MAG-PUFs: Authenticating IoT devices via electromagnetic physical unclonable functions and deep learning

Omar Adel Ibrahim*, Savio Sciancalepore, Roberto Di Pietro

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

The challenge of authenticating Internet of Things (IoT) devices, particularly in low-cost deployments with constrained nodes that struggle with dynamic re-keying solutions, renders these devices susceptible to various attacks. This paper introduces a robust alternative mitigation strategy based on Physical-Layer Authentication (PLA), which leverages the intrinsic physical layer characteristics of IoT devices. These unique imperfections, stemming from the manufacturing process of IoT electronic integrated circuits (ICs), are difficult to replicate or falsify and vary with each function executed by the IoT device. We propose a novel lightweight authentication scheme, MAG-PUFs, that uses the unintentional Electromagnetic (EM) emissions from IoT devices as Physical Unclonable Functions (PUFs). MAG-PUFs operate by collecting these unintentional EM emissions during the execution of pre-defined reference functions by the IoT devices. The authentication is achieved by matching these emissions with profiles recorded at the time of enrollment, using state-of-the-art Deep Learning (DL) approaches such as Neural Networks (NN) and Autoencoders. Notably, MAG-PUFs offer compelling advantages: (i) it preserves privacy, as it does not require direct access to the IoT devices; and, (ii) it provides unique flexibility, permitting the selection of numerous and varied reference functions. We rigorously evaluated MAG-PUFs using 25 Arduino devices and a diverse set of 325 reference function classes. Employing a DL framework, we achieved a minimum authentication F1-Score of 0.99. Furthermore, the scheme's efficacy in detecting impostor EM emissions was also affirmed, achieving a minimum F1-Score of 0.99. We also compared our solution to other solutions in the literature, showing its remarkable performance. Finally, we discussed code obfuscation techniques and the impact of Radio Frequency (RF) interference on the IoT authentication process.

Original languageEnglish (US)
Article number103905
JournalComputers and Security
Volume143
DOIs
StatePublished - Aug 2024

Keywords

  • Covert channels
  • Embedded systems security
  • Physical-layer authentication
  • Unintentional electromagnetic emissions

ASJC Scopus subject areas

  • General Computer Science
  • Law

Fingerprint

Dive into the research topics of 'MAG-PUFs: Authenticating IoT devices via electromagnetic physical unclonable functions and deep learning'. Together they form a unique fingerprint.

Cite this