A PSD-based fingerprinting approach to detect IoT device spoofing

Galtier, Florent; Cayre, Romain; Auriol, Guillaume; Kaâniche, Mohamed; Nicomette, Vincent

doi:10.1109/prdc50213.2020.00015

Cited by 7 publications

(2 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Concerning PSD, in which we are interested in this work, to the best of our knowledge, Galtier et al presented in [ 16 ] the first works on the use of PSD in security with the fingerprinting approach. However, with the attacker model and deployment environment considered, the authors did not take into account the possibility that the communication devices had very similar characteristics, nor that the environment could change a lot.…”

Section: Related Workmentioning

confidence: 99%

Intrusion Detection System for IoT: Analysis of PSD Robustness

Sanogo

Alata

Takacs

et al. 2023

Sensors

View full text Add to dashboard Cite

The security of internet of things (IoT) devices remains a major concern. These devices are very vulnerable because of some of their particularities (limited in both their memory and computing power, and available energy) that make it impossible to implement traditional security mechanisms. Consequently, researchers are looking for new security mechanisms adapted to these devices and the networks of which they are part. One of the most promising new approaches is fingerprinting, which aims to identify a given device by associating it with a unique signature built from its unique intrinsic characteristics, i.e., inherent imperfections, introduced by the manufacturing processes of its hardware. However, according to state-of-the-art studies, the main challenge that fingerprinting faces is the nonrelevance of the fingerprinting features extracted from hardware imperfections. Since these hardware imperfections can reflect on the RF signal for a wireless communicating device, in this study, we aim to investigate whether or not the power spectral density (PSD) of a device’s RF signal could be a relevant feature for its fingerprinting, knowing that a relevant fingerprinting feature should remain stable regardless of the environmental conditions, over time and under influence of any other parameters. Through experiments, we were able to identify limits and possibilities of power spectral density (PSD) as a fingerprinting feature.

show abstract

Section: Related Workmentioning

confidence: 99%

Intrusion Detection System for IoT: Analysis of PSD Robustness

Sanogo

Alata

Takacs

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…For instance, the IDS proposed in [18] is able to identify deviations from legitimate behaviour by monitoring the radio activity of the wireless environment. F. Galtier et al also propose, in [13], an IDS able to fingerprint legitimate devices (based on physical characteristics of the radio signals) and to detect inappropriate fingerprints related to the attacker frames. Monitoring solutions designed to detect BLE spoofing attacks, such as [24] or [25], may also detect behavioural anomalies in the communication between the devices, for example variations in the timing between packet emissions or change of BLE profile, and hence detect the injection attempts.…”

Section: Counter-measuresmentioning

confidence: 99%

InjectaBLE: Injecting malicious traffic into established Bluetooth Low Energy connections

Cayre

Galtier

Auriol

et al. 2021

2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

Self Cite

View full text Add to dashboard Cite

Bluetooth Low Energy (BLE) is nowadays one of the most popular wireless communication protocols for Internet of Things (IoT) devices. As a result, several attacks have targeted this protocol or its implementations in recent years, illustrating the growing interest for this technology. However, some major challenges remain from an offensive perspective, such as injecting arbitrary frames, hijacking the Slave role or performing a Manin-The-Middle in an already established connection. In this paper, we describe a novel attack called InjectaBLE, allowing to inject malicious traffic into an existing connection. This attack is highly critical as the vulnerability exploited is inherent to the BLE specification itself, which means that any BLE connection can be possibly vulnerable, regardless of the BLE devices involved in the connection. We describe the theoretical foundations of the attack, how to implement it in practice, and we explore four critical attack scenarios allowing to maliciously trigger a specific feature of the target device, hijack the Slave and Master role or to perform a Man-in-the-Middle attack. Finally, we discuss the impact of this attack and outline some mitigation measures.

show abstract