PoirIoT: Fingerprinting IoT Devices at Tbps Scale

The massive growth in popularity of household IoT devices has brought new capabilities to our lives while also bringing new challenges to network providers. In particular, large numbers of devices have been used to cause disruptions to critical Internet services. Understanding which devices are connected to a network empowers administrators to mitigate threats with target-specific interventions. This information is obtained by analyzing traffic through a process known as device fingerprinting. Current device fingerprinting solutions face major scalability issues in high-speed and high-volume networks, either relying on middleboxes to perform their tasks or targeting a single household. This paper introduces a novel in-network fingerprinting system, PoirIoT, capable of real-time, accurate, and scalable IoT device fingerprinting. Specifically, PoirIoT takes advantage of recent programmable switches and use standard packet metadata, length, and direction information to gain high-throughput and per-packet fingerprinting granularity. We show the effectiveness (100% device detection accuracy) of our solution using a publicly available dataset on a testbed consisting of Intel Tofino switches. Moreover, PoirIoT adds no additional latency to the regular traffic flow and utilizes minimal switch resources (e.g., memory).