SoK: A Taxonomy for Hardware-Based Fingerprinting in the Internet of Things

Spinnler C, Labs T, Franchi N (2024)

Publication Status: Accepted

Publication Type: Conference contribution, Conference Contribution

Future Publication Type: Conference contribution

Publication year: 2024

Publisher: Association for Computing Machinery

Edited Volumes: Proceedings of the 19th International Conference on Availability, Reliability and Security

City/Town: New York, NY, USA

Book Volume: 96

Pages Range: 1-12

Conference Proceedings Title: ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security

Event location: Vienna

DOI: 10.1145/3664476.3670872

Open Access Link: https://dl.acm.org/doi/10.1145/3664476.3670872

Abstract

In IoT applications, embedded devices acquire and transmit data to control and optimize industrial processes. To trust this data, the data acquisition system, such as the sensors and the integrated signal processing components itself must be trusted. Approaches like hardware fingerprinting try to improve the overall security of such systems. In this paper, we review and systematize current research and trends in hardware fingerprinting. We provide insights to current research directions by reviewing multiple survey and review papers and derive a common definition for fingerprinting based on the reviewed literature. We identify three different fingerprinting techniques: hardware fingerprinting, behavior fingerprinting and radio frequency fingerprinting. By decomposing a generalized embedded system architecture, we provide four trust domains from which we can create a hardware fingerprint: main processing domain, on-device communication domain, peripheral domain and environmental domain. With the trust domains in place, a new fingerprinting taxonomy is developed, taking into account different data sources and evaluation techniques. We distinguish between intrinsic and extrinsic data sources and direct and indirect data evaluation. To understand the scope of fingerprinting techniques in terms of their trust domain and application scenarios, a new categorization model is created that ties the data sources to a physical asset of the device, making it possible to determine to what extend a device’s components can be trusted and in which applications it may be applicable.

Authors with CRIS profile

Christian Spinnler Lehrstuhl für Intelligente Technische Elektronik und Systeme Norman Franchi Lehrstuhl für Intelligente Technische Elektronik und Systeme

Involved external institutions

Siemens AG, Sector Corporate Technology DE Germany (DE)

How to cite

APA:

Spinnler, C., Labs, T., & Franchi, N. (2024). SoK: A Taxonomy for Hardware-Based Fingerprinting in the Internet of Things. In Association for Computing Machinery (Eds.), ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security (pp. 1-12). Vienna: New York, NY, USA: Association for Computing Machinery.

MLA:

Spinnler, Christian, Torsten Labs, and Norman Franchi. "SoK: A Taxonomy for Hardware-Based Fingerprinting in the Internet of Things." Proceedings of the ARES '24, Vienna Ed. Association for Computing Machinery, New York, NY, USA: Association for Computing Machinery, 2024. 1-12.

BibTeX: Download