Fingerprinting Analog IoT Sensors for Secret-Free Authentication

TL;DR

This paper presents a novel hardware fingerprinting method for IoT sensors that enables secret-free authentication by analyzing their analog circuit behavior, effectively detecting tampering or replacement.

Contribution

It introduces a new technique exploiting analog circuit characteristics for sensor fingerprinting, addressing the lack of physical tampering detection in IoT security.

Findings

High accuracy in sensor identification with few recordings

Effective detection of sensor replacement or tampering

Applicable to commercial temperature sensors

Abstract

Especially in context of critical urban infrastructures, trust in IoT data is of utmost importance. While most technology stacks provide means for authentication and encryption of device-to-cloud traffic, there are currently no mechanisms to rule out physical tampering with an IoT device's sensors. Addressing this gap, we introduce a new method for extracting a hardware fingerprint of an IoT sensor which can be used for secret-free authentication. By comparing the fingerprint against reference measurements recorded prior to deployment, we can tell whether the sensing hardware connected to the IoT device has been changed by environmental effects or with malicious intent. Our approach exploits the characteristic behavior of analog circuits, which is revealed by applying a fixed-frequency alternating current to the sensor, while recording its output voltage. To demonstrate the general feasibility of our method, we apply it to four commercially available temperature sensors using laboratory equipment and evaluate the accuracy. The results indicate that with a sensible configuration of the two hyperparameters we can identify individual sensors with high probability, using only a few recordings from the target device.