Identifying Devices of the Internet of Things Using Machine Learning on Clock Characteristics

  • Pascal OserEmail author
  • Frank Kargl
  • Stefan Lüders
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11342)


The number of devices of the so-called Internet of Things (IoT) is heavily increasing. One of the main challenges for operators of large networks is to autonomously and automatically identify any IoT device within the network for the sake of computer security and, subsequently, being able to better protect and secure those.

In this paper, we propose a novel approach to identify IoT devices based on the unchangeable IoT hardware setup through device specific clock behavior. One feature we use is the unavoidable fact that clocks experience “clock skew”, which results in running faster or slower than an exact clock. Clock skew along with twelve other clock related features are suitable for our approach, because we can measure these features remotely through TCP timestamps which many devices can add to their packets. We show that we are able to distinguish device models by Machine Learning only using these clock characteristics. We ensure that measurements of our approach do not stress a device or causes fault states at any time.

We evaluated our approach in a large-scale real-world installation at the European Organization for Nuclear Research (CERN) and show that the above-mentioned methods let us identify IoT device models within the network.


Internet of Things Identification Security Clock characteristics Machine Learning 



This work has been sponsored by the Wolfgang Gentner Programme of the German Federal Ministry of Education and Research.


  1. 1.
    GARTNER. Accessed 05 Feb 2018
  2. 2.
    Miettinen, M., et al.: IoT sentinel: automated device-type identification for security enforcement in IoT. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 2177–2184. IEEE (2017)Google Scholar
  3. 3.
    Meidan, Y., et al.: ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis. In: Proceedings of the Symposium on Applied Computing, pp. 506–509. ACM (2017)Google Scholar
  4. 4.
    Jaafar, F.: An integrated architecture for IoT fingerprinting. In: 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 601–602. IEEE (2017)Google Scholar
  5. 5.
    Bratus, S., et al.: Active behavioral fingerprinting of wireless devices. In: Proceedings of the first ACM Conference on Wireless Network Security, pp. 56–61. ACM (2008)Google Scholar
  6. 6.
    Kassem, M.M., et al.: A clock skew addressing scheme for Internet of Things. In: 2014 IEEE 25th Annual International Symposium on Personal, Indoor, and Mobile Radio Communication (PIMRC), pp. 1553–1557. IEEE (2014)Google Scholar
  7. 7.
    Huang, D.-J., et al.: Clock skew based node identification in wireless sensor networks. In: Global Telecommunications Conference 2008. IEEE GLOBECOM 2008, pp. 1–5. IEEE (2008)Google Scholar
  8. 8.
    Huang, D.-J., et al.: Clock skew based client device identification in cloud environments. In: 2012 IEEE 26th International Conference on Advanced Information Networking and Applications (AINA), pp. 526–533. IEEE (2012)Google Scholar
  9. 9.
    Internet Engineering Task Force, Transmission Control Protocol. Accessed 05 July 2018
  10. 10.
    Kamp, P.-H.: Timecounters: efficient and precise timekeeping in SMP kernels. In: Proceedings of the BSDCon Europe (2002)Google Scholar
  11. 11.
    Internet Engineering Task Force, TCP Extensions for High Performance. Accessed 05 July 2018
  12. 12.
    Kohno, T., et al.: Remote physical device fingerprinting. IEEE Trans. Dependable Secur. Comput. 2(2), 93–108 (2005)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Hornik, K.: Approximation capabilities of multilayer feedforward networks. Neural Netw. 4(2), 251–257 (1991)CrossRefGoogle Scholar
  14. 14.
    Vapnik, V.: Estimation of Dependences Based on Empirical Data. Springer, New York (2006). Scholar
  15. 15.
    Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)CrossRefGoogle Scholar
  16. 16.
    Davis, J., Goadrich, M.: The relationship between precision-recall and ROC curves. In: Proceedings of the 23rd International Conference on Machine Learning, pp. 233–240. ACM (2006)Google Scholar
  17. 17.
    Liaw, A., et al.: Classification and regression by randomForest. R News 2(3), 18–22 (2002)MathSciNetGoogle Scholar
  18. 18.
    Safavian, S.R., Landgrebe, D.: A survey of decision tree classifier methodology. IEEE Trans. Syst. Man Cybern. 21(3), 660–674 (1991)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Radhakrishnan, S.V., et al.: GTID: a technique for physical device and device type fingerprinting. IEEE Trans. Dependable Secur. Comput. 12(5), 519–532 (2015)CrossRefGoogle Scholar
  20. 20.
    Kraskov, A., et al.: Estimating mutual information. Phys. Rev. E 69(6), 066138 (2004)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Breiman, L.: Classification and Regression Trees. Routledge, Abingdon (2017)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.European Organization for Nuclear Research CERNGenevaSwitzerland
  2. 2.Ulm UniversityUlmGermany

Personalised recommendations