Device Authorizarion

Hi!

I’ve been reading a little about tailscale, but fail to understand how device authorization works. Which property of a device is used to ensure that I can’t e.g. move a private key to a non-enrolled device and obtain access to the network by spoofing some non-protected property?

Regards,