Fingerprinting Analog IoT Sensors for Secret-Free Authentication
This addresses the gap in IoT security for critical urban infrastructures by providing a mechanism to detect sensor tampering, though it is incremental as it builds on existing analog circuit analysis techniques.
The paper tackles the problem of physical tampering with IoT sensors in critical infrastructures by introducing a method to extract hardware fingerprints from analog sensors for secret-free authentication, achieving high probability identification of individual sensors with a sensible hyperparameter configuration.
Especially in context of critical urban infrastructures, trust in IoT data is of utmost importance. While most technology stacks provide means for authentication and encryption of device-to-cloud traffic, there are currently no mechanisms to rule out physical tampering with an IoT device's sensors. Addressing this gap, we introduce a new method for extracting a hardware fingerprint of an IoT sensor which can be used for secret-free authentication. By comparing the fingerprint against reference measurements recorded prior to deployment, we can tell whether the sensing hardware connected to the IoT device has been changed by environmental effects or with malicious intent. Our approach exploits the characteristic behavior of analog circuits, which is revealed by applying a fixed-frequency alternating current to the sensor, while recording its output voltage. To demonstrate the general feasibility of our method, we apply it to four commercially available temperature sensors using laboratory equipment and evaluate the accuracy. The results indicate that with a sensible configuration of the two hyperparameters we can identify individual sensors with high probability, using only a few recordings from the target device.