Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Domain-Agnostic Hardware Fingerprinting-Based Device Identifier for Zero-Trust IoT Security

Abdurrahman Elmaghbub, Bechir Hamdaoui

TL;DR

The paper tackles the challenge of securely identifying IoT devices under the Zero Trust paradigm when devices are resource-constrained and face domain shifts. It introduces EPS-CNN, which leverages a novel Double-Sided Envelope Power Spectrum (EPS) representation derived from the IQ signal envelope, combined with a CNN to create hardware-based device identities that remain robust to channel, time, and location changes. The framework includes secure enrollment, rogue-device detection, and continuous RF-based authentication, and validates performance on a testbed of 15 WiFi devices, achieving same-domain accuracy >99%, cross-day ~93%, and cross-location ~95%. This domain-agnostic fingerprinting approach enhances authentication reliability and privacy in Zero Trust IoT deployments, reducing reliance on traditional credentials and MAC-based policy enforcement.

Abstract

Next-generation networks aim for comprehensive connectivity, interconnecting humans, machines, devices, and systems seamlessly. This interconnectivity raises concerns about privacy and security, given the potential network-wide impact of a single compromise. To address this challenge, the Zero Trust (ZT) paradigm emerges as a key method for safeguarding network integrity and data confidentiality. This work introduces EPS-CNN, a novel deep-learning-based wireless device identification framework designed to serve as the device authentication layer within the ZT architecture, with a focus on resource-constrained IoT devices. At the core of EPS-CNN, a Convolutional Neural Network (CNN) is utilized to generate the device identity from a unique RF signal representation, known as the Double-Sided Envelope Power Spectrum (EPS), which effectively captures the device-specific hardware characteristics while ignoring device-unrelated information. Experimental evaluations show that the proposed framework achieves over 99%, 93%, and 95% testing accuracy when tested in same-domain (day, location, and channel), cross-day, and cross-location scenarios, respectively. Our findings demonstrate the superiority of the proposed framework in enhancing the accuracy, robustness, and adaptability of deep learning-based methods, thus offering a pioneering solution for enabling ZT IoT device identification.

Domain-Agnostic Hardware Fingerprinting-Based Device Identifier for Zero-Trust IoT Security

TL;DR

The paper tackles the challenge of securely identifying IoT devices under the Zero Trust paradigm when devices are resource-constrained and face domain shifts. It introduces EPS-CNN, which leverages a novel Double-Sided Envelope Power Spectrum (EPS) representation derived from the IQ signal envelope, combined with a CNN to create hardware-based device identities that remain robust to channel, time, and location changes. The framework includes secure enrollment, rogue-device detection, and continuous RF-based authentication, and validates performance on a testbed of 15 WiFi devices, achieving same-domain accuracy >99%, cross-day ~93%, and cross-location ~95%. This domain-agnostic fingerprinting approach enhances authentication reliability and privacy in Zero Trust IoT deployments, reducing reliance on traditional credentials and MAC-based policy enforcement.

Abstract

Next-generation networks aim for comprehensive connectivity, interconnecting humans, machines, devices, and systems seamlessly. This interconnectivity raises concerns about privacy and security, given the potential network-wide impact of a single compromise. To address this challenge, the Zero Trust (ZT) paradigm emerges as a key method for safeguarding network integrity and data confidentiality. This work introduces EPS-CNN, a novel deep-learning-based wireless device identification framework designed to serve as the device authentication layer within the ZT architecture, with a focus on resource-constrained IoT devices. At the core of EPS-CNN, a Convolutional Neural Network (CNN) is utilized to generate the device identity from a unique RF signal representation, known as the Double-Sided Envelope Power Spectrum (EPS), which effectively captures the device-specific hardware characteristics while ignoring device-unrelated information. Experimental evaluations show that the proposed framework achieves over 99%, 93%, and 95% testing accuracy when tested in same-domain (day, location, and channel), cross-day, and cross-location scenarios, respectively. Our findings demonstrate the superiority of the proposed framework in enhancing the accuracy, robustness, and adaptability of deep learning-based methods, thus offering a pioneering solution for enabling ZT IoT device identification.
Paper Structure (20 sections, 6 figures)

This paper contains 20 sections, 6 figures.

Table of Contents

  1. Introduction
  2. Understanding the Impact of Oscillator's Frequency Inaccuracy on IQ Signal Behavior
  3. The Carrier Frequency Offset (CFO)
  4. The Impact of Oscillator's Frequency Inaccuracy
  5. What Causes the Observed IQ Envelope Behavior?
  6. Distinguishable IoT Device Identification Through Novel RF Signal Representation
  7. The Proposed Double-Sided Envelope's Power Spectrum (EPS) Representation
  8. EPS Distinguishability Across Different Devices
  9. EPS Robustness to Domain Changes
  10. Channel-Agnostic Fingerprinting
  11. Location-Agnostic Fingerprinting
  12. EPS-Based Fingerprinting Framework for Domain-Agnostic Device Identification
  13. An Overview of the Proposed EPS-CNN Framework
  14. Performance Metrics
  15. Device Identification Results and Analysis
  16. ...and 5 more sections

Figures (6)

  • Figure 1: The time-domain IQ signal behavior across four different Pycom/IoT devices.
  • Figure 2: Simulated time-domain I signal component.
  • Figure 3: The EPS representation of 10 devices.
  • Figure 4: EPS representation resiliency across the channel and location domains
  • Figure 5: IoT Testbed consisting of 15 Pycom transmitting devices and a USRP B210 receiving device
  • ...and 1 more figures