Requirements framework for IoT device authentication using behavioral fingerprinting

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-03-31 DOI:10.1016/j.cose.2025.104459

Ole Höfener , Qinghua Wang

{"title":"Requirements framework for IoT device authentication using behavioral fingerprinting","authors":"Ole Höfener , Qinghua Wang","doi":"10.1016/j.cose.2025.104459","DOIUrl":null,"url":null,"abstract":"<div><div>The Internet of Things (IoT) has more and more been integrated into our work and life. However, besides the benefits brought by the recent advancements, there is an increasing challenge for securing IoT devices and networks. A common security mechanism is authentication. However, IoT devices are often resource-constrained which make the use of state-of-the-art encryption technologies infeasible. Therefore, researchers are trying to develop lightweight authentication methods. A promising example of this is the use of behavioral device fingerprinting. Still, the remaining problem with this technology is that it is unclear which feature sets are most feasible to implement device fingerprinting schemes in practical systems. In short, the current research body lacks clearly defined requirements. To overcome this issue, this research aims to design a requirements framework for IoT authentication schemes using behavioral device fingerprinting. To do so, Design Science Research is used, incorporating a systematic literature review. In the end, a requirements framework for behavioral device fingerprinting authentication is presented. The proposed framework features 20 requirements in the four categories High-level IoT, Fingerprint sophistication, Machine learning sophistication, and Attack resistance. We have demonstrated the application of the requirements framework in this article. It is believed that the proposed framework will help researchers and practitioners to develop better IoT authentication solutions.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104459"},"PeriodicalIF":4.8000,"publicationDate":"2025-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825001488","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The Internet of Things (IoT) has more and more been integrated into our work and life. However, besides the benefits brought by the recent advancements, there is an increasing challenge for securing IoT devices and networks. A common security mechanism is authentication. However, IoT devices are often resource-constrained which make the use of state-of-the-art encryption technologies infeasible. Therefore, researchers are trying to develop lightweight authentication methods. A promising example of this is the use of behavioral device fingerprinting. Still, the remaining problem with this technology is that it is unclear which feature sets are most feasible to implement device fingerprinting schemes in practical systems. In short, the current research body lacks clearly defined requirements. To overcome this issue, this research aims to design a requirements framework for IoT authentication schemes using behavioral device fingerprinting. To do so, Design Science Research is used, incorporating a systematic literature review. In the end, a requirements framework for behavioral device fingerprinting authentication is presented. The proposed framework features 20 requirements in the four categories High-level IoT, Fingerprint sophistication, Machine learning sophistication, and Attack resistance. We have demonstrated the application of the requirements framework in this article. It is believed that the proposed framework will help researchers and practitioners to develop better IoT authentication solutions.

查看原文本刊更多论文

使用行为指纹的物联网设备认证需求框架

物联网已经越来越多地融入到我们的工作和生活中。然而，除了最近的进步带来的好处之外，保护物联网设备和网络的挑战也越来越大。一种常见的安全机制是身份验证。然而，物联网设备通常受到资源限制，这使得使用最先进的加密技术变得不可行。因此，研究人员正在尝试开发轻量级身份验证方法。行为设备指纹识别就是一个很好的例子。尽管如此，这项技术仍然存在的问题是，目前尚不清楚在实际系统中实现设备指纹方案的哪些功能集是最可行的。简而言之，目前的研究机构缺乏明确的需求。为了克服这个问题，本研究旨在设计一个使用行为设备指纹的物联网认证方案的需求框架。为此，采用了设计科学研究，并结合了系统的文献综述。最后，提出了行为设备指纹认证的需求框架。提议的框架具有四大类20个要求，包括高级物联网，指纹复杂性，机器学习复杂性和抗攻击性。我们已经在本文中演示了需求框架的应用。相信该框架将有助于研究人员和从业者开发更好的物联网认证解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.