Mehdi Karimibiuki, Karthik Pattabiraman, and Andre Ivanov, IEEE International Symposium on Pacific Rim Dependable Computing (PRDC), 2021. (Acceptance Rate: 43%) [ PDF | Talk ]
Abstract: Dynamic Internet-of-Things (IoT) systems are non-linear cyber-physical systems that move around and operate in the physical world under the control of stability laws in the cyber world. An example of such systems are Unmanned Aerial Vehicles (UAVs), or drones. In this environment, fake nodes can masquerade themselves as real nodes, to fool the command and control functions for resource management. In this paper, we present a novel authentication framework to identify fake nodes from the real ones by deriving and monitoring the stability function. More specifically, we exploit the Lyapunov stability function to validate the authenticity of a drone’s physical behavior. We use training traces from real nodes to derive the stability function, then use it to authenticate traces at runtime. Our technique is implemented in a tool called Phoenix. We evaluate Phoenix with a system simulator as well as a real-world drone. We find that Phoenix takes about 50 ms to distinguish fake from real nodes, achieves a recall rate of over 96% and a precision rate of 95%, and can foil even determined attackers with limited computational resources.