RIHANN: Remote IoT Hardware Authentication With Intrinsic Identifiers

Abstract

The heterogeneous array of edge devices in an Internet of Things (IoT) infrastructure is increasingly vulnerable to physical in-field tampering attacks. These devices can significantly benefit from a difficult-to-clone and tamper-immune intrinsic identifier that can verify the authenticity or integrity of the physical components. In this article, we develop an intrinsic device identifier, RIHANN , that captures the state of the electronic hardware in an IoT device. This state can adequately reflect any physical tampering of the hardware components by transforming the intrinsic delay variations in the electronic components of an edge device into unique and robust signatures. Our proposed authentication approach utilizes the boundary scan architecture (BSA) in printed circuit boards (PCBs). BSA is a prevalent design for test (DFT) structure used in most PCBs in IoT edge devices. This technique supports an extensive array of heterogeneous devices and can seamlessly operate during the device’s runtime. We measure the boundary scan path delays using the parallel scan delay-measurement (PSDM) technique for commercially available ICs. We perform practical experiments on 20 devices, generate signatures, and evaluate their uniqueness, robustness, randomness, and resistance to aging. We also introduce a security protocol for the cloud server, owner/verifier, or other IoT devices connected to a network to verify their identity remotely. The policy prevents attacks from extracting the device’s secret keys using an efficient moving target defense mechanism that periodically updates and evolves the challenge–response database.

Publication
IEEE Internet of Things Journal