How can I identify what kind of IoT device is in my network?

Question

I am trying to build a system in which IoT devices can connect and are classified without the need for manual checks by the system administrator. In this system, IoT devices will send data, and on the basis of that data, they will be classified into groups. Also, extra layer of encryption might be applied depending on what device it is.

Now, my question is:

How to identify what kind of IoT device is entering my network. It could be a sensor or a fridge or an AC or a smartphone. How do I identify what device it is? What metrics do I use? Should I analyze its packet or payload? Or should I use the MAC address to identify what type of device it is? Does MAC address give this type of information?

I am confused about this. If I can identify what device it is, I can then authenticate and classify the device.

Answer 1

I'd like for you to consider these points that arise from your questions.

1. Are you wanting to classify the entire device or are you wanting to classify the data ? i.e, Is it possible now (or in the foreseeable future) for a single device to send up data of different classifications ?
2. What threats do you want to protect against ? This will determine your authentication mechanism.
   Those questions will determine your future path.

If you choose to go MQTT based IoT with one of the big providers (AWS/Azure/Google), the standard way to authenticate a device and encrypt communications is to use a certificate. It is best to generate a certificate per device so that if a device becomes compromised, you can just revoke its certificate and all the other devices are still able to communicate.
With IoT based on MQTT, the clientID identifies the device. There are techniques to ensure that devices cant spoof the clientID of another device (by using the certificate pricipal ID or policies) if you want to protect against that threat as well.
You may not be able to authenticate at a sensor level. Only at a level where something can support some authentication. Maybe that device controls a few sensors ?

If you choose to classify at a data level, you can more confidently do that once you have secured the entire device as above. Now, you can just use MQTT topics to identify the different types of data and apply appropriate security policies on the different pieces of data.