Existing IoT device fingerprinting schemes exhibit insufficient robustness against generative AI–based attacks, undermining reliable device authentication and eavesdropping detection. Method: This paper establishes the first unified theoretical framework jointly modeling device identity authentication and eavesdropping detection, revealing common vulnerabilities across 12 mainstream fingerprinting approaches under ML-powered generative attacks. We propose a generalized simplified fingerprint modeling methodology integrating physical-layer feature extraction, machine learning interpretability analysis, adversarial threat modeling, and cross-task consistency evaluation—systematically identifying three novel generative adversarial attack vectors. Contribution/Results: Our work establishes a new design paradigm for generative-adversarial-resilient fingerprinting and provides verifiable, principled guidelines for next-generation robust fingerprint protocols, significantly enhancing security and reliability of device identification in highly adversarial environments.

The increasing use of the Internet of Things raises security concerns. To address this, device fingerprinting is often employed to authenticate devices, detect adversaries, and identify eavesdroppers in an environment. This requires the ability to discern between legitimate and malicious devices which is achieved by analyzing the unique physical and/or operational characteristics of IoT devices. In the era of the latest progress in machine learning, particularly generative models, it is crucial to methodically examine the current studies in device fingerprinting. This involves explaining their approaches and underscoring their limitations when faced with adversaries armed with these ML tools. To systematically analyze existing methods, we propose a generic, yet simplified, model for device fingerprinting. Additionally, we thoroughly investigate existing methods to authenticate devices and detect eavesdropping, using our proposed model. We further study trends and similarities between works in authentication and eavesdropping detection and present the existing threats and attacks in these domains. Finally, we discuss future directions in fingerprinting based on these trends to develop more secure IoT fingerprinting schemes.