Autonomous Device Identification Architecture for
Internet of Things
Hirofumi Noguchi, Tatsuya Demizu, Naoto Hoshikawa, Misao Kataoka, Yoji Yamato
NTT Network Service Systems Laboratories
Nippon Telegraph and Telephone Corporation
3-9-11 Midori-cho, Musashino-shi, Tokyo 180-8585 Japan
Email: { hirofumi.noguchi.rs, tatsuya.demizu.av, naoto.hoshikawa.yu, misao.kataoka.ry, yoji.yamato.wa }@hco.ntt.co.jp
Abstract—A wide variety of devices is being installed in various
environments such as homes, factories, and streets with the rapid
expansion of the Internet of Things (IoT). To properly and
securely use IoT devices, the states of various devices that have
different properties and protocols must be managed. However, it
is difficult to understand the consistency of an individual device
when its installation place or software changes, since many
individual IoT devices do not have unique identifiers. In this
paper, we propose an architecture that estimates individual
devices by analyzing and combining multiple pieces of
information that can be obtained from the device. This
architecture estimates individual device identity based on the
time change pattern of the feature amount extracted from a
signal transmitted by a device. Results of a simulation revealed
that this architecture could identify the individual devices to find
the correct device.
Index Terms—IoT, device, identification, management.
I. INTRODUCTION
A wide variety of devices is being connected to the Internet
as the Internet of Things (IoT) rapidly expands. It is expected
that 50 billion devices will be connected to the Internet by 2020
[1], and more and more devices will be installed in various
environments such as homes, factories, and streets [2][3][4].
These devices include sensors such as cameras and
thermometers, small computers such as smart phones, and
actuators such as speakers and displays. Furthermore, their
computing resources and protocols are also diverse. To
properly and safely use such a large variety of devices, device
managers have to understand and manage the properties and
states of each device.
However, there are some problems with managing IoT
devices. First, devices are dynamically added and removed in
the same environment. Furthermore, in OpenIoT [5], one
device will be used for various purposes, so the installation
location, the network connection state, the type and version of
the software will change dynamically.
For example, consider the location. In a home, the
installation location of sensor on the appliance will change in
accordance with appliance movement. At a factory, while a
production line is being refurbished, the sensors will be moved
to another production line and reused there. Furthermore, the
978-1-4673-9944-9/18/$31.00 ©2018 IEEE
407
locations of laptops and web camera will also change
depending on the movement of the user. Therefore, changes in
the installation location such as rooms need to be accurately
detected to know where the device is now.
Next, consider the network. Some devices have multiple
network interfaces. For example, smartphones change the
access network from Wi-Fi to a mobile network such as LTE.
Changes of the network also need to be accurately detected to
know where the device is now. Conventionally, by looking at a
Mac address, a device connected to a network can be uniquely
identified, but recent operating systems (OSs) randomly
generate a media access control (MAC) address each time a
network connection is made in consideration of security.
Therefore, it can no longer be used as a consistent key.
Also, consider software operation on the device. Firmware
and OSs are regularly updated. Thus, if the same device cannot
be recognized before and after the software is updated, the
device will be unknown. In this way, if the location of the
device, the network or the software changes, changes to an
individual device need to be tracked and grasped to know
where device is now located in the real world and the network.
In addition, from the viewpoint of security, individual
devices that have dynamically changing states must be
consistently tracked and grasped. For example, if it is not
possible to track the state log of a certain device from the past
to the present regardless of the location or software change, it is
impossible to specify past behaviors or effect range when
failures happen. Also from the viewpoint of device
authentication, the identity of devices must be recognized
before and after the change to judge the safety without re-
authentication when the state of the authenticated device
changes within the authentication policy.
In this way, it is necessary to grasp the state of various
devices with different properties and protocols and identify the
devices without confusing them with others, even if the state of
the device changes. There is a way to provide a database (DB)
in an environment, and manually manage the state of devices,
but manually managing a huge number of devices is not
realistic. Therefore, we are establishing technology to realize
IoT resource management and high security by automatically
detecting the state and change of various devices and
identifying individual ones. This is an important and
challenging theme for expanding IoT.
The rest of this paper is organized as follows. Section II
surveys the related work. Section III describes the device
identification architecture. Section IV presents the simulation
and experimental results. Section V discusses the future
challenge. Finally, Section VI concludes the paper.
II. RELATED WORK
There are some technologies for identifying individual
devices.
One existing technology issues a computer certificate with
EAP-TLS [6]. It can identify an individual computer by issuing
a computer certificate for and installing it on each device.
However, it can be applied to only resource-rich devices that
can handle the EAP-TLS protocol such as personal computers
even though many IoT devices such as sensors are resource-
constrained devices. To manage a wide variety of devices in
various environments, we have to take another way.
There is technology to identify the user of a device and its
hardware configuration from web fingerprints [7][8]. It finds
the characteristics of users and devices and identifies them with
high accuracy by investigating the behaviors of the browser.
However, it can only be applied to devices that can operate
browsers, so another way is still needed to manage a wide
variety of IoT devices.
There are methods for identifying individual devices from
hardware fingerprints such as device radio wave intensity and
output video characteristics [9][10]. These methods are
effective for identifying counterfeit goods and detecting
defective items, but they need high-load analysis using special
equipment. However, the current technology maturity level is
not sufficient to manage a large number of devices at low cost.
There is a method for managing resource constrained
devices using IP-based management protocols such as SNMP
and NETCONF [11]. It shows a method for utilizing IP-based
protocols on devices with limited central processing units
(CPUs) and memory. However, an OS must be able to handle
these protocols. Therefore, applicable devices are still limited
and need to be expanded to track devices that have changed
state.
There is a method for identifying the OS and application
operating on the device by analyzing the traffic of the device
[12][13]. However, it can identify only the type of software,
not individual devices.
As described above, there is no individual-device
identification technology that can deal with various kinds of
devices used in various environments and does not require any
special measuring equipment. It is thus an important research
theme for the future IoT expansion.
408
III. PROPOSED ARCHITECTURE
This section presents our proposed IoT device identification
architecture. To automatically identify individual devices, we
chose a method to estimate device identity. Many IoT devices
do not have information that can uniquely identify individuals
such as certificates. It is also impossible to reliably identify
individuals from communication information. However, it is
possible to estimate an individual’s identity by analyzing and
combining multiple pieces of information. Even if the
estimation is not completely precise, if the estimation accuracy
is sufficiently high, devices can be managed.
Figure 1 shows an overview of the architecture. This
architecture estimates individual device identity based on the
time change pattern of feature amount extracted from a signal
transmitted by a device such as a sensor. In the change pattern
of the device feature amount, characteristics of each device and
the unique way it is used in each environment appear.
In addition, we separate the data acquisition interface and
estimation logic. The architecture can be extended to deal with
various kinds of devices.
The process of individual device identification is discribed
below.
A .Extraction of Device Features
 First process step of individual device identification is an
extraction of device feature amounts. Feature amounts are
periodically extracted from signals such as sensor value or keep
alive signals, or responses to actions such as port scanning. The
feature amount includes information indicating the state of the
device and the software version being executed. It also includes
traffic characteristics such as the average traffic amount and a
communication interval within a certain period of time. Since
the communication protocol varies depending on the type of
device, different devices have different methods to acquire data
and extract the feature amount. Therefore, in this architecture, a
protocol capture is provided for each protocol. To acquire and
handle low-layer communication information such as a MAC
frame, a protocol capture should preferably be implemented as
a gateway in the local network environment.
B .Individual Device Identification
 The proposed architecture generates a change pattern from
the device feature amount. Comparing this change pattern and
change patterns stored in the past, the architecture identifies
individual devices.
 Figure 2 shows details of processing in device identifier. For
each feature amounts, the pattern detector generates a time
change pattern for each individual and stores it in the device
pattern DB. The change pattern is, for example, a difference in
continuous values or an approximate curve. The change pattern
and the individual device are stored in association with each
other in the device pattern DB. When identifying a target
device or storing change pattern, the similarity calculator
calculates the degree of similarity with patterns already stored
in the device pattern DB.
 Feature Message Time 5

Feature 1
Amount 09:00:02 09:00:05 09:00:09 嵣嵣嵣 09:00:56 09:00:58
device signal
Feature 1 AP1 AP2 AP3 嵣嵣嵣 AP4 AP5
0
Protocol Feature Feature 2 1 3 3 嵣嵣嵣 1 3 0 10 20
signal Capture Amounts Feature 3 100 100 100 嵣嵣嵣 200 200 Message Time

device
Device
Device Identifier
Device Information Unknown
Feature Identifier Device DB Feature pattern Device
Feature pattern
pattern
Amounts Amount Amount
Pattern Similarity Information
Device Feature
Amount Storage Detector Calculator
signal Protocol
device Device
pattern
pattern
Capture pattern
Device Pattern DB
Pattern DB
Device #1 Device #2 Device #3
pattern pattern pattern
pattern
pattern pattern
pattern pattern
pattern

Fig.1. Overview of Architecture

Fig.2. Individual Device Identification Process

Equations 1 and 2 show formulas for calculating the degree of
similarity.
ci = 1 - (Dxi / max( Dx)). (1)
C = å k i ci .
 c is the degree of similarity for each feature amount, C is the
comprehensive degree of similarity and x is a digitized feature
amount. c and C take a value in the range of 0 to 1. c is
calculated by comparing the change pattern from identification
target devices and the change pattern in the device pattern DB.
k is the weight of each feature amount. The method of
calculating it is explained later. After calculating the degrees of
similarity for each feature amount, and integrating these
degrees with their weights, the similarity calculator
consequently obtains a comprehensive degree of similarity for
the device.
The device identifier calculates the degree of similarity for
all the patterns in the device pattern DB, and estimates that the
device with the highest degree of similarity is the same as the
identification target device. When no device has a similarity
degree higher than a certain level, the device identifier
estimates that the identification target device is a new device
connected to the network.
C .Calculation of weight of feature amounts
The proposed architecture calculates the weight of each
feature amount. The feature amount change pattern is
preferably unique enough not to overlap among multiple
individuals. For example, in an environment containing many
mobile devices, the locations of the majority of devices change
frequently and should not be referenced for individual
identification. As another example, in an environment where
software of the same model devices is simultaneously updated
in a constant cycle, its change pattern should not be referenced
for individual identification either. If the proposed architecture
handles all the feature amount changes uniformly, it estimates
many devices as a close degree of similarity and the accuracy
of estimation is reduced. This is a major problem, particularly
when only small quantities of feature amounts can be obtained.
Therefore, this architecture evaluates the uniqueness of each
feature amount. Similarity calculator calculates the variance
value of the degree of similarity of all change patterns.
The architecture regards the feature amount with large variance
as a unique feature amount, and gives it greater weight.
Equation 3 shows the formula for calculating the weight.
(2) k i = vi / å v (3)
k is the weight of each feature amount, and the sum of k is 1. v
is a variance value of the degree of similarity for all change
patterns. k is calculated in accordance with the ratio of variance
value.
D .Applying identification results
 Final process step is applying the identification result in the
device DB. The device DB records the state of the managed
device such as location or executing software. This architecture
updates the state information of the device on the device DB by
using the estimation result. In addition, this architecture also
updates the device pattern DB. This architecture registers new
feature amount change patterns in the device pattern DB.
 As described above, it is possible to automatically identify
an individual device the state of which changes.
IV. RESULTS OF SIMULATION
We evaluated the proposed architecture by simulation. As
an intial expreriment, we tried to confirm that this architecture
can distinguish individuals based on the degree of similarity
calculated from the feature amount of the device. This is
because if similarity value of many devicess in an environment
are close value, the architecture can’t find the matching device
properly.
Simulation conditions are shown in Table I. Mobile devices
that constantly move in the environment are assumed. There
are 10 devices of the same model, and all have 5 feature
amounts, access point, communication delay, communication
interval, average communication amount, and OS version.
Assuming the movement of the mobile device, each device
always selects one access point and changes it in a certain
probability within a certain range. The communication delay
depends on the access point, whereas the communication
interval and communication amount depend on the application
being executed. The device always executes one of two kinds

409
of applications, and in the initial state there is an equal number
of devices. An executed application is changed at a low
frequency. The OS version is the same and unchanged for all
devices. Under the above conditions, we generated random
values as data sets of feature amounts. Each data set includes
consecutive 10 sets of feature amounts that change according to
change frequency. We generated such datasets for 10 devices.
On the basis of the change pattern of one device, we
calculated the degree of similarity with all other devices using
the proposed individual identification method. To calculate the
change pattern of a feature amount, we used an approximate
linear function of the feature amount with respect to time. For
calculation, the access point and the OS are replaced with a
corresponding number. To calculate the degree of similarity for
each feature amount, we use the slope and intercepts of the
approximate linear function of each feature amount change.
Figure 3 shows the distribution of the similarity degree for 10
devices. The variance value of the similarity degree for 10
devices is 0.095. The proposed architecture was able to
separate devices into similar and unlike based on change
pattern. Therefore the architecture will be able to find the
correct device. In addition, when all the weights of each feature
amount are handled at an equal ratio, the variance value is
0.053. The weighting effectively improved the variance and the
estimation accuracy.
TABLE I. Simulation Configuration
Feature Candidate Change
Amount Frequency
Access Point 1,2,3,4,5 20 %
Application A,B 1%
OS X 0%
Access Point Delay (ms)
1 10
2 15
3 30
4 20
5 10
Application Amount (Kbyte) Interval (ms)
A 100
B 200
1 0.1
DEGREE OF SIMILARITY
0.8
0.6
0.4
0.2
0 0
No Weight With Weight
Fig.3. Degree of Similarity for Each Device from Simulation
V. DISCUSSION
This research is still in its early stages, and further research
is required for implementation of the proposed architecture.
Although the simulation results show the effectiveness of the
architecture in a specific use case model, a detailed method of
individual device identification must be studied in order to
identify various IoT devices.
First, variation patterns in appropriate time ranges need to
be extracted for each feature amount because patterns vary
depending on the feature amount of the device. Sensor data
may change in a cycle of several minutes, whereas software
versions may change in cycles of several days. Considering
how to generate change patterns with various time ranges for
various feature amounts is a challenge.
Second, the change pattern must be extracted and the
degree of similarity calculated in accordance with the
characteristics of the feature amount. For a continuous feature
amount, the proposed architecture can calculate the degree of
similarity by finding an approximate function from the
changing trajectory. On the other hand, for a discontinuous
feature amount, considering how to formulate the change
pattern and calculate the degree of similarity is a challenge. We
plan to do more simulations to improve the architecture. Also,
we plan to verify the effectiveness of the architecture by
applying it in an actual IoT operational environment.
Furthermore, applying this architecture to device
authentication is a next challenge. It’s hard to identify a
malicious device accurately because it can impersonate another
device by sending the same change pattern. One of measures is
Change
to make it difficult to impersonate a device by identifying
Range
(1,2,3),(4,5,6)
devices using a lot of feature amounts.
(A,B) Finally, as the future outlook on this research, we are
- aiming to realize autonomous IoT service building. We are
considering an approach to combine this architecture with the
service control technology [14][15]. We believe that we can
use autonomous device identification in the network to find
appropriate devices for the service.
VI. CONCLUSION
A wide variety of devices are being installed in various
200
environments such as homes, factories, and streets with the
350 rapid expansion of the Internet of Things (IoT). To properly
and securely use IoT devices, the state of various devices that
have different properties and protocols must be managed.
However it is difficult to understand the consistency of an
0.08
individual device when its installation place or software
changes, since many individual IoT devices do not have unique
VARIANCE
0.06
identifiers.
In this paper, we proposed an architecture that solves the
0.04 above problem by estimating individual devices by analyzing
and combining mutiple pieces of information that can be
0.02 obtained from the device. This architecture estimates individual
device identity based on the time change pattern of the feature
amount extracted from a signal transmitted by a device.
Simulation results of the model case assuming a mobile
device revealed that proposed architecture can identify
410
individual devices by using the degree of similarity calculated
from the feature amount of the device.
This research is in its early stage, and we proposed only
basic architecture to automatically identify IoT devices. In the
future we will study various devices and computation methods
and implementations corresponding to their features, and will
verify the effectiveness of the architecture by using it in an
actual IoT operational environment.
REFERENCES
[1] D.Evans, “The Internet of Things – How the Next Evolution of
the Internet is Changing Everything,” Cisco Internet Business
Solutions Group (IBSG), April, 2011.
[2] Gao Chong, Ling Zhihao, and Yuan Yifeng, "The research and
implement of smart home system based on internet of things,"
Electronics, Communications and Control (ICECC),
International Conference on. IEEE, 2011.
[3] Lee, Jay, "Smart factory systems," Informatik-Spektrum, 38.3,
pp. 230-235, 2015.
[4] Aditya Gaur, Bryan Scotney, Gerard Parr, and Sally McClean,
"Smart city architecture and its applications based on IoT,"
Procedia Computer Science, 52, pp. 1089-1094, 2015.
[5] Jaeho Kim, and Jang-Won Lee, "OpenIoT: An open service
framework for the Internet of Things," Internet of Things (WF-
IoT), 2014 IEEE World Forum on. IEEE, 2014.
[6] RFC 5216, “https://www.rfc-editor.org/rfc/rfc5216.txt.”
[7] Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez,
Arvind Narayanan, and Claudia Diaz, "The web never forgets:
Persistent tracking mechanisms in the wild," Proceedings of the
ACM SIGSAC Conference on Computer and Communications
Security, 2014.
411
[8] Gunes Acar1, Marc Juarez, Nick Nikiforakis, Claudia Diaz,
Seda Gürses, Frank Piessens, and Bart Preneel, "FPDetective:
dusting the web for fingerprinters," Proceedings of the 2013
ACM SIGSAC conference on Computer & communications
security, 2013.
[9] Gianmarco Baldini, Member IEEE, and Gary Steri, "A survey of
techniques for the identification of mobile phones using the
physical fingerprints of the built-in components," IEEE
Communications Surveys & Tutorials, 2017.
[10] Qiyue Li, Member, IEEE, Hailong Fan, Wei Sun, Jie Li,
Liangfeng Chen, and Zhi Liu, "Fingerprints in the Air: Unique
Identification of Wireless Devices Using RF RSS Fingerprints,"
IEEE Sensors Journal, 17.11, pp. 3568-3579, 2017.
[11] Anuj Sehgal, Vladislav Perelman, Siarhei Kuryla, and Jürgen
Schönwälder, “Management of resource constrained devices in
the internet of things,” IEEE Communications Magazine, 50.12,
2012.
[12] Takashi Matsunaka, Akira Yamada, and Ayumu Kubota,
"Passive OS fingerprinting by DNS traffic analysis," Advanced
Information Networking and Applications (AINA), IEEE 27th
International Conference On. IEEE, 2013.
[13] Dario Bonfiglio, Marco Mellia, Michela Meo, Dario Rossi, and
Paolo Tofanelli, "Revealing skype traffic: when randomness
plays with you," ACM SIGCOMM Computer Communication
Review, Vol. 37. No. 4, ACM, 2007.
[14] Yoji Yamato, Hiroyuki Ohnishi and Hiroshi Sunaga,
"Development of Service Control Server for Web-Telecom
Coordination Service," IEEE International Conference on Web
Services (ICWS 2008), pp.600-607, Sep. 2008.
[15] Hiroshi Sunaga, Yoji Yamato, Hiroyuki Ohnishi,
Masashi Kaneko, Masami Iio and Miki Hirano, "Service
Delivery Platform Architecture for the Next-Generation
Network," ICIN2008, Session 9-A, Oct. 2008.