research-article

Public Access

Behavioral Fingerprinting of IoT Devices

Authors:

Bruhadeshwar Bezawada,

Maalvika Bachani,

Jordan Peterson,

Hossein Shirazi,

Indrajit RayAuthors Info & Claims

ASHES '18: Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security

Pages 41 - 50

https://doi.org/10.1145/3266444.3266452

Published: 15 January 2018 Publication History

Abstract

The Internet-of-Things (IoT) has brought in new challenges in device identification --what the device is, and authentication --is the device the one it claims to be. Traditionally, the authentication problem is solved by means of a cryptographic protocol. However, the computational complexity of cryptographic protocols and/or problems related to key management, render almost all cryptography based authentication protocols impractical for IoT. The problem of device identification is, on the other hand, sadly neglected. Almost always an artificially created identity is softly associated with the device. We believe that device fingerprinting can be used to solve both these problems effectively. In this work, we present a methodology to perform IoT device behavioral fingerprinting that can be employed to undertake strong device identification. A device behavior is approximated using features extracted from the network traffic of the device. These features are used to train a machine learning model that can be used to detect similar device-types. We validate our approach using five-fold cross validation; we report a identification rate of 93-100 and a mean accuracy of 99%, across all our experiments. Furthermore, we show preliminary results for fingerprinting device categories, i.e., identifying different devices having similar functionality.

References

[1]

Chrisil Arackaparambil, Sergey Bratus, Anna Shubina, and David Kotz. 2010. On the Reliability of Wireless Fingerprinting Using Clock Skews. In Proc. of the Third ACM WiSec . ACM, New York, NY, USA, 169--174.

Digital Library

[2]

Sergey Bratus, Cory Cornelius, David Kotz, and Daniel Peebles. 2008. Active Behavioral Fingerprinting of Wireless Devices. In Proc. of 1st ACM WiSec (WiSec '08). ACM, New York, NY, USA, 56--61.

Digital Library

[3]

Vladimir Brik, Suman Banerjee, Marco Gruteser, and Sangho Oh. 2008. Wireless device identification with radiometric signatures. In Proc. of the 14th ACM MOBICOM . ACM, 116--127.

Digital Library

[4]

David Formby, Preethi Srinivasan, Andrew Leonard, Jonathan Rogers, and Raheem A. Beyah. 2016. Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems. In 23rd Annual ISOC NDSS .

[5]

Jé rô me Francc ois, Humberto J. Abdelnur, Radu State, and Olivier Festor. 2009. Automated Behavioral Fingerprinting. In Proc. of the 12th RAID Symposium . 182--201.

Digital Library

[6]

Jé rô me Francc ois, Humberto J. Abdelnur, Radu State, and Olivier Festor. 2010. Machine Learning Techniques for Passive Network Inventory. IEEE Trans. Network and Service Management, Vol. 7, 4 (2010), 244--257.

Digital Library

[7]

Jason Franklin and Damon McCoy. 2006. Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting. In Proc. of the 15th USENIX Security Symposium, Vancouver, BC, Canada, July 31 - August 4 .

Digital Library

[8]

Jerome H Friedman. 2002. Stochastic Gradient Boosting. Computational Statistics & Data Analysis, Vol. 38, 4 (2002), 367--378.

Digital Library

[9]

Ke Gao, Cherita Corbett, and Raheem Beyah. 2010. A passive approach to wireless device fingerprinting. In Proc. of IEEE/IFIP DSN. IEEE, 383--392.

[10]

John Greenough. 2016. How the "Internet of Things? will impact consumers, businesses, and governments in 2016 and beyond. http://www.businessinsider.com/how-the-internet-of-things-market-will-grow-2014--10?r=DE&IR=T. Last accessed: March 7th, 2018.

[11]

Suman Jana and Sneha K Kasera. 2010. On fast and accurate detection of unauthorized wireless access points using clock skews. IEEE Trans. on Mobile Computing, Vol. 9, 3 (2010), 449--462.

Digital Library

[12]

Amir R Khakpour and Alex X Liu. 2013. An information-theoretical approach to high-speed flow nature identification. IEEE/ACM Trans. on Networking, Vol. 21, 4 (2013), 1076--1089.

Digital Library

[13]

Tadayoshi Kohno, Andre Broido, and Kimberly C. Claffy. 2005. Remote Physical Device Fingerprintin. IEEE Trans. Dependable and Secure Computing, Vol. 2, 2 (2005), 93--108.

Digital Library

[14]

Brian Krebs. 2017. Mirai IoT Botnet Co-Authors Plead Guilty - Krebs on Security. https://krebsonsecurity.com/tag/mirai-botnet/

[15]

Andreas Kurtz, Hugo Gascon, Tobias Becker, Konrad Rieck, and Felix Freiling. 2016. Fingerprinting mobile devices using personalized configurations. Proc. on Privacy Enhancing Technologies 1 (2016), 4--19.

[16]

Rokach Lior. 2014. Data Mining with Decision Trees: Theory and Applications. Vol. 81. World Scientific.

Digital Library

[17]

Richard Lippmann, David Fried, Keith Piwowarski, and William Streilein. 2003. Passive operating system identification from TCP/IP packet headers. In Workshop on Data Mining for Computer Security. 40.

[18]

Alvin Martin, George Doddington, Terri Kamm, Mark Ordowski, and Mark Przybocki. 1997. The DET curve in assessment of detection task performance . Technical Report. National Inst of Standards and Technology Gaithersburg MD.

[19]

Llew Mason, Jonathan Baxter, Peter L Bartlett, and Marcus R Frean. 2000. Boosting Algorithms as Gradient Descent. In In Proc. of NIPS. 512--518.

Digital Library

[20]

Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N. Asokan, Ahmad-Reza Sadeghi, and Sasu Tarkoma. 2017. IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT. In Proc. of 37th IEEE ICDCS . 2177--2184.

[21]

Jeffrey Pang, Ben Greenstein, Ramakrishna Gummadi, Srinivasan Seshan, and David Wetherall. 2007. 802.11 user fingerprinting. In In Proc. of the 13th ACM MOBICOM. ACM, 99--110.

Digital Library

[22]

Fabian Pedregosa, Gaël Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, et almbox. 2011. Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research, Vol. 12, Oct (2011), 2825--2830.

Digital Library

[23]

Sakthi Vignesh Radhakrishnan, A. Selcuk Uluagac, and Raheem A. Beyah. 2015. GTID: A Technique for Physical Device and Device Type Fingerprinting. IEEE Trans. Dependable and Secure Computing, Vol. 12, 5 (2015), 519--532.

Digital Library

[24]

Senrio. 2016. 400,000 publicly available IoT devices vul- nerable to single flaw. http://blog.senr.io/blog/400000-publicly-available-iot-devices-vulnerable-to-single-flaw. Last accessed: 7th March 2018.

[25]

Sandra Siby, Rajib Ranjan Maiti, and Nils Tippenhauer. 2017. IoTScanner: Detecting and Classifying Privacy Threats in IoT Neighborhoods. arXiv preprint arXiv:1701.05007 (2017).

[26]

A. S. Uluagac, S. V. Radhakrishnan, C. Corbett, A. Baca, and R. Beyah. 2013. A passive technique for fingerprinting wireless devices with Wired-side Observations. In Proc. of IEEE CNS. 305--313.

[27]

Tom Van Goethem, Wout Scheepers, Davy Preuveneers, and Wouter Joosen. 2016. Accelerometer-based device fingerprinting for multi-factor mobile authentication. In Int. Symp. on Engineering Secure Software and Systems. Springer, 106--121.

Digital Library

Cited By

Pasquini AVasa RLogothetis IHabibi Gharakheili HChambers ATran M(2025)Robust and Lightweight Modeling of IoT Network Behaviors From Raw Traffic PacketsIEEE Transactions on Machine Learning in Communications and Networking10.1109/TMLCN.2024.35176133(98-116)Online publication date: 2025
https://doi.org/10.1109/TMLCN.2024.3517613
Fan LWu BShen XHe JSong GYang GXiang CMa DHuang Y(2025)HGExplainer: Heterogeneous Graph Explainer for IoT Device IdentificationIEEE Transactions on Mobile Computing10.1109/TMC.2024.348671724:3(1877-1894)Online publication date: Mar-2025
https://doi.org/10.1109/TMC.2024.3486717
Chaudhary PAgrawal AMaiti R(2025)TinyDevID: TinyML-Driven IoT Devices IDentification Using Network Flow Data2025 17th International Conference on COMmunication Systems and NETworks (COMSNETS)10.1109/COMSNETS63942.2025.10885715(1335-1340)Online publication date: 6-Jan-2025
https://doi.org/10.1109/COMSNETS63942.2025.10885715
Show More Cited By

Recommendations

FL4IoT: IoT Device Fingerprinting and Identification Using Federated Learning
Unidentified devices in a network can result in devastating consequences. It is, therefore, necessary to fingerprint and identify IoT devices connected to private or critical networks. With the proliferation of massive but heterogeneous IoT devices, it is ...
A Survey on IoT Profiling, Fingerprinting, and Identification
The proliferation of heterogeneous Internet of things (IoT) devices connected to the Internet produces several operational and security challenges, such as monitoring, detecting, and recognizing millions of interconnected IoT devices. Network and system ...
Fingerprinting IIoT Devices Through Machine Learning Techniques
Abstract
From a security perspective, identifying Industrial Internet of Things (IIoT) devices connected to a network has multiple applications such as penetration testing, vulnerability assessment, etc. In this work, we propose a feature-based methodology ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASHES '18: Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security

October 2018

88 pages

ISBN:9781450359962

DOI:10.1145/3266444

General Chairs:
Chip Hong Chang
NTU Singapore
,
Ulrich Rührmair
Ruhr-University Bochum
,
Program Chairs:
Daniel Holcomb
UMass Amherst
,
Jorge Guajardo
Robert Bosch LLC - RTC

Copyright © 2018 ACM.

© 2018 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the United States Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 January 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15 - 19, 2018

Toronto, Canada

Acceptance Rates

Overall Acceptance Rate 6 of 20 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

137
Total Citations
View Citations
3,019
Total Downloads

Downloads (Last 12 months)534
Downloads (Last 6 weeks)68

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pasquini AVasa RLogothetis IHabibi Gharakheili HChambers ATran M(2025)Robust and Lightweight Modeling of IoT Network Behaviors From Raw Traffic PacketsIEEE Transactions on Machine Learning in Communications and Networking10.1109/TMLCN.2024.35176133(98-116)Online publication date: 2025
https://doi.org/10.1109/TMLCN.2024.3517613
Fan LWu BShen XHe JSong GYang GXiang CMa DHuang Y(2025)HGExplainer: Heterogeneous Graph Explainer for IoT Device IdentificationIEEE Transactions on Mobile Computing10.1109/TMC.2024.348671724:3(1877-1894)Online publication date: Mar-2025
https://doi.org/10.1109/TMC.2024.3486717
Chaudhary PAgrawal AMaiti R(2025)TinyDevID: TinyML-Driven IoT Devices IDentification Using Network Flow Data2025 17th International Conference on COMmunication Systems and NETworks (COMSNETS)10.1109/COMSNETS63942.2025.10885715(1335-1340)Online publication date: 6-Jan-2025
https://doi.org/10.1109/COMSNETS63942.2025.10885715
Fouad YAbdelaziz NElshewey A(2024)IoT Traffic Parameter Classification based on Optimized BPSO for Enabling Green Wireless NetworksEngineering, Technology & Applied Science Research10.48084/etasr.923014:6(18929-18934)Online publication date: 2-Dec-2024
https://doi.org/10.48084/etasr.9230
Zhong YPan MChen YXu W(2024)Res-DFNN: An NN-Based Device Fingerprint Extraction Method Using Network Packet DataSymmetry10.3390/sym1604044316:4(443)Online publication date: 6-Apr-2024
https://doi.org/10.3390/sym16040443
Moure-Garrido MGarcia-Rubio CCampo C(2024)Reducing DNS Traffic to Enhance Home IoT Device PrivacySensors10.3390/s2409269024:9(2690)Online publication date: 24-Apr-2024
https://doi.org/10.3390/s24092690
Neto EDadkhah SSadeghi SMolyneaux H(2024)Mitigating Adversarial Attacks against IoT ProfilingElectronics10.3390/electronics1313264613:13(2646)Online publication date: 5-Jul-2024
https://doi.org/10.3390/electronics13132646
Zeng TYe KLou FChang YYin MHu T(2024)Dual-IoTID: A Session-Based Dual IoT Device Identification ModelApplied Sciences10.3390/app1411474114:11(4741)Online publication date: 30-May-2024
https://doi.org/10.3390/app14114741
Alyahya TAniello LSassone V(2024)ScaNeF-IoT: Scalable Network Fingerprinting for IoT DeviceProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670892(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670892
Qu JMa XLiu WSang HLi JXue LLuo XLi ZFeng LGuan X(2024)On Smartly Scanning of the Internet of ThingsIEEE/ACM Transactions on Networking10.1109/TNET.2023.331216232:2(1019-1034)Online publication date: Apr-2024
https://doi.org/10.1109/TNET.2023.3312162
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten