The connectivity and resource-constrained nature of single-board devices open the door to cybersecurity concerns affecting Internet of Things (IoT) scenarios. One of the most important issues is the presence of unauthorized IoT devices that want to impersonate legitimate ones by using identical hardware and software specifications. This situation can provoke sensitive information leakages, data poisoning, or privilege escalation in IoT scenarios. Combining behavioral fingerprinting and Machine/Deep Learning (ML/DL) techniques is a promising approach to identify these malicious spoofing devices by detecting minor performance differences generated by imperfections in manufacturing. However, existing solutions are not suitable for single-board devices since they do not consider their hardware and software limitations, underestimate critical aspects such as fingerprint stability or context changes, and do not explore the potential of ML/DL techniques. To improve it, this work first identifies the essential properties for single-board device identification: uniqueness, stability, diversity, scalability, efficiency, robustness, and security. Then, a novel methodology relies on behavioral fingerprinting to identify identical single-board devices and meet the previous properties. The methodology leverages the different built-in components of the system and ML/DL techniques, comparing the device internal behavior with each other to detect manufacturing variations. The methodology validation has been performed in a real environment composed of 15 identical Raspberry Pi 4 B and 10 Raspberry Pi 3 B+ devices, obtaining a 91.9% average TPR and identifying all devices by setting a 50% threshold in the evaluation process. Finally, a discussion compares the proposed solution with related work, highlighting the fingerprint properties not met, and provides important lessons learned and limitations.
翻译:单板装置的连通性和资源限制性质打开了网络安全关切的大门,从而打开了影响互联网(IoT)情景情景的网络安全关切的大门。最重要的问题之一是存在未经授权的 IoT 装置,这些装置想通过使用相同的硬件和软件规格来冒冒用合法装置。这种情况可能会在IoT情景中引发敏感的信息泄漏、数据中毒或特权升级。将行为指纹和机器/深入学习(ML/DL)技术结合起来是一种很有希望的方法,通过发现制造业不完善造成的微小性能差异,来识别这些恶意涂鸦装置。然而,现有解决办法不适合单板装置,因为它们不考虑硬件和软件的限制,低估指纹稳定性或背景变化等关键方面,并且不探讨ML/DL技术的潜力。为了改进这一状况,这项工作首先确定了单板装置识别的基本特性:独特性、稳定性、多样性、可缩放、效率、坚固性和安全性。然后,一种新型方法依赖于行为指纹指纹,以识别相同的单板装置,满足以前的属性。 一种方法利用了50种硬的硬件定义,将各种内部结构中的一种内部结构中的一种测试了15种方法。