From Attack to Identification: MEMS Sensor Fingerprinting Using Acoustic Signals

Abstract

A device pretending to be behaving normally can carry out malicious acts that result in the leakage of sensitive information, invasion of privacy, damage property, or even loss of life. The first step to detect these malicious acts is to identify whether a device is authorized or not. There are existing methods for identifying devices based on cryptographic schemes or physical unclonable function (PUF), but each of these methods has disadvantages in that key management costs are incurred or additional chips or circuits are required. In this article, we propose a device identification method that overcomes these shortcomings. Based on the fact that MEMS sensors are built-in to most devices due to their various applications and the property that MEMS sensors are sensitive to acoustic signals with resonant frequencies, the proposed method uses MEMS sensor readings to acoustic signals. Many attack methods have been studied using this property to disable the normal function of the sensor or eavesdrop on speech around a device. On the other hand, our method is the first to fingerprint MEMS sensors using raw sensor readings to acoustic signals from a security point of view rather than from this conventional attack point of view. Furthermore, our method is based on a challenge-response structure to be secure from replay attacks; here, a challenge is a random acoustic signal, and a response is the unique MEMS sensor reading to the challenge. In our evaluation, we use commercial MEMS sensors and a low-cost speaker that costs less than <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\$ $ </tex-math></inline-formula> 1. The results show that under various conditions that may affect MEMS sensor readings, the macro F1-scores when identifying authorized devices is 1.0, and the macro accuracy of detecting attacks using devices other than authorized ones is 0.994. As a result, our method can identify devices well at a low cost.