DEFENDIS (DEcentralized FEderated learNing for IoT Device Identification and Security) is a critical cybersecurity research project focused on enhancing the security of Internet of Things (IoT) ecosystems. The project was developed from April 2023 to November 2023 in collaboration with armasuisse, the Federal Office for Defence Procurement serving as the technological hub for the Swiss Federal Department of Defence, Civil Protection and Sport (DDPS).
Project Overview
In widely distributed IoT environments, ranging from crowdsensing platforms to Industrial IoT (IIoT), the inability to securely and uniquely authenticate edge sensors introduces severe operational risks. Malicious actors can deploy rogue devices or impersonate legitimate sensors to inject falsified data into critical monitoring systems.
DEFENDIS provides a robust, fully distributed framework designed to uniquely identify individual devices within an IoT platform. By moving away from centralized authentication servers, which act as single points of failure (SPOF) and ripe targets for attackers, DEFENDIS leverages decentralized methodologies to secure the IoT environment without compromising organizational data privacy.
Core Methodologies
The DEFENDIS framework is built upon three foundational technical pillars:
1. Hardware Device Fingerprinting
To effectively counter device impersonation, DEFENDIS relies on hardware-level device fingerprinting. Rather than depending solely on easily spoofable cryptographic keys or MAC addresses, the system creates unique digital signatures for sensors based on their intrinsic hardware and behavioral characteristics.
Crucially, this fingerprinting process incorporates contextual data monitoring. The system actively analyzes running processes, CPU load patterns, and thermal signatures (temperature) to dynamically adjust and validate the generated fingerprint based on the device's real-time operational context.
2. Decentralized Federated Learning (DFL)
The core intelligence of DEFENDIS is powered by a fully Distributed Federated Learning architecture. The generation and refinement of Machine Learning and Deep Learning (ML/DL) models used to verify device fingerprints occur collaboratively across the nodes themselves.
This approach serves two critical purposes:
- Privacy Preservation: Sensitive contextual and behavioral data never leaves the local device. Only aggregated model gradients are exchanged.
- Bottleneck Elimination: Distributing the fingerprints and models across multiple stakeholders—without requiring a central coordinating entity—drastically reduces the attack surface and communication bottlenecks characteristic of centralized server architectures.
3. Adversarial Resilience & Trust Metrics
In environments targeted by advanced persistent threats, the identification framework itself will be attacked. DEFENDIS proactively investigates and applies adversarial attacks against its own solution to validate and improve resilience. These attacks target both the initial fingerprint generation phase and the localized federated model training processes.
To systematically evaluate the security posture of the federation, DEFENDIS incorporates robust telemetry for trust and robustness metrics. The framework actively monitors quantifiable parameters tied to operational robustness, fairness across heterogeneous nodes, algorithmic explainability, and the strict assurance of privacy during peer-to-peer aggregations.
Strategic Impact
By combining hardware-level biometrics with DFL topologies, DEFENDIS studies sensor authentication in environments where zero-trust principles must be applied close to the device. The collaboration with armasuisse gives the project a clear defense and critical-infrastructure context, with a focus on privacy-preserving IoT deployments and resilience against physical tampering and decentralized cyberattacks.
The DEFENDIS project was conducted in collaboration with the Federal Office for Defence Procurement armasuisse (April - November 2023).
