Today, we introduce a work published at NDSS Symposium 2024 by the team of Professor Qian Wang from the National Cyber Security School of Wuhan University and the team of Professors Ke Xu and Qi Li from the Institute of Network Science and Cyber Space of Tsinghua University. The co-first authors are Master Yue Xiao from Wuhan University and PhD student Yi He from Tsinghua University, with additional authors including Professor Xiaoli Zhang from Zhejiang University of Technology, Professor Kun Sun from George Mason University, and PhD student Renjie Xie from Tsinghua University. This work primarily proposes a hardware fingerprint-based authentication framework for embedded devices, achieving strong identity authentication for devices.
Yue Xiao, Yi He, Xiaoli Zhang, Qian Wang, Renjie Xie, Kun Sun, Ke Xu, Qi Li. From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices. NDSS 2024.
01
Background
Embedded devices are gradually entering people’s lives, appearing in various aspects such as smart car keys, hardware wallets, and smart home devices. To prevent user identity theft and protect user property, it is necessary to authenticate devices during communication between user devices and other devices or the cloud.
Traditional token-based authentication faces severe risks of token forgery, for example, an attacker can clone devices by copying firmware to steal keys embedded in it. To resist such attacks, we need an authentication factor that cannot be replicated, and hardware fingerprint is one of them. Hardware fingerprint binds hardware to identity information, and the non-replicability of hardware provides protection for user identity.
02
Existing Work
Current hardware fingerprint-based authentication can be divided into two forms:
-
Using hardware fingerprints as a new authentication factor. This method generates a static fingerprint using hardware features, attaching the fingerprint information as part of the authentication information, for instance, appending fingerprint information to the original token.
-
Challenge-Response mechanism-based authentication. In this method, the server issues a challenge to the hardware, which responds, and the server authenticates based on the response. This authentication can be based solely on hardware (like PUF) or completed with human interaction (like T2Pair).
03
Threat Model
We assume that the attacker has obtained the key and can eavesdrop on the entire communication channel, aiming to impersonate a legitimate user. The attacker can launch two types of attacks: Reuse Attack and Mimic Attack. Reuse attacks include tampering with and replaying user requests, while mimic attacks involve using hardware for imitation or utilizing software methods for imitation.
The attacker uses a machine learning model to learn the challenge-response, impersonating a legitimate user.
04
MCU-Token Design
MCU-Token generates a special token based on hardware for each user request, binding operations to hardware fingerprints, thus providing reliable authentication. The flowchart of MCU-Token is as follows:
There are several important designs:
Hardware Utilization
We designed hardware tasks for each hardware module, using parameters as input and fingerprints as output. Thus, a hardware module can be represented as multiple (arguments, fingerprint) pairs. Due to the characteristics of hardware, fingerprints differ across devices under the same parameters. Therefore, this method can be used for device authentication while resisting attackers using hardware for imitation.
Instruction and Token Binding
We designed a message mapping module that uses a hash algorithm to map user instructions to hardware tasks. In the message mapping module, we salt the original instructions, so even the same instruction operation will yield different hardware tasks, thus obtaining different hardware fingerprints (i.e., tokens). In this way, we achieve the binding of instructions and tokens while rendering tampering of instructions by attackers ineffective.
Data Poisoning
To prevent attackers from learning the mapping relationship between arguments and fingerprints in the hardware module, we designed a data poisoning module. During authentication, we generate multiple hardware tasks to obtain multiple hardware fingerprints, and the data poisoning module randomly modifies some fingerprint values, contaminating the attacker’s training data and interfering with their learning process.
Background Authentication
In the initialization phase, the background collects (arguments, fingerprint) pairs in a secure environment to train the model. During the authentication phase, the background uses the message mapping algorithm to obtain hardware tasks, uses the trained Predictor to obtain predicted fingerprints, and uses the Verifier to compare predicted fingerprints with actual fingerprints. By using multiple fingerprints for authentication, the background records the number of fingerprints that pass authentication and compares it with a threshold to provide the final result.
05
Experimental Verification
We implemented MCU-Token on a total of 60 different devices across 3 types, and we selected 5 different hardware modules, designing 6 different hardware tasks.
Authentication Effect: When using MCU-Token for device authentication with multiple features, TPR is about 97% (FPR is about 3%).
Defense Effect: In resisting different attacks, we recorded the attack success rates for various attack methods. For tampering attacks, where the attacker tampers with user instructions while keeping the token unchanged, the success rate is below 0.1%; for hardware mimic attacks, where the attacker uses other hardware to attempt to impersonate a legitimate user, the attack success rate is below 10%; for software mimic attacks, where the attacker uses software methods to impersonate a legitimate user, the attack success rate is below 2%.
06
Conclusion
This paper designs a hardware fingerprint-based authentication framework for embedded devices, considering attackers who can obtain keys and control communication channels. Under resource constraints, it provides reliable authentication through the binding of commands and hardware fingerprints while defending against attackers’ reuse of tokens and imitation of devices using hardware or software methods.
Leave a Comment
Your email address will not be published. Required fields are marked *