- 10084590
- Date Published:
- Journal Name:
- Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security
- Page Range / eLocation ID:
- 41 to 50
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
null (Ed.)Trusted Execution Environments (TEEs) are becoming ubiquitous and are currently used in many security applications: from personal IoT gadgets to banking and databases. Prominent examples of such architectures are Intel SGX, ARM TrustZone, and Trusted Platform Modules (TPMs). A typical TEE relies on a dynamic Root of Trust (RoT) to provide security services such as code/data confidentiality and integrity, isolated secure software execution, remote attestation, and sensor auditing. Despite their usefulness, there is currently no secure means to determine whether a given security service or task is being performed by the particular RoT within a specific physical device. We refer to this as the Root of Trust Identification (RTI) problem and discuss how it inhibits security for applications such as sensing and actuation. We formalize the RTI problem and argue that security of RTI protocols is especially challenging due to local adversaries, cuckoo adversaries, and the combination thereof. To cope with this problem we propose a simple and effective protocol based on biometrics. Unlike biometric-based user authentication, our approach is not concerned with verifying user identity, and requires neither pre-enrollment nor persistent storage for biometric templates. Instead, it takes advantage of the difficulty of cloning a biometric in real-time to securely identify the RoT of a given physical device, by using the biometric as a challenge. Security of the proposed protocol is analyzed in the combined Local and Cuckoo adversarial model. Also, a prototype implementation is used to demonstrate the protocol’s feasibility and practicality. We further propose a Proxy RTI protocol, wherein a previously identified RoT assists a remote verifier in identifying new RoTs.more » « less
-
Smartphones are the most commonly used computing platform for accessing sensitive and important information placed on the Internet. Authenticating the smartphone's identity in addition to the user's identity is a widely adopted security augmentation method since conventional user authentication methods, such as password entry, often fail to provide strong protection by itself. In this paper, we propose a sensor-based device fingerprinting technique for identifying and authenticating individual mobile devices. Our technique, called MicPrint, exploits the unique characteristics of embedded microphones in mobile devices due to manufacturing variations in order to uniquely identify each device. Unlike conventional sensor-based device fingerprinting that are prone to spoofing attack via malware, MicPrint is fundamentally spoof-resistant since it uses acoustic features that are prominent only when the user blocks the microphone hole. This simple user intervention acts as implicit permission to fingerprint the sensor and can effectively prevent unauthorized fingerprinting using malware. We implement MicPrint on Google Pixel 1 and Samsung Nexus to evaluate the accuracy of device identification. We also evaluate its security against simple raw data attacks and sophisticated impersonation attacks. The results show that after several incremental training cycles under various environmental noises, MicPrint can achieve high accuracy and reliability for both smartphone models.more » « less
-
more » « less
Abstract Rapid advances in the Internet‐of‐Things (IoT) domain have led to the development of several useful and interesting devices that have enhanced the quality of home living and industrial automation. The vulnerabilities in the IoT devices have rendered them susceptible to compromise and forgery. The problem of device authentication, that is, the question of whether a device's identity is what it claims to be, is still an open problem. Device fingerprinting seems to be a promising authentication mechanism. Device fingerprinting profiles a device based on information available about the device and generate a robust, verifiable and unique identity for the device. Existing approaches for device fingerprinting may not be feasible or cost‐effective for the IoT domain due to the resource constraints and heterogeneity of the IoT devices. Due to resource and cost constraints, behavioral fingerprinting provides promising directions for fingerprinting IoT devices. Behavioral fingerprinting allows security researchers to understand the behavioral profile of a device and to establish some guidelines regarding the device operations. In this article, we discuss existing approaches for behavioral fingerprinting of devices in general and evaluate their applicability for IoT devices. Furthermore, we discuss potential approaches for fingerprinting IoT devices and give an overview of some of the preliminary attempts to fingerprint IoT devices. We conclude by highlighting the future research directions for fingerprinting in the IoT domain.
This article is categorized under:
Application Areas > Science and Technology
Application Areas > Internet
Technologies > Machine Learning
Application Areas > Industry Specific Applications
-
null (Ed.)The Host Identity Protocol (HIP) has emerged as the most suitable solution to uniquely identify smart devices in the mobile and distributed Internet of Things (IoT) systems, such as smart cities, homes, cars, and healthcare. The HIP provides authentication methods that enable secure communications between HIP peers. However, the authentication methods provided by the HIP cannot be adopted by the IoT devices with limited processing power because of the computation-intensive cryptographic operations involved in hash generation, signature validation, and session key establishment. Moreover, IoT devices cannot utilize the HIP as is to communicate securely in the low power and lossy networks as there is a considerable communication overhead, such as packet fragmentation and reassembly, for exchanging certificates over a lossy link. Additionally, the use of static host identifiers makes IoT devices vulnerable to cyber espionage and user-targeted attacks. In this article, we propose an authentication scheme, P-HIP, that protects the identity privacy of an IoT device by enabling the device to compute and use unique host identifiers from networks to networks and sessions to sessions. To make the HIP suitable for resource-constrained IoT devices, P-HIP provides methods that unburden IoT devices from computation-intensive operations, such as modular exponentiation, involved in authentication and session-key exchange. Additionally, P-HIP minimizes the communication overheads for exchanging certificates in lossy networks. We implement a prototype of P-HIP on Contiki enabled IoT that shows P-HIP can reduce computation costs, communication overheads, and the session-key establishment time when used by low-powered devices in a lossy network.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1145/3266444.3266452
