Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things Devices

Abstract

In recent years, we have seen rapid growth in the use and adoption of Internet of Things (IoT) devices. However, some IoT devices are sensitive in nature, and simply knowing what devices a user owns can have secu- rity and privacy implications. Researchers have, there- fore, looked at fingerprinting IoT devices and their ac- tivities from encrypted network traffic. In this paper, we analyze the feasibility of fingerprinting IoT devices and evaluate the robustness of such fingerprinting approach across multiple independent datasets — collected under different settings. We show that not only is it possible to effectively fingerprint 188 IoT devices (with over 97% accuracy), but also to do so even with multiple instances of the same make-and-model device. We also analyze the extent to which temporal, spatial and data-collection- methodology differences impact fingerprinting accuracy. Our analysis sheds light on features that are more ro- bust against varying conditions. Lastly, we comprehen- sively analyze the performance of our approach under an open-world setting and propose ways in which an ad- versary can enhance their odds of inferring additional information about unseen devices (e.g., similar devices manufactured by the same company).

Dilawer Ahmed

Phd Student

My research interests include distributed robotics, mobile computing and programmable matter.