From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices

TL;DR

MCU-Token is presented, a secure hardware fingerprinting framework for MCU-based IoT devices even if the cryptographic mechanisms are compromised that can defend against armored adversary who may replay, craft, and offload the requests via MitM or use both hardware and software strategies to mimic the fingerprints.

Abstract

The proliferation of consumer IoT products in our daily lives has raised the need for secure device authentication and access control. Unfortunately, these resource-constrained devices typically use token-based authentication, which is vulnerable to token compromise attacks that allow attackers to impersonate the devices and perform malicious operations by stealing the access token. Using hardware fingerprints to secure their authentication is a promising way to mitigate these threats. However, once attackers have stolen some hardware fingerprints (e.g., via MitM attacks), they can bypass the hardware authentication by training a machine learning model to mimic fingerprints or reusing these fingerprints to craft forge requests. In this paper, we present MCU-Token, a secure hardware fingerprinting framework for MCU-based IoT devices even if the cryptographic mechanisms (e.g., private keys) are compromised. MCU-Token can be easily integrated with various IoT devices by simply adding a short hardware fingerprint-based token to the existing payload. To prevent the reuse of this token, we propose a message mapping approach that binds the token to a specific request via generating the hardware fingerprints based on the request payload. To defeat the machine learning attacks, we mix the valid fingerprints with poisoning data so that attackers cannot train a usable model with the leaked tokens. MCU-Token can defend against armored adversary who may replay, craft, and offload the requests via MitM or use both hardware (e.g., use identical devices) and software (e.g., machine learning attacks) strategies to mimic the fingerprints. The system evaluation shows that MCU-Token can achieve high accuracy (over 97%) with a low overhead across various IoT devices and application scenarios.

Figures (11)

• Figure 1: Machine learning attacks to PUF-based challenge-response authentication. ❶ Attackers eavesdrop on the communication to steal challenge-response pairs. ❷ Attackers learn the mapping between challenges and responses via machine learning and mimic the responses to pass the authentication.
• Figure 2: Machine learning attack on IoT-ID IoT-ID's ADC feature.
• Figure 3: The architecture of MCU-Token. A hardware fingerprint-based token (i.e., MCU-Token) is sent along with the request from devices. The token mixes multiple valid fingerprint values (green block) with poisoned results (red block), and the backend verifies the token by comparing the fingerprints with the predicted values.
• Figure 4: A running example of the Telsa car key. The blue fields are the extra payload added by MCU-Token and the red text is the poisoning data.
• Figure 5: Example of DAC-ADC fingerprints of four ESP32S2 devices. (a) shows the mapping between theory voltages of DAC and read voltages of ADC. (b) shows the density distributions of the read voltages whose theory voltage is 125.