CD2A: Continuous Device-to-Device Authentication Exploiting Crystal Oscillator Impurities

Every day, on average, eight cybercrimes targeting IoT networks occur, leading to a cumulative loss of $ 10 million The main reason for these attacks is the ability of unauthorized devices to gain access to IoT networks by replicating the hardware and software configurations of authorized devices. To tackle this pressing issue, cryptographic keys are used to authenticate devices in IoT networks. Given the requirements of this process, authentication is performed once at the beginning. However, this makes devices susceptible to cyber-attacks like spoofing, Sybil attacks, distributed denial-of-service (DDoS), and Advanced Persistent Threats (APT). To address this, we propose a novel Continuous Device-to-Device Authentication (CD2A) framework based on two components: 1) Identity Establishment and 2) Continuous Authentication. In the Identity Establishment phase, we use manufacturing imperfections to model unique device behaviours. A novel device fingerprint algorithm is proposed that leverages impurities of built-in components of the device, like crystal oscillators, and is measured in a graphical processing unit (GPU) by isolating each core at a time in the central processing unit (CPU). In the Continuous Authentication phase, we implement a dynamic timeline to establish device identity at regular intervals. Each device is continuously authenticated by using machine learning techniques. To protect devices from cyber-attacks like spoofing, Sybil attacks, DDoS, and APT, we track device legitimacy by calculating the Device Authentication Score (DAS) and the Device Risk Factor (DRF) in view of varying security risks. We evaluate the CD2A framework on an IoT system with 11 devices. The CD2A framework achieves an average authentication accuracy of 99.96% and9 99.85% when used in tandem with CatBoost and XGBoost machine learning algorithms, respectively.