Extraction of Secrets from Allegedly Secret-free IoT Sensors using Artificial Intelligence
The rapid growth of the IoT market and the increased use of IoT sensors have raised risks and potential threats against sensor networks. IoT sensors are generally separated from any cryptographic module and not protected well. Security measures involve ensuring that sensor data is accessible only to authorized parties and that sensor data is not altered by malicious entities. Recently, it has been proposed to fingerprint an analog sensor by applying specific input voltages and measuring the sensor's response. Due to manufacturing differences, the responses of each sensor are unique and can be used for authentication to prevent tampering. We develop an artificial intelligence-based attack approach against such a scheme to show its weaknesses. To model the input-output curve of four different commercial off-the-shelf temperature sensors, we use a multilayer perceptron (MLP) network. Moreover, we show that re-organizing the dataset by feeding the previous outputs to the input of the MLP network improves the modeling accuracy strongly. We demonstrate that both models successfully predict the output responses of the sensors when unknown test data is applied. Moreover, we sketch the application of our approach for classical failure analysis tasks, such as early defect detection.