The challenge of authenticating Internet of Things (IoT) devices, particularly in low-cost deployments with constrained nodes that struggle with dynamic re-keying solutions, renders these devices susceptible to various attacks. This paper introduces a robust alternative mitigation strategy based on Physical-Layer Authentication (PLA), which leverages the intrinsic physical layer characteristics of IoT devices. These unique imperfections, stemming from the manufacturing process of IoT electronic integrated circuits (ICs), are difficult to replicate or falsify and vary with each function executed by the IoT device. We propose a novel lightweight authentication scheme, MAG-PUFs, that uses the unintentional Electromagnetic (EM) emissions from IoT devices as Physical Unclonable Functions (PUFs). MAG-PUFs operate by collecting these unintentional EM emissions during the execution of pre-defined reference functions by the IoT devices. The authentication is achieved by matching these emissions with profiles recorded at the time of enrollment, using state-of-the-art Deep Learning (DL) approaches such as Neural Networks (NN) and Autoencoders. Notably, MAG-PUFs offer compelling advantages: (i) it preserves privacy, as it does not require direct access to the IoT devices; and, (ii) it provides unique flexibility, permitting the selection of numerous and varied reference functions. We rigorously evaluated MAG-PUFs using 25 Arduino devices and a diverse set of 325 reference function classes. Employing a DL framework, we achieved a minimum authentication F1-Score of 0.99. Furthermore, the scheme’s efficacy in detecting impostor EM emissions was also affirmed, achieving a minimum F1-Score of 0.99. We also compared our solution to other solutions in the literature, showing its remarkable performance. Finally, we discussed code obfuscation techniques and the impact of Radio Frequency (RF) interference on the IoT authentication process.
Read full abstract