Device Fingerprinting Research Articles

Fingerprinting IIoT Devices Through Machine Learning Techniques

From a security perspective, identifying Industrial Internet of Things (IIoT) devices connected to a network has multiple applications such as penetration testing, vulnerability assessment, etc. In this work, we propose a feature-based methodology to perform device-type fingerprinting. A device fingerprint consists of the TCP/IP header features and port-based features extracted from the network traffic of the device. These features are collected by a hybrid mechanism which has a negligible impact on device functionality and can avoid the problem of the long TCP connection. Once the fingerprint of a device is generated, it will be fed to the classifiers based on Gradient Boosting to predict its type details. Based on our proposed method, we implement a prototype application called IIoT Device Type Fingerprinting (IDTF) which capable of automatically identifying the types of devices being connected to an IIoT network. We collect a dataset consisting of 19,174 fingerprints from real-world Internet-facing IIoT devices indexed by Shodan to train and evaluate the classifiers using ten-fold cross-validation. And we conduct comparative experiments in an IIoT testbed to compare the effectiveness of IDTF with two famous fingerprinting tools. The experimental result shows that the ability of our approach is confirmed by a high mean F-Measure of 95.76%. It also demonstrates that IDTF achieves the highest identification rate in the testbed and is non-intrusive for IIoT devices. Compared with existing works, our approach is more generic as it does not rely on a specific protocol or deep packet inspection and can distinguish almost all IIoT device-types.

Generative adversarial network-based rogue device identification using differential constellation trace figure

With the dramatic development of the internet of things (IoT), security issues such as identity authentication have received serious attention. The radio frequency (RF) fingerprint of IoT device is an inherent feature, which can hardly be imitated. In this paper, we propose a rogue device identification technique via RF fingerprinting using deep learning-based generative adversarial network (GAN). Being different from traditional classification problems in RF fingerprint identifications, this work focuses on unknown accessing device recognition without prior information. A differential constellation trace figure generation process is initially employed to transform RF fingerprint features from time-domain waveforms to two-dimensional figures. Then, by using GAN, which is a kind of unsupervised learning algorithm, we can discriminate rogue devices without any prior information. An experimental verification system is built with 54 ZigBee devices regarded as recognized devices and accessing devices. A universal software radio peripheral receiver is used to capture the signal and identify the accessing devices. Experimental results show that the proposed rogue device identification method can achieve 95% identification accuracy in a real environment.

Research on the technology of preventing illegal terminal access

As an important part of energy Internet construction, power consumption information acquisition system, as the “total entrance of power information data acquisition and the total exit of control instruction execution”, plays an increasingly important role in the safe and stable operation of the system. At present, the on-site access equipment is diversified, but there is a lack of unified active security defense early warning module, and there is no perfect security monitoring system. There are security risks such as illegal replacement of on-site terminals and private upgrade of terminals. In order to further improve the security and stability of smart grid operation, this paper makes an in-depth study on the existing security problems of the acquisition terminal and the online security monitoring of the acquisition terminal, and adopts the device fingerprint technology and password technology to meet the needs of the security protection of the acquisition terminal.

Microcontroller Fingerprinting Using Partially Erased NOR Flash Memory Cells

Electronic device fingerprints, unique bit vectors extracted from device's physical properties, are used to differentiate between instances of functionally identical devices. This article introduces a new technique that extracts fingerprints from unique properties of partially erased NOR flash memory cells in modern microcontrollers. NOR flash memories integrated in modern systems-on-a-chip typically hold firmware and read-only data, but they are increasingly in-system-programmable, allowing designers to erase and program them during normal operation. The proposed technique leverages partial erase operations of flash memory segments that bring them into the state that exposes physical properties of the flash memory cells through a digital interface. These properties reflect semiconductor process variations and defects that are unique to each microcontroller or a flash memory segment within a microcontroller. The article explores threshold voltage variation in NOR flash memory cells for generating fingerprints and describes an algorithm for extracting fingerprints. The experimental evaluation utilizing a family of commercial microcontrollers demonstrates that the proposed technique is cost-effective, robust, and resilient to changes in voltage and temperature as well as to aging effects.

DEVELOPMENT OF A FINGERPRINT-BASED ATTENDANCE NOTIFICATION SYSTEM USING SIMPLE MAIL TRANSFER PROTOCOL

The concept of attendance monitoring has since evolved to become an integral part of every functional society. Today, in most educational institutions, students’ attendance is being taken manually by lecturers on paper-based attendance registers. However, this method is time-consuming, inaccurate and may not be available for analysis when needed because the collected data has not been stored in any database. Hence, in this paper, a fingerprintbased, wireless students’ attendance system using C# and MYSQL is developed to address the problem of truancy, human error in taking attendance and impersonation. Also, a fingerprint device with the Graphical User Interface (GUI) is modelled using C#, which was used for both enrolment and verification while MYSQL was used to model the database. The Simple Mail Transfer Protocol (SMTP) is then used to send the PDF version of the attendance records to relevant stakeholders to ascertain the students’ levels of attendance. The developed system is simple, secure and cost-effective to implement. The developed system worked efficiently when experimented.

A New Perspective Towards the Understanding of the Frequency-Dependent Behavior of Memristive Devices

As theoretically predicted by Prof. Chua, the input signal frequency has a major impact on the electrical behavior of memristors. According with one of the so-called fingerprints of such devices, the resistive window, i.e. the difference between the low and high resistance states, shrinks as the frequency increases. Physically, this effect stems from the incapability of ions/vacancies to follow the external electrical stimulus. In terms of the electrical behavior, the collapse of the resistive window can be ascribed to the shift of the set and reset voltages toward higher values. In addition, for a fixed frequency, the resistive window increases with the signal amplitude. In this letter, we show that both phenomena, decrease and increase of the resistive window, can be consistently explained after considering the snapback effect and a balance model equation for the memory state of the device.

The Use of Whatsapp Gateway for Automatic Notification System

Whatsapp is a messaging application from facebook which many people use it. For using whatsapp, someone must have a mobile number. The mobile number will be account in whatsapp application. In addition for chat, whatsapp can be a tool for notification system. The notification system can broadcast the messages that called as Whatsapp Gateway. Whatsapp gateway can be implemented for the school notification system where the parents of students can recieve notification from school. The Whatsapp gateway developed consists of fingerprint device, sender engine, management information system, and whatsapp gateway application. When someone checked their finger through fingerprint device, the fingerprint device will captured date and time then save it. The sender engine will checked data from fingerprint as periodically and send data to whatsapp gateway application through Application Programming Interface (API). To prevent blocking from whatsapp, whatsapp gateway will checked handphone number or whatsapp account from inbox message. If the handphone number or whatsapp account was found in inbox message, whatsapp gateway application will send message as notification.

Implementing Student Attendance System Using Fingerprint Biometrics for Kolej Universiti Poly-Tech Mara

Recording students’ attendance has been a major concern at Kolej Universiti Poly-Tech Mara. However, monitoring the attendance manually is a cumbersome issue to lecturers as students tend to manipulate the attendance by signing each other’s attendance. It has been found that fingerprint biometrics is capable to monitor the attendance systematically and efficiently. The aim of this study is to verify the students’ attendance using fingerprint biometrics. Evolutionary prototyping model were used to develop the students’ attendance system. Students are required to thumbprint using the fingerprint device installed in the classroom to record the students’ attendance. Their fingerprint images were captured by the fingerprint device and the images were then registered to the server for attendance process. The implementation of fingerprint biometric has helped lecturers to monitor the attendance of the students more systematic, efficient and ethically. By using the system embedded with biometrics, reporting on absenteeism is genuine and easy. Lecturers just need to print out and do necessary action. Therefore, fingerprint biometrics is useful and helpful in keeping track and managing the attendance of the students.

Speaker-independent source cell-phone identification for re-compressed and noisy audio recordings

With the rapid increase in user-generated multimedia content, extensive outreach over social media, and their potential in critical applications such as law enforcement, sourcey identification from re-compressed and noisy multimedia are of great importance. This paper proposes a system for speaker-independent cell-phone identification from recorded audio. This system is capable of dealing with test audio with different speech content and a different speaker compared to the training audio. Each recorded audio has the device fingerprint implicitly embedded in it, which encourages us to design a CNN-based system for learning the device-specific signatures directly from the magnitude of discrete Fourier transform of the audio. This paper also addresses the scenario where the recorded audio is re-compressed due to efficient storage and network transmission requirements, which is a common phenomenon in this age of social media. The scenario of the cell-phone classification from the audio recordings in the presence of additive white Gaussian noise is addressed as well. We show that our proposed system performs as well as the state-of-art systems for the speaker-dependent case with clean audio recordings and exhibits much higher robustness in the speaker-independent case with clean, re-compressed, and noisy audio recordings.

Web user identification based on browser fingerprints using machine learning methods

Abstract The article developed a method for identifying users on the network based on browser fingerprints using machine learning methods. The resulting method is a modification of the user identification method based on a digital footprint, which can be more efficient due to two components. First, the selection of attributes for a digital footprint is made from a limited set of attributes to form a user browser fingerprint. Secondly, the identification accuracy can be increased through the combined use of classification methods and the probabilistic-statistical approach. To check the successful operation of the method, a computational experiment is carried out on real data, which consists in solving the problem of classifying a user based on his browser fingerprint using the K nearest neighbors method.

Cross-device User Tracking via Hybrid Model

With the integration of various smart devices (smartphones, laptops, desktops, etc.) into people’s lives, some traditional user tracking methods such as cookies, browser fingerprints, etc. have become ineffective. There is an urgent need for a new tracking paradigm that can track users across browsers and devices.In particular, we propose a new architecture for cross-device user tracking. We exploit the physical and behavioral characteristics of devices to discover more about users’ habits, build corresponding user-device pairs based on the fusion results to integrate the sub-models generated based on different feature lists. In addition, we implement a proof-of-concept prototype of the proposed method and evaluate it using real-world use cases. The information has been hashed to meet the user privacy requirements. Our evaluation results show that the scheme is feasible.

Abnormal network access detection of power Internet of Things terminal layer equipment based on equipment portrait

In the environment of the power Internet of Things, equipment network security is mainly analyzed through the physical signal characteristics of the equipment or a single flow characteristic, so as to realize the equipment network abnormality detection. Therefore, a method for detecting network abnormalities of power Internet of Things terminal equipment based on device fingerprints is proposed. Aiming at the problem of incomplete detection methods, a multi-dimensional matching device fingerprint model is established. Firstly, the basic information of the device is collected, such as IP, MAC, etc.; then the network traffic information of the device is analyzed to extract the characteristics of network traffic; then, the frequency of keyword and keyword group of service protocol is counted. The device fingerprint model is established by using the traffic and service characteristics. When the network anomaly occurs, the device fingerprint model can be found effectively. The experimental results show that the device fingerprint model can detect the abnormal behavior of the device.

Image Source Identification Using Convolutional Neural Networks in IoT Environment

Digital image forensics is a key branch of digital forensics that based on forensic analysis of image authenticity and image content. The advances in new techniques, such as smart devices, Internet of Things (IoT), artificial images, and social networks, make forensic image analysis play an increasing role in a wide range of criminal case investigation. This work focuses on image source identification by analysing both the fingerprints of digital devices and images in IoT environment. A new convolutional neural network (CNN) method is proposed to identify the source devices that token an image in social IoT environment. The experimental results show that the proposed method can effectively identify the source devices with high accuracy.

LoRa Device Fingerprinting in the Wild: Disclosing RF Data-Driven Fingerprint Sensitivity to Deployment Variability

Deep learning-based fingerprinting techniques have recently emerged as potential enablers of various wireless applications. However, their resiliency to time, location, and/or configuration changes in the operating environment undoubtedly remains one major challenge that lies ahead in their deployment pathway. In this paper, we present an experimental framework that aims to disclose, understand and overcome the sensitivity of LoRa device fingerprinting to variations in deployment settings. We first began by presenting our RF fingerprinting datasets, collected from 25 different LoRa devices. The datasets cover a comprehensive set of experimental scenarios, considering both indoor and outdoor environments with varying network deployment settings, such as varying the distance between the transmitters and the receiver, the configuration of the LoRa protocol, the physical location of the conducted experiment, and the receiver hardware used for capturing the fingerprints. We then proposed a new technique that leverages out-of-band spectrum distortions, that are caused by device-specific hardware impairments, to provide unique device signatures that we exploit to improve fingerprinting accuracy. Finally, we conducted an experimental study that discloses the sensitivity of deep learning-based RF fingerprinting to changes in various deployment settings while considering three data representations of the learning model input: time-domain IQ, frequency-domain FFT, and Amplitude/Phase polar-coordinate. We found that the learning models perform relatively well when trained and tested under the same deployment settings, with FFT representation yielding the best performance followed by IQ representation. However, when trained and tested under different settings, the models (i) fail to maintain their high accuracy when the channel conditions change, and (ii) completely lose their ability to classify devices when the LoRa configuration and/or the USRP receiver hardware change. In addition, we interestingly observed that FFT representation performs exceptionally poorly when training and testing are done under different deployment settings, regardless of the type of the setting change.

Learning from learning: detecting account takeovers by identifying forgetful users

Credential-stuffing attacks are increasing in frequency, allowing threat actors to use data breaches from one source to perpetrate another. While multi-factor authentication remains a crucial preventative measure to protect against credential stuffing, the availability of credential data sets with contact information and the correlation with demographic data can allow threat actors to overcome it through interactive social engineering. Concurrently, alternative defence mechanisms such as network source profiling and device fingerprinting lose effectiveness as privacy-protecting technologies reduce the observable variability between legitimate and fraudulent user sessions. Sean A McElroy of Lumin Digital presents original research which suggests that by measuring a user's increasing familiarity with a web application over time, outliers in use may indicate account takeover fraud. Credential-stuffing attacks are increasing in frequency, allowing threat actors to use data breaches from one source to perpetrate another. While multi-factor authentication remains a crucial preventative measure to protect against credential stuffing, the availability of credential data sets with contact information and the correlation with demographic data can allow threat actors to overcome it through interactive social engineering. Concurrently, alternative defence mechanisms such as network source profiling and device fingerprinting lose effectiveness as privacy-protecting technologies reduce the observable variability between legitimate and fraudulent user sessions.

On Addressing the Impact of ISO Speed Upon PRNU and Forgery Detection

Photo Response Non-Uniformity (PRNU) has been used as a powerful device fingerprint for image forgery detection because image forgeries can be revealed by finding the absence of the PRNU in the manipulated areas. The correlation between an image's noise residual with the device's reference PRNU is often compared with a decision threshold to check the existence of the PRNU. A PRNU correlation predictor is usually used to determine this decision threshold assuming the correlation is content-dependent. However, we found that not only the correlation is content-dependent, but it also depends on the camera sensitivity setting. Camera sensitivity, commonly known by the name of ISO speed, is an important attribute in digital photography. In this work, we will show the PRNU correlation's dependency on ISO speed. Due to such dependency, we postulate that a correlation predictor is ISO speed-specific, i.e. reliable correlation predictions can only be made when a correlation predictor is trained with images of similar ISO speeds to the image in question. We report the experiments we conducted to validate the postulate. It is realized that in the real-world, information about the ISO speed may not be available in the metadata to facilitate the implementation of our postulate in the correlation prediction process. We hence propose a method called Content-based Inference of ISO Speeds (CINFISOS) to infer the ISO speed from the image content.

Factory Calibration Fingerprinting of Sensors

Device fingerprinting aims to generate a distinctive signature, or fingerprint, that uniquely identifies individual computing devices. Fingerprints may be a privacy concern since apps and websites can use them to track user activity online. To protect user privacy, both Android and iOS have included a variety of measures to prevent such tracking. In this paper we present a new type of fingerprinting, factory calibration fingerprinting, that bypasses existing tracking protection. Our attack recovers embedded per-device factory calibration data from the accelerometer, gyroscope, and magnetometer sensors that are pervasive in modern smartphones by careful analysis of the sensor output alone. We discuss the factory calibration behaviour of each sensor and show that the calibration fingerprint is fast to generate, does not change over time or after a factory reset, and can be used to track users across apps and websites without any special permission from the user. We find the calibration fingerprint is very likely to be globally unique for iOS devices, with an estimated 67 bits of entropy for the iPhone 6S. In addition, we have analysed 146 Android device models from 11 vendors and found the attack also works on recent Google Pixel devices. For Pixel 4/4 XL, we estimate the calibration fingerprint provides about 57 bits of entropy. Following our disclosures, Apple deployed a mitigation in iOS 12.2 and Google in Android 11. We analyse Apple's fix and show that the mitigation is imperfect although it is likely to be sufficient in most threat models.

PowerPrint: Identifying Smartphones through Power Consumption of the Battery

Device fingerprinting technologies are widely employed in smartphones. However, the features used in existing schemes may bring the privacy disclosure problems because of their fixed and invariable nature (such as IMEI and OS version), or the draconian of their experimental conditions may lead to a large reduction in practicality. Finding a new, secure, and effective smartphone fingerprint is, however, a surprisingly challenging task due to the restrictions on technology and mobile phone manufacturers. To tackle this challenge, we propose a battery-based fingerprinting method, named PowerPrint, which captures the feature of power consumption rather than invariable information of the battery. Furthermore, power consumption information can be easily obtained without strict conditions. We design an unsupervised learning-based algorithm to fingerprint the battery, which is stimulated with different power consumption of tasks to improve the performance. We use 15 smartphones to evaluate the performance of PowerPrint in both laboratory and public conditions. The experimental results indicate that battery fingerprint can be efficiently used to identify smartphones with low overhead. At the same time, it will not bring privacy problems, since the power consumption information is changing in real time.

Android Browser Fingerprinting Identification Method Based on Bidirectional Recurrent Neural Network

Android Browser Fingerprinting Identification Method Based on Bidirectional Recurrent Neural Network

NoiSense Print

Fingerprinting of various physical and logical devices has been proposed for uniquely identifying users or devices of mainstream IT systems such as PCs, laptops, and smart phones. However, the application of such techniques in Industrial Control Systems (ICS) is less explored for reasons such as a lack of direct access to such systems and the cost of faithfully reproducing realistic threat scenarios. This work addresses the feasibility of using fingerprinting techniques in the context of realistic ICS related to water treatment and distribution systems. A model-free sensor fingerprinting scheme ( NoiSense ) and a model-based sensor fingerprinting scheme ( NoisePrint ) are proposed. Using extensive experimentation with sensors, it is shown that noise patterns due to microscopic imperfections in hardware manufacturing can uniquely identify sensors with accuracy as high as 97%. The proposed technique can be used to detect physical attacks, such as the replacement of legitimate sensors by faulty or manipulated sensors. For NoisePrint , a combined fingerprint for sensor and process noise is created. The difference (called residual), between expected and observed values, i.e., noise, is used to derive a model of the system. It was found that in steady state the residual vector is a function of process and sensor noise. Data from experiments reveals that a multitude of sensors can be uniquely identified with a minimum accuracy of 90% based on NoisePrint . Also proposed is a novel challenge-response protocol that exposes more powerful cyber-attacks, including replay attacks.