Reliable Identification of IoT Devices from Passive Network Traffic Analysis: Requirements and Recommendations

Internet of Things (IoT) devices are becoming more widespread in networks and can give malicious actors new vectors to compromise networks. Of particular concern are devices running out-of-date firmware versions with known vulnerabilities. Securing real-world IoT networks therefore relies on knowing what devices are on a network and knowing what specific firmware versions they are running. At present, though, commercial solutions that include IoT device identification are not reliable at this level of granularity, and the academic literature has largely ignored the problem. In this paper, we highlight the shortcomings present in current IoT device identification and use these observations to develop a set of lab requirements. We then present our own lab setup for providing reliable real-world IoT device identification that meets this set of requirements. Building on this work, we develop a schema for documenting device versions and event histories that accompany network packet traces as metadata.