CADFA: A Clock Skew-Based Active Device Fingerprint Authentication Scheme for Class-1 IoT Devices

The Class-1 Internet of Things (IoT) device is difficult to protect because of the lack of minimal hardware and extension support. Researchers have proposed several remote attestation schemes to protect IoT devices. However, hardware-assisted remote attestation methods require the support of minimal hardware, which is not suitable for Class-1 IoT devices. And regular software-based methods can only verify the integrity rather than the identity of devices. In this article, we propose a new identity authentication scheme for Class-1 IoT devices based on clock skew, achieving not only identity authentication but also device integrity verification. The formal verification results by employing the Tamarin tool show that our protocol achieves mutual authentication, man-in-the-middle attack resistance, replay attack resistance, and counterfeit attack resistance. And the proposed authentication protocol is evaluated on a small cluster of Arduino Mega boards, achieving 100% accuracy of identification. Our work combines remote attestation and device fingerprint and is fit for Class-1 IoT devices.