An Intelligent Fingerprinting Technique for Low-Power Embedded IoT Devices

Abstract

The Internet of Things (IoT) has been a popular topic for research and development in the past decade. The resource-constrained and wireless nature of IoT devices presents a large surface of vulnerabilities, and traditional network security methods involving complex cryptography are not feasible. Studies show that Denial of Service (DoS), physical intrusion, spoofing, and node forgery are prevalent threats in the IoT, and there is a need for robust, lightweight device fingerprinting schemes. We identify eight criteria of effective fingerprinting methods for resource-constrained IoT devices and propose an intelligent, lightweight, whitelist-based fingerprinting method that satisfies these properties. The proposed method uses the power-up Static Random Access Memory (SRAM) stack as fingerprint features and autoencoder networks (AEN) for fingerprint registration and verification. We also present a threat mitigation framework based on network isolation levels to handle potential and identified threats. Experiments are conducted with a heterogeneous pool of 10 advanced virtual reduced instruction set computer (AVR) Harvard architecture prover devices from different vendors, and Dell Latitude and Dell XPS 13 laptops are used as verifier testbeds. The proposed method has a 99.9% accuracy, 100% precision, and 99.6% recall on known and unknown heterogeneous devices, which is an improvement over several past works. The independence of fingerprints stored in the AENs enables easy distribution and update, and the observed evaluation latency ( $\sim$ $10^{-4}$ s) and data collection latency ( $\sim$ $1$ s) make our method practical for real-world scenarios. Lastly, we analyze the proposed method with regard to the eight criteria and highlight its limitations for future improvement.