A Master of Science thesis in Computer Engineering by Areej Osama Mohammad entitled, “Isolating Physical Replacement of Identical IoT Devices Using Machine and Deep Learning Approaches”, submitted in April 2021. Thesis advisor is Dr. Imran Zualkernan and thesis co-advisor is Dr. Fadi Aloul. Soft copy is available (Thesis, Completion Certificate, Approval Signatures, and AUS Archives Consent Form).
Many Internet of Things (IoT) applications deploy identical end devices like sensor nodes or surveillance cameras in an organization. The purpose of this thesis was to determine if a malicious physical substitution of one end device by an identical compromised device could be recognized using deep learning or machine learning techniques. Conventional techniques to address the physical replacement of a node require one to implement specialized hardware like Physical Unclonable Functions (PUF) using expensive encryption techniques. For low-resource devices like an ESP32, the device does not come with an integrated PUF module, and a separate chip is required to execute the cryptographic operations. Moreover, recently deep learning techniques are shown to have compromised the PUF-based technique as well. This thesis explored whether machine and deep learning could be used to identify a single end device from a set of identical devices without requiring a PUF-like mechanism for authentication. Network data from 18 identical ESP32 devices was collected in a typical MQTT-based IoT network. In addition to exploring conventional machine learning methods including Random Forest, Bayesian, SVM, LightGBM, Gradient Boosting, and XG-Boost, a tiny Convolutional Neural Network (CNN) was designed and optimized using the Hyperband algorithm. The CNN was small with 85,058 trainable parameters and only used the packet Inter-Arrival Time (IAT) as input. The results are that the CNN outperformed all other models, with a micro-F1-Score of 0.999 (0.0012). The Random Forest model was the best traditional machine learning models with a micro-F1-Score of 0.9501 (0.0036). The worst was Bayesian with a micro-F1-Score of 0.222 (0.0016). There was a statistically significant difference in the F1-Score (Kruskal-Wallis; chi-square=84.192, p < 0.05) between the various trained model using 10-fold validation.