ABSTRACT
The Internet-of-Things (IoT) has brought in new challenges in device identification --what the device is, and authentication --is the device the one it claims to be. Traditionally, the authentication problem is solved by means of a cryptographic protocol. However, the computational complexity of cryptographic protocols and/or problems related to key management, render almost all cryptography based authentication protocols impractical for IoT. The problem of device identification is, on the other hand, sadly neglected. Almost always an artificially created identity is softly associated with the device. We believe that device fingerprinting can be used to solve both these problems effectively. In this work, we present a methodology to perform IoT device behavioral fingerprinting that can be employed to undertake strong device identification. A device behavior is approximated using features extracted from the network traffic of the device. These features are used to train a machine learning model that can be used to detect similar device-types. We validate our approach using five-fold cross validation; we report a identification rate of 93-100 and a mean accuracy of 99%, across all our experiments. Furthermore, we show preliminary results for fingerprinting device categories, i.e., identifying different devices having similar functionality.
- Chrisil Arackaparambil, Sergey Bratus, Anna Shubina, and David Kotz. 2010. On the Reliability of Wireless Fingerprinting Using Clock Skews. In Proc. of the Third ACM WiSec . ACM, New York, NY, USA, 169--174. Google ScholarDigital Library
- Sergey Bratus, Cory Cornelius, David Kotz, and Daniel Peebles. 2008. Active Behavioral Fingerprinting of Wireless Devices. In Proc. of 1st ACM WiSec (WiSec '08). ACM, New York, NY, USA, 56--61. Google ScholarDigital Library
- Vladimir Brik, Suman Banerjee, Marco Gruteser, and Sangho Oh. 2008. Wireless device identification with radiometric signatures. In Proc. of the 14th ACM MOBICOM . ACM, 116--127. Google ScholarDigital Library
- David Formby, Preethi Srinivasan, Andrew Leonard, Jonathan Rogers, and Raheem A. Beyah. 2016. Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems. In 23rd Annual ISOC NDSS .Google Scholar
- Jé rô me Francc ois, Humberto J. Abdelnur, Radu State, and Olivier Festor. 2009. Automated Behavioral Fingerprinting. In Proc. of the 12th RAID Symposium . 182--201. Google ScholarDigital Library
- Jé rô me Francc ois, Humberto J. Abdelnur, Radu State, and Olivier Festor. 2010. Machine Learning Techniques for Passive Network Inventory. IEEE Trans. Network and Service Management , Vol. 7, 4 (2010), 244--257. Google ScholarDigital Library
- Jason Franklin and Damon McCoy. 2006. Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting. In Proc. of the 15th USENIX Security Symposium, Vancouver, BC, Canada, July 31 - August 4 . Google ScholarDigital Library
- Jerome H Friedman. 2002. Stochastic Gradient Boosting. Computational Statistics & Data Analysis , Vol. 38, 4 (2002), 367--378. Google ScholarDigital Library
- Ke Gao, Cherita Corbett, and Raheem Beyah. 2010. A passive approach to wireless device fingerprinting. In Proc. of IEEE/IFIP DSN. IEEE, 383--392.Google Scholar
- John Greenough. 2016. How the "Internet of Things? will impact consumers, businesses, and governments in 2016 and beyond. http://www.businessinsider.com/how-the-internet-of-things-market-will-grow-2014--10?r=DE&IR=T. Last accessed: March 7th, 2018.Google Scholar
- Suman Jana and Sneha K Kasera. 2010. On fast and accurate detection of unauthorized wireless access points using clock skews. IEEE Trans. on Mobile Computing , Vol. 9, 3 (2010), 449--462. Google ScholarDigital Library
- Amir R Khakpour and Alex X Liu. 2013. An information-theoretical approach to high-speed flow nature identification. IEEE/ACM Trans. on Networking , Vol. 21, 4 (2013), 1076--1089. Google ScholarDigital Library
- Tadayoshi Kohno, Andre Broido, and Kimberly C. Claffy. 2005. Remote Physical Device Fingerprintin. IEEE Trans. Dependable and Secure Computing , Vol. 2, 2 (2005), 93--108. Google ScholarDigital Library
- Brian Krebs. 2017. Mirai IoT Botnet Co-Authors Plead Guilty - Krebs on Security. https://krebsonsecurity.com/tag/mirai-botnet/Google Scholar
- Andreas Kurtz, Hugo Gascon, Tobias Becker, Konrad Rieck, and Felix Freiling. 2016. Fingerprinting mobile devices using personalized configurations. Proc. on Privacy Enhancing Technologies 1 (2016), 4--19.Google ScholarCross Ref
- Rokach Lior. 2014. Data Mining with Decision Trees: Theory and Applications. Vol. 81. World Scientific. Google ScholarDigital Library
- Richard Lippmann, David Fried, Keith Piwowarski, and William Streilein. 2003. Passive operating system identification from TCP/IP packet headers. In Workshop on Data Mining for Computer Security. 40.Google Scholar
- Alvin Martin, George Doddington, Terri Kamm, Mark Ordowski, and Mark Przybocki. 1997. The DET curve in assessment of detection task performance . Technical Report. National Inst of Standards and Technology Gaithersburg MD.Google Scholar
- Llew Mason, Jonathan Baxter, Peter L Bartlett, and Marcus R Frean. 2000. Boosting Algorithms as Gradient Descent. In In Proc. of NIPS. 512--518. Google ScholarDigital Library
- Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N. Asokan, Ahmad-Reza Sadeghi, and Sasu Tarkoma. 2017. IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT. In Proc. of 37th IEEE ICDCS . 2177--2184.Google Scholar
- Jeffrey Pang, Ben Greenstein, Ramakrishna Gummadi, Srinivasan Seshan, and David Wetherall. 2007. 802.11 user fingerprinting. In In Proc. of the 13th ACM MOBICOM. ACM, 99--110. Google ScholarDigital Library
- Fabian Pedregosa, Gaël Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, et almbox. 2011. Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research , Vol. 12, Oct (2011), 2825--2830. Google ScholarDigital Library
- Sakthi Vignesh Radhakrishnan, A. Selcuk Uluagac, and Raheem A. Beyah. 2015. GTID: A Technique for Physical Device and Device Type Fingerprinting. IEEE Trans. Dependable and Secure Computing , Vol. 12, 5 (2015), 519--532.Google ScholarDigital Library
- Senrio. 2016. 400,000 publicly available IoT devices vul- nerable to single flaw. http://blog.senr.io/blog/400000-publicly-available-iot-devices-vulnerable-to-single-flaw. Last accessed: 7th March 2018.Google Scholar
- Sandra Siby, Rajib Ranjan Maiti, and Nils Tippenhauer. 2017. IoTScanner: Detecting and Classifying Privacy Threats in IoT Neighborhoods. arXiv preprint arXiv:1701.05007 (2017).Google Scholar
- A. S. Uluagac, S. V. Radhakrishnan, C. Corbett, A. Baca, and R. Beyah. 2013. A passive technique for fingerprinting wireless devices with Wired-side Observations. In Proc. of IEEE CNS. 305--313.Google Scholar
- Tom Van Goethem, Wout Scheepers, Davy Preuveneers, and Wouter Joosen. 2016. Accelerometer-based device fingerprinting for multi-factor mobile authentication. In Int. Symp. on Engineering Secure Software and Systems. Springer, 106--121. Google ScholarDigital Library
Index Terms
- Behavioral Fingerprinting of IoT Devices
Recommendations
A Survey on IoT Profiling, Fingerprinting, and Identification
The proliferation of heterogeneous Internet of things (IoT) devices connected to the Internet produces several operational and security challenges, such as monitoring, detecting, and recognizing millions of interconnected IoT devices. Network and system ...
IoT device fingerprinting for relieving pressure in the access control
ACM TURC '19: Proceedings of the ACM Turing Celebration Conference - ChinaAs mass devices access to network in the era of the Internet of Things (IoT), the network access control becomes more important. Traditional authentication mechanisms are no longer suitable for IoT devices with limited physical and computational ...
Fingerprinting IIoT Devices Through Machine Learning Techniques
AbstractFrom a security perspective, identifying Industrial Internet of Things (IIoT) devices connected to a network has multiple applications such as penetration testing, vulnerability assessment, etc. In this work, we propose a feature-based methodology ...
Comments