The proliferation of consumer IoT products in our daily lives has raised the need for secure device authentication and access control. Unfortunately, these resource-constrained devices typically use token-based authentication, which is vulnerable to token compromise attacks that allow attackers to impersonate the devices and perform malicious operations by stealing the access token. Using hardware fingerprints to secure their authentication is a promising way to mitigate these threats. However, once attackers have stolen some hardware fingerprints (e.g., via MitM attacks), they can bypass the hardware authentication by training a machine learning model to mimic fingerprints or reusing these fingerprints to craft forge requests. In this paper, we present MCU-Token, a secure hardware fingerprinting framework for MCU-based IoT devices even if the cryptographic mechanisms (e.g., private keys) are compromised. MCU-Token can be easily integrated with various IoT devices by simply adding a short hardware fingerprint-based token to the existing payload. To prevent the reuse of this token, we propose a message mapping approach that binds the token to a specific request via generating the hardware fingerprints based on the request payload. To defeat the machine learning attacks, we mix the valid fingerprints with poisoning data so that attackers cannot train a usable model with the leaked tokens. MCU-Token can defend against armored adversary who may replay, craft, and offload the requests via MitM or use both hardware (e.g., use identical devices) and software (e.g., machine learning attacks) strategies to mimic the fingerprints. The system evaluation shows that MCU-Token can achieve high accuracy (over 97%) with a low overhead across various IoT devices and application scenarios.

翻译：消费级物联网产品在日常生活中的普及对安全设备认证和访问控制提出了需求。然而，这些资源受限设备通常采用基于令牌的认证方式，该方式易受令牌劫持攻击——攻击者可通过窃取访问令牌冒充设备并执行恶意操作。利用硬件指纹来保护认证是缓解此类威胁的有效途径。但一旦攻击者通过中间人攻击等方式窃取部分硬件指纹，便能训练机器学习模型模仿指纹，或直接复用这些指纹构造伪造请求，从而绕过硬件认证。本文提出MCU-Token——一种针对基于MCU的物联网设备的安全硬件指纹框架，即使加密机制（如私钥）被攻破仍能保障安全。该框架通过简单地在现有载荷中添加基于硬件指纹的简短令牌，即可轻松集成到各类物联网设备中。为防止令牌复用，我们提出消息映射方法，根据请求载荷生成硬件指纹，将令牌与特定请求绑定。为抵御机器学习攻击，我们将有效指纹与污染数据混合，使攻击者无法利用泄露的令牌训练可用模型。MCU-Token可防御全副武装的对手，包括通过中间人攻击实施重放、构造和卸载请求的攻击者，以及同时采用硬件（如同款设备）和软件（如机器学习攻击）策略模仿指纹的攻击者。系统评估表明，MCU-Token在多种物联网设备和应用场景下均能实现高精度（超过97%）和低开销。