Hardware-rooted Device Authentication for Smart Devices

Abstract

Smart devices play an increasingly important role in our daily life. Unintentional faults and malicious attacks could bring great danger to human lives and the environment, especially in safety-critical applications like medical devices, automobiles, building controls and the smart grid. However, due to the fact that industry is driven by functional requirements and fast-moving markets, a large number of sensors and devices are distributed in public areas unprotected and do not have the resources to support complex cryptographic mechanisms, which makes the authentication of smart devices a big challenge. In this dissertation, we seek to address this issue through exploiting the physical characteristics of their embedded sensors. In particular, we propose and investigate hardware-rooted device authentication systems which utilize the hardware fingerprint of various on-board sensors as the unique identity of smart Devices. We first study the security issues underlying the hardware-rooted device authentication. In the literature, an enormous amount of research has been carried out in an attempt to identify devices through modeling the manufacturing imperfections of their built-in transducers. However, the vast majority of the work in this area has focused on device tracking and identification. For adversarial settings like forensics and authentication, it remains unclear whether these methods will provide reliable identification results when the outputs of transducers are tampered by adversaries intentionally. In our work, we describe the architecture of hardware-rooted device authentication modalities and propose two kinds of challenge-response schemes for the authentication of different transducers. We outline two specific attacks that need to be taken into account while designing such system and describe several desirable properties that a fingerprinting method should have in order to be applicable for the authentication scenario.We then carry out in-depth study on a specific hardware fingerprint named Photo Response Non-Uniformity (PRNU). PRNU is a reliable hardware fingerprint of digital cameras for image-to-camera matching in digital forensics. Unlike most hardware fingerprints that are composed of a few features drawn from the time domain and frequency domain of sensor outputs, this camera fingerprint is a large matrix consisting of millions of variables, which makes the fingerprint of each individual camera remarkably unique. This salient feature makes the PRNU a good candidate for the physical layer proof of a device. In this thesis, we conduct extensive experiments to understand the characteristics of a smartphone camera's PRNU and formulate the problem of the fingerprint forgery attack and the replay attack in camera-based authentication. We present new primitives for the PRNU forgery detection and propose two novel and practical camera-based smartphone authentication systems.Finally, in order to further improve the security of camera-based authentication systems, we propose a privacy-preserving architecture for on-line image sharing. We first study the problem of camera fingerprint leakage in current image sharing practices. Our experimental results show that the PRNU fingerprint is robust enough to survive most image processing operations, including filtering, watermarking, beautifying, and compressing. Most images posted on the Internet expose the camera fingerprints of their photographing device directly to the public. These fingerprints enable the adversary not only to launch fingerprint forgery attacks against camera-based smartphone authentication systems, but also to launch identity linking attacks, which re-identify anonymous social network accounts through exploiting the digital cameras’ fingerprints that are carried by the posted images. In order to counter the above attacks, we propose an intermediary between smartphone users and image sharing platforms that conceals the camera fingerprint of the photographing device. The proposed system is enabled to prevent malicious utilizations of camera fingerprint while preserving the beneficial applications.