Single-board Device Individual Authentication based on Hardware Performance and Autoencoder Transformer Models

The proliferation of the Internet of Things (IoT) has led to the emergence of crowdsensing applications, where a multitude of interconnected devices collaboratively collect and analyze data. Ensuring the authenticity and integrity of the data collected by these devices is crucial for reliable decision-making and maintaining trust in the system. Traditional authentication methods are often vulnerable to attacks or can be easily duplicated, posing challenges to securing crowdsensing applications. Besides, current solutions leveraging device behavior are mostly focused on device identification, which is a simpler task than authentication. To address these issues, an individual IoT device authentication framework based on hardware behavior fingerprinting and Transformer autoencoders is proposed in this work. To support the design, a threat model details the security problems faced when performing hardware-based authentication in IoT. This solution leverages the inherent imperfections and variations in IoT device hardware to di ff erentiate between devices with identical specifications. By monitoring and analyzing the behavior of key hardware components, such as the CPU, GPU, RAM, and Storage on devices, unique fingerprints for each device are created. The performance samples are considered as time series data and used to train outlier detection transformer models, one per device and aiming to model its normal data distribution. Then, the framework is validated within a spectrum crowdsensing system leveraging Raspberry Pi devices. After a pool of experiments, the model from each device is able to individually authenticate it between the 45 devices employed for validation. An average True Positive Rate (TPR) of 0.74 ± 0.13 and an average maximum False Positive Rate (FPR) of 0.06 ± 0.09 demonstrate the e ff ectiveness of this approach in enhancing authentication


INTRODUCTION
The widespread adoption of the Internet of Things (IoT) has led to the emergence of crowdsensing applications, where many IoT devices collaboratively gather and analyze data from the environment [10].Many of these applications rely on singleboard computers due to their reduced price and relatively good performance.These applications offer tremendous potential in diverse domains, such as environmental monitoring, urban planning, healthcare, and transportation.However, ensuring the authenticity and integrity of the data collected by these devices is critical for reliable decision-making and maintaining trust in the system [5].
The openness and distributed nature of crowdsensing systems make them susceptible to Sybil attacks and collusion among malicious entities [23].Sybil attacks involve adversaries creating multiple fake identities to gain control over the system or manipulate the collected data.Collusion among malicious entities can also lead to coordinated attacks or data manipulation.
Implementing identity verification mechanisms, reputation systems, and distributed consensus algorithms is required in order to prevent and detect such attacks [25].
Traditional authentication methods for IoT devices, such as cryptographic protocols or unique identifiers, are often susceptible to various attacks and vulnerabilities [22].Moreover, devices with identical specifications can be easily duplicated or impersonated, posing a significant challenge to maintaining trust and security in crowdsensing applications.To address these limitations, novel approaches are required that leverage the unique characteristics of IoT devices to establish their authenticity.
One of the directions proposed in the literature to solve these issues is leveraging hardware manufacturing imperfections in order to uniquely identify each device in the environment [13].What elevates the efficiency of this approach is the integration of Machine Learning (ML) and Deep Learning (DL) techniques for the processing of collected hardware behavior data.These cutting-edge computational methodologies facilitate the analysis, classification, and prediction of the enormous amounts of complex, high-dimensional data generated by IoT devices [2].Particularly, they can adeptly capture patterns and dependencies in this data, enabling effective anomaly detection and thereby facilitating the identification of devices or activities that deviate from established norms.The combination of hardware manufacturing imperfections and ML/DL techniques has been evidenced to provide remarkable results in the context of device identification [16,15].However, authentication poses a more complex issue: discerning whether a device is authentic or not, but without taking into account the data distributions of other devices.
Therefore, there are still many challenges present related to hardware-based individual authentication leveraging ML/DL techniques: (i) most of the solutions available in the literature cover device identification and not in authentication [19], trying to differentiate a device between a set of known devices instead of uniquely verify its identity; (ii) novel DL methods such as attention Transformers have not been applied yet in this field [12], but could improve current results as it is happening in other fields; (iii) solutions are usually implemented in simulated or isolated environments, and not integrated into real-world applications [24]; (iv) most of the solutions relying on ML/DL follow a classification-based approach as they focus on identification, which is not practical in dynamic scenarios or when the number of devices is high [3].
To solve the previous challenges, the main contributions of the present work are: • A framework that leverages Transformer-based autoencoder models and hardware performance fingerprinting for the individual authentication of single-board computer devices.This framework leverages CPU, GPU, RAM and Storage components to measure their performance and find manufacturing variations that enable the differentiation between devices based on their performance.In this sense, the data from the legitimate device are taken as normal samples modeling its performance distribution, while samples from other devices should be detected as outliers or anomalies.
• The deployment of the framework in a real world spectrum crowdsensing platform based on Raspberry Pi devices, namely ElectroSense.In total, 45 devices are utilized in the scenario: 15 Raspberry Pi 4, 10 Raspberry Pi 3, 10 Raspberry Pi 1, and 10 Raspberry Pi Zero.
• The validation of the framework authentication performance in the deployed scenario.After data collection, an average True Positive Rate (TPR) of 0.74±0.13and an average maximum False Positive Rate (FPR) of 0.06±0.09are achieved, improving other state-of-the-art models such as LSTM and 1D-CNN networks.
The remainder of this article is structured as follows.Section 2 gives an overview of hardware-based individual authentication and background on transformer usage for anomaly detection.Section 3 describes the Transformer and hardware-based device fingerprinting solution for individual authentication of singleboard devices.Section 4 gives an overview of the crowdsensing platform employed for validation, the data collection process, and the experimental results when performing the authentication.Finally, Section 5 gives an overview of the conclusions extracted from the present work and future research directions.

RELATED WORK
This section reviews the key literature relevant on individual device authentication through hardware performance fingerprinting and transformer-based anomaly detection.

Individual device authentication and identification
The present work focuses on hardware-based single-board device authentication using the performance behavior of the components self-contained in the device and anomaly detection DL algorithms.Arafin and Qu [4] discussed several examples of hardware-based authentication that use memory access latency, instruction execution latency, and clock skew to authenticate devices, users, and broadcast signals used for navigation.In [15], the authors compared the deviation between the CPU and GPU cycle counters in Raspberry Pi devices to perform individual identification of 25 devices.The identification was performed using XGBoost, achieving a 91.92% True Positive Rate (TPR).In continuing work [12], the same authors improved the results to an average F1-Score of +0.96 and a minimum TPR of 0.8 using a time series classification approach based on LSTM and 1D-CNN combination.Similarly, [9] performed identical device identification using GPU performance behavior and ML/DL classification algorithms.Accuracy between 95.8% and 32.7% was achieved in nine sets of identical devices, including computers and mobile devices.Sanchez-Rola et al. [16] identified +260 identical computers by measuring the differences in code execution performance.They employed the Real-Time Clock (RTC), which includes its own physical oscillator, to find slight variations in the performance of each CPU.In [11], the author compared the drift between the CPU time counter, the RTC chip, and the sound card Digital Signal Processor (DSP) to identify identical computers.Other works have also explored hardwarebased authentication applications using physical properties of computing hardware such as main memory, computing units, and clocks.Shrivastava et al. [18] proposed a high-performance Field Programmable Gate Arrays (FPGA) based secured hardware model for IoT devices using the Advanced Encryption Standard (AES) algorithm.They compared the performance of two FPGAs and found that the Spartan-6 FPGA provides better throughput and less time delay for IoT devices.
Other works have explored the usage of Physical Unclonable Functions (PUFs) for IoT device identification [17].However, PUFs are out of the scope of this work, as it is centered on hardware behavior fingerprinting based on device performance, avoiding the usage of new hardware elements or the modification of the device specifications.
Table 1 compares the closest works in the literature with the present one.Although several works have worked in the combination of ML/DL techniques and hardware fingerprinting for device identification, a notable gap persists in the literature with respect to addressing the unique challenges of device authentication via an anomaly detection approach.Contemporary studies have primarily employed classification models, which serve to identify devices from a set pool of labels.However, these models are inadequate for the authentication problem.The task of authentication involves more than simple device recognition - it requires a system capable of detecting deviations from an expected hardware behavior, a task for which anomaly detection models, rather than traditional classification models, are better suited.Consequently, there is a significant need to investigate the potential of DL-based anomaly detection models, such as Transformer models, in the realm of device authentication.

Transformer-based anomaly detection in IoT security
The application of Transformer models in anomaly detection has recently gained momentum, recognizing their ability to extract meaningful features from sequential data effectively.Anomaly detection in time-series data, in particular, has seen significant advancements through the adoption of Transformer models [7].Their proficiency in capturing temporal dynamics makes them an excellent choice for tasks that involve detecting irregularities in time-bound sequences [20].
In the field of IoT security, Transformer-based autoencoders have been employed to address high-dimensional and complex dependencies issues by leveraging the self-attention mechanism and the encoder-decoder architecture.Chen et al. [6] proposed a framework called GTA that learns a graph structure among sensors and applies graph convolution and Transformer-based modeling to detect anomalies in multivariate time series.Kozik et al. [8] proposed a hybrid time window embedding method with a Transformer-based classifier to identify compromised devices in IoT-networked environment.Tuli et al. [20] proposed TranAD, a deep Transformer network that uses attention-based sequence encoders to perform anomaly detection and diagnosis for IoT data streams.These works demonstrate the effectiveness and efficiency of Transformer-based models for anomaly detection in IoT security.
However, the performance of Transformer-based anomaly detection in individual device authentication has not been explored yet, remaining as a practical field where the performance of these novel models can improve the state-of-the-art approaches.

INDIVIDUAL DEVICE AUTHENTICATION FRAME-WORK
This section elucidates the DL framework implemented for the purpose of hardware performance fingerprinting.The framework performs device fingerprinting based on performance deviations that show hardware manufacturing imperfections.An autoencoder Transformer model, a state-of-the-art approach in DL-based time series processing, is leveraged for the authentication of individual devices.
The framework is designed in a modular manner, where different components are combined in a stacked layout, from the hardware behavior monitoring to the DL-based evaluation and authentication.Due to the reduced processing capabilities of single-board computers, the framework follows a client-server architecture, where the components related to data collection and device configuration are deployed locally in the device, and the server processes the data and performs the model training and evaluation.Figure 1 illustrates the different modules composing the framework and the pipeline followed by the data until an authentication decision is made.Five modules compose the framework: (i) Monitoring, (ii) Preprocessing, (iii) Anomaly Detection, (iv) Authentication, and (v) Device Security.

Monitoring Module
The Monitoring Module is in charge of the interaction with the hardware components and the monitoring of their performance.Besides, it sends the collected data to the server for its processing and evaluation.It contains two components: Component Isolation and Stability and Data Gathering.

Component Isolation and Stability
One of the key conditions to perform fingerprinting based on hardware performance is to ensure that the components selected for monitoring are running under stable conditions that enable the characterization of the small performance variations in the components due to manufacturing imperfections [15].Therefore, this component is in charge of configuring the CPU, GPU, RAM and SD Card, the selected hardware components.It sets fixed running frequency for the components, isolate the components to avoid kernel interruptions, and disables some component optimizations that might affect the stability of the performance, such as memory address randomization.

Data Gathering
This component is in charge of collecting the performance measurements by executing different tasks in the selected hardware components.In the case of single-board computers, the available hardware elements are the CPU, GPU, RAM and storage (typically SD card).As proposed in the literature [15], the hardware monitoring is done by using the in-device elements as a reference for the performance measurements.For example, GPU performance is measured in CPU cycles, and CPU performance when executing a code is measured using the elapsed GPU cycles.The reasoning for this approach is that the component itself is not able to measure the deviations in its performance specification without an external cycle or time counter.

Preprocessing Module
The Preprocessing Module plays the pivotal role of a bridge between the raw data gathered by the Monitoring Module and the Anomaly Detection Module, where the data is employed to train the DL models and evaluate the device.The main tasks of this module encompass data cleaning and feature generation.

Data Cleaning
This component is responsible for filtering and cleaning the raw performance metrics.Any missing, inconsistent, or erroneous data are identified and filtered, thus preparing the dataset for further processing.

Feature Generation
This component focuses on feature extraction and engineering based on the cleaned data.First, it performs normalization of each one of the metrics gathered.Afterward, it is in charge of transforming the raw data into a format suitable for the Transformer model.A key aspect of this process is the concatenation of samples into groups of vectors, which facilitates time seriesbased analysis.

Anomaly Detection Module
The Anomaly Detection Module is the heart of the authentication framework, tasked with training and evaluating the Transformer-based autoencoder model.The Transformer-based autoencoder is a variant of the Transformer model, which was originally proposed for natural language processing tasks.The key component of the Transformer architecture is the selfattention mechanism, which models the interactions between the elements in the input sequence [21].More in detail, the self-attention mechanism computes a weighted sum of the input elements for each position in the sequence.The weight assigned to each input element is determined by its relevance to the position being considered.Formally, the self-attention can be computed as follows: where Q, K, and V are matrices representing the queries, keys, and values, respectively, and d k is the dimensionality of the keys.In multi-head attention, this operation is done h times with different learned linear projections of the original Q, K, and V matrices.
In the autoencoder variant of the Transformer model, the same sequence is provided as both the input and the target output of the model.The Transformer-based autoencoder learns to reconstruct the input sequence, which allows it to capture the underlying structure of the sequence data.
The encoder and decoder are both composed of several identical layers.Each layer contains two sub-layers: a multi-head self-attention mechanism and a position-wise fully connected feed-forward network, using ReLU as activation function.The output of each sub-layer is then passed through a residual connection and layer normalization.
In the context of device authentication, the Transformer-based autoencoder is trained to reconstruct the normal behavior of each device.Once the model is trained, it can be used to detect anomalies by comparing the reconstruction error of a new sequence with a predefined threshold.A high reconstruction error indicates that the new sequence is significantly different from the normal behavior, which could suggest a possible intrusion.
The two components forming this module, in charge of the Transformer-based autoencoder training for each device, are:

Transformer Training and Optimization
This component takes the processed data and trains a Transformer model for each device.This model, adept at reconstructing input data, establishes a profile of standard device behavior, thereby becoming proficient at detecting anomalies or deviations from the norm.This phase also involves the optimization of model parameters for each device independently to ensure the best performance.Then, the best model for each device is stored to be later used.

Transformer Evaluation
Upon completion of the training phase, the model is subject to deployment for live data evaluation.The model predictive capability is tested against the values collected from the device after deployment.Then, the output of the Transformer will be employed in the Authentication Module to determine if a device is the legitimate one and grant allow him to remain deployed in the network.

Authentication Module
The Authentication Module makes the final decision regarding device authentication based on the evaluation results coming from the previous module.

Device Authentication
This component is charged with the essential task of making the final authentication decision based on the anomaly detection results.Anomalies, interpreted as potential indications of device tampering or misuse, inform the authentication decision.A device may be authenticated and granted network access, or it may be rejected, depending on the analysis of these anomalies.

Device Security Module
The Device Security Module serves as an additional layer of security, overseeing the enforcement of security measures.

Security Enforcement
This component ensures the enforcement of necessary security rules or protocols based on the Authentication Module decision.If a device is authenticated, it is granted access to the network.If a device is deemed unauthenticated, this component ensures the device is isolated from the network, safeguarding the integrity of the IoT system.This module also reports any security issues, such as repeated authentication failures, to a central authority for further investigation.Moving target defense (MTD) techniques are a suitable approach for this module, as they focus on changing the device configuration according to the mitigation actions required.Some examples of these techniques is the removal of files, dynamic network connection filtering, among others.

FRAMEWORK VALIDATION
This section succinctly lays out the overall validation methodology, from leveraging the ElectroSense spectrum crowdsensing platform to data collection and preprocessing crucial for the analysis.The specifics of data gathering and the processes of cleaning, normalization, and transformation are explained.Finally, the Transformer-based Anomaly Detection model approach is validated in this real-world scenario, measuring its effectiveness.Note that the validation focuses on the data collection, monitoring, and DL parts of the framework.The development of advanced authentication rules and security measures is out of the scope of this work.

ElectroSense spectrum crowdsensing platform
The IoT spectrum sensors utilized in this research are a part of the ElectroSense network [10], an open-source, crowdsensing platform that collects radio frequency spectrum data with the aid of low-cost sensors.The platform, which capitalizes on a collaborative crowdsensing approach, enables the monitoring and collection of spectrum data.The core of this platform is the Raspberry Pi, a compact and cost-effective single-board computer, that when attached to software-defined radio kits and antennas can function as a versatile spectrum sensor.Such assembly of spectrum sensors by individual users contributes to the broad reach and comprehensive data collection capability of the ElectroSense platform.
Once the sensors have collected the data, it is then sent to the ElectroSense backend platform, which is responsible for its storage, processing, and analysis.This meticulous processing and analysis facilitate the provision of a suite of services.These services extend beyond mere spectrum occupancy monitoring, delving into areas such as transmission optimization and decoding.This range of services provided by ElectroSense not only bolsters the understanding of spectrum utilization but also opens up avenues for innovative optimization and enhancement strategies in the field of IoT. Figure 2

Data Gathering and Preprocessing
The first step in the validation process is to obtain the hardware performance data from each device and preprocess it in order to be fed into the Transformer models.

Data Gathering
The assembly of individual device authentication premised on hardware behavior hinges on the ability to monitor imperfections inherent in the device chips for subsequent evaluation.As outlined in Section 2, previous studies have primarily tackled this task by contrasting components featuring different base frequencies or crystal oscillators since deviations in these components performance can be discerned directly from the device.
To construct the framework for individual device authentication, it was necessary to compile a dataset that utilizes metrics pertinent to the hardware components inherent in certain devices.This dataset has been christened LwHbench, and additional details can be found in [14].In this context, the dataset gathered performance metrics from the CPU, GPU, Memory, and Storage of 45 Raspberry Pi devices of diverse models over a span of 100 days.Various functions were executed in these components, employing other hardware elements (operating at differing frequencies) to measure performance.Table 2 provides a summary of the functions that were monitored.These functions embody a set of common operations carried out in every component, aiming to gauge their performance.It is worth mentioning that additional analogous operations could be utilized during the data gathering process.In total, 215 features formed each one of the collected data vectors.The final dataset contains the following samples per device model: 505584 samples collected from 10 RPi 1B+ devices, 784095 samples from 15 RPi4 devices, 547800 samples from 10 RPi3 devices, and 548647 samples from 10 RPiZero devices.To collect the data, an array of countermeasures were implemented to mitigate the effect of noise introduced by other processes operating in the devices: Component frequency was kept constant, kernel level priority was enforced, the code was executed in an isolated CPU core (in multi-core devices), and memory address randomization was disabled.Moreover, the dataset was compiled under a variety of temperature conditions, facilitating the analysis of the influence this environmental feature has on component performance.

Preprocessing
In the preprocessing stage, the time series were generated by applying a time window over the collected samples, combining them into groups of 10 to 100 vectors.This method of grouping facilitates the implementation of time series Deep Learning (DL) approaches and is adjusted to other literature works [12].These models possess the ability to uncover intricate trends within the data, potentially leading to superior results compared to the standalone processing and evaluation of individual samples.Moreover, it also permits the utilization of attention models such as Transformers, which currently represent the pinnacle of performance in this field.For data normalization, QuantileTransformer [1] was utilized, given the variable data distributions originating from the differing hardware capabilities of each device model.The division of the data for model training and validation purposes consisted of 70% and 10% of the total, leaving the remaining 20% for testing.In order to minimize the potential impact of vector order correlations on the results, the splitting of training, validation, and test sets was performed without shuffling the samples.

Transformer-based Anomaly Detection Validation
As detailed in Section 3, the proposed Transformer approach performs hyperparameter tuning personalized for each device.Besides, other state-of-the-art DL architectures for anomaly detection in time series are tested to compare their performance to the Transformer.The tested networks are LSTM, 1D-CNN, and a combination of both of these layouts.Table 3 provides a comprehensive overview of the examined algorithms along with their corresponding hyperparameters.For validation, a server equipped with AMD EPYC 7742 CPU, NVIDIA A100 GPU, and 180 GB of RAM is employed, and the models are implemented using Keras library.
In the case of the LSTM and 1D-CNN models, the time series concatenation only achieved good results when using groups of 10 vectors or smaller due to their limited memory capabilities.In contrast, the Transformer achieved good results with all the sliding window lengths from 5 to 100, with the best results obtained with 100 vectors per sliding window.
To set the anomaly detection threshold in the reconstruction of the samples fed to the autoencoder models, the 10% of the reconstruction error in the training samples is chosen as the boundary  between anomaly and normal sample.Then, the validation set is employed for the hyperparameter selection by choosing the model with the higher TPR.

Authentication Performance
For the authentication capabilities evaluation, the strategy followed is one-vs-all, where the trained transformer model evaluates the test set of the source device (normal samples) but also the test sets of the rest of the devices (anomalies or outliers).Then, the True Positive Rate (TPR) of the legitimate device is compared with all the False Positive Rates (FPRs) of the rest of the devices, checking that the TPR value is greater than all the FPRs.Note that for this approach, different data normalizations should be performed in the test sets depending on which device is employed for training as the training data distribution changes.
Table 4 shows the results of the one-vs-all authentication tests.It can be seen how only the Transformer-based approach is able to authenticate all the devices successfully.Although their average TPR is higher, LSTM and 1D-CNN networks only can identify some of the devices, offering a much lower difference between the average TPR and maximum FPR.This occurs because the FPR is much more variable in these models, and many models have a high FPR when evaluating data from other devices, while the FPR variability is smaller in the Transformer models.Figure 3 gives a closer look into the distributions of the TPRs and maximum FPRs of the 45 devices evaluated.It can be seen that both distributions are greatly separated, having only three cases where the maximum FPR goes over 0.20 and remains under 0.45.The TPR always stays over that value and reaches values close to 1 in some cases, having most of its values between 0.6 and 0.8.Besides, Figure 4 shows the exact TPR and maximum FPR values for each one of the devices evaluated, having its MAC address as an identifier.In this graph can be observed that in the cases where the maximum FPR has a relatively high value (0.2 to 0.4), the TPR is way higher, guaranteeing that the authentication can be made reliably.
According to these results, a threshold-based authentication  approach could be employed by the Authentication Module to determine the result of the authentication process.An example can be a threshold for each device with a value 0.1 lower than the TPR achieved in the validation, as it is enough to differentiate all the devices present in the deployment.
The results achieved by the anomaly detection validation have demonstrated the feasibility of the proposed framework, as it was able to uniquely authenticate 45 single-board devices with identical hardware and software specifications.These findings point towards a promising direction for individual device authentication premised on hardware behavior, demonstrating the potential of Transformer models in this sphere.

Resource Usage
Although performance is the key characteristic to decide which model to use in the validation setup, resource usage during training and evaluation is also a critical point that should be taken into account when developing ML/DL-based solutions.
Table 5 shows the time and memory employed by the model.The training time statistics were collected using 10 epochs as the number of iterations over the training dataset.Besides, the evaluation time was obtained while evaluating the entire test dataset of the device.Finally, memory usage represents the size of the model after it has been completely trained.only about 0.86 MB.This combination of speed and efficiency makes it an appealing choice for resource-limited applications.
However, the LSTM model presents a significant increase in training time, taking approximately 283.68 seconds, and a slightly longer evaluation time of roughly 2.11 seconds.Coupled with a higher memory footprint of 1.33 MB, this model may demand greater computational resources than the 1D-CNN.
Interestingly, the hybrid LSTM+1D-CNN model exhibits the highest training time among the models, approximately 306.92 seconds, and has a considerable evaluation time of about 2.45 seconds.Its memory usage is also higher, at 1.83 MB, reflecting the complexity inherent to the combination of LSTM and 1D-CNN architectures.
Lastly, the Transformer model demonstrates a more moderate training time of approximately 157.68 seconds, albeit with the longest evaluation time of all models, around 8.93 seconds.More notably, it has a significantly higher memory usage, at a substantial 7.77 MB.While this may limit its applicability in memory-constrained environments, the Transformer model may excel in terms of capturing complex data patterns or delivering superior model accuracy, which are aspects not directly portrayed in the provided table.
In conclusion, while the 1D-CNN model is undeniably efficient regarding speed and memory usage, the Transformer models might offer better performance under certain circumstances.These trade-offs between time, memory usage, and potential model accuracy ought to be taken into account when deciding on the most suitable model for a particular scenario.

CONCLUSIONS AND FUTURE WORK
This paper proposes a framework for individual device authentication based on hardware behavior and outlier detection, which fundamentally relies on identifying inherent imperfections in the device chips.The framework, which leverages hardware behavior fingerprinting and Transformer autoencoders, establishes a unique 'fingerprint' for each device based on manufacturing imperfections in CPU, GPU, RAM, and Storage, even in those with identical specifications.These imperfections are modeled by generating a model trained with the "normal" data distribution of the hardware performance of each device.This provides a robust mechanism for device authentication, distinguishing between genuine and potentially harmful devices.The framework follows a modular design where device monitoring and security enforcement modules are deployed in the device and the data processing modules are hosted in a server with enhanced processing capabilities.
The practical implementation of this authentication framework in the ElectroSense platform demonstrates its effectiveness and real-world applicability.After 100 days of data collection using 45 Raspberry Pi devices, the Transformer-based autoencoder approach was implemented and compared with other state-of-the-art Deep Learning architectures such as LSTM and 1D-CNN for anomaly detection in time series.Despite the competitive performance of LSTM and 1D-CNN, the Transformer model emerged as the superior method, successfully authenticating all the devices.An average True Positive Rate (TPR) of 0.74±0.13and an average maximum False Positive Rate (FPR) of 0.06±0.09are achieved when performing one-versusall authentication, a more complex task than the classificationbased identification performed by other solutions in the literature.From these results, it can be concluded that the proposed approach not only prevents unauthorized device intrusions but also significantly contributes to the reliability of data analysis and the overall trustworthiness of the platform.
Moving forward, this research line has room for future work and improvements.While the current study has focused on Raspberry Pi devices, further research should involve testing the proposed model with other IoT devices, expanding its scope, and ensuring its applicability across a broad range of hardware.In addition, the study has examined the model effectiveness primarily in the context of a spectrum crowdsensing platform, ElectroSense.Future investigations could explore its implementation in different types of crowdsensing applications, thereby contributing to a comprehensive understanding of the framework versatility.
depicts a diagram of the ElectroSense platform.

Figure 3 :
Figure 3: TPR and maximum FPR distributions of the Transformer autoencoder.

Table 1 :
Comparison of the closest works on ML/DL-focused hardware-based device identification and authentication

Table 3 :
Anomaly detection time series models and hyperparameters tested.

Table 4 :
Anomaly detection time series models results.

Table 5 :
Resource usage of each model (per device).