Device Identity and Trust in IoT-sphere Forsaking Cryptography

With the exponential growth of the Internet of Things (IoT) ecosystem there is increasing concern regarding how to ensure its security. This is particularly critical because in this ecosystem a significant number of devices are of very low computational capabilities making them particularly vulnerable to attacks. Moreover, cryptographic techniques that are tradition- ally used for establishing trust in entities through identification and authentication also do not appear to be suitable because of computational requirements as well as scalability issues. We present a new vision for security in this ecosystem that does not rely on cryptographic techniques and yet is able to achieve strong device identity. We also present the outlines of a crypto key less trust ecosystem that can be used to implement fine-grained access control in a pragmatic manner.

[1]  Ahmad-Reza Sadeghi,et al.  AuDI: Toward Autonomous IoT Device-Type Identification Using Periodic Communication , 2019, IEEE Journal on Selected Areas in Communications.

[2]  Sneha Kumar Kasera,et al.  On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews , 2010, IEEE Transactions on Mobile Computing.

[3]  Raheem Beyah,et al.  GTID: A Technique for Physical Device and Device Type Fingerprinting , 2015, IEEE Transactions on Dependable and Secure Computing.

[4]  Radu State,et al.  Automated Behavioral Fingerprinting , 2009, RAID.

[5]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[6]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[7]  R. Lippmann,et al.  Passive Operating System Identification From TCP / IP Packet Headers * , 2003 .

[8]  Alvin F. Martin,et al.  The DET curve in assessment of detection task performance , 1997, EUROSPEECH.

[9]  Chrisil Arackaparambil,et al.  On the reliability of wireless fingerprinting using clock skews , 2010, WiSec '10.

[10]  Damon McCoy,et al.  Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting , 2006, USENIX Security Symposium.

[11]  Wouter Joosen,et al.  Accelerometer-Based Device Fingerprinting for Multi-factor Mobile Authentication , 2016, ESSoS.

[12]  Indrajit Ray,et al.  Behavioral Fingerprinting of IoT Devices , 2018, ASHES@CCS.

[13]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[14]  Felix C. Freiling,et al.  Fingerprinting Mobile Devices Using Personalized Configurations , 2016, Proc. Priv. Enhancing Technol..

[15]  Srinivasan Seshan,et al.  802.11 user fingerprinting , 2007, MobiCom '07.