From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices
Yue Xiao
Network and Distributed System Security (NDSS) Symposium 2024 · Day 3 · IoT & Firmware
The rapid proliferation of consumer IoT devices has underscored an urgent need for robust device authentication and access control mechanisms. Unfortunately, many resource-constrained IoT devices still rely on inherently vulnerable token-based authentication, which is susceptible to token compromise attacks, allowing adversaries to impersonate devices and execute malicious operations. While hardware fingerprints offer a promising direction to enhance security, they introduce new challenges: sophisticated attackers can still bypass hardware authentication by training machine learning models to mimic valid fingerprints or by reusing leaked fingerprint data through Man-in-the-Middle (MitM) attacks.