SoK: Beyond IoT MUD Deployments - Challenges and Future Directions

2014

Internet of Things (IoT) is intended to provide a network where information flows could easily be set up between any kinds of products, devices, users and information systems in general. This vision is getting closer to become real due to the continuous development of new information system concepts and technologies. Nonetheless, this new reality requires special attention on particular aspects of the IoT such as security and mobility. First, people and companies want to secure their assets/data using firewalls, which inevitably leads to a challenging conflict between data security and usability. Second, products are becoming increasingly mobile, operating in environments where it can be difficult to contact them directly using their IP address (e.g., due to the presence of NAT or to access restrictions). It might therefore be necessary in some IoT applications to enable two-way communications through any type of firewall, e.g. to enable real-time control and maintenance. Quantum Lifecycle Management (QLM) messaging standards have been designed to provide generic and standardized application-level interfaces for the IoT that make it possible, among other things, to achieve such two-way communication. This paper provides a high-level description of QLM messaging standards with a particular focus on this QLM feature, along with proofs-of-concept through real-life implementations in building and automotive domains.

2021

Certain commercial entities, equipment, products, or materials may be identified by name or company logo or other insignia in order to acknowledge their participation in this collaboration or to describe an experimental procedure or concept adequately. Such identification is not intended to imply special status or relationship with NIST or recommendation or endorsement by NIST or NCCoE; neither is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.

Proceedings of the 2018 Workshop on IoT Security and Privacy, 2018

The IETF's push towards standardizing the Manufacturer Usage Description (MUD) grammar and mechanism for specifying IoT device behavior is gaining increasing interest from industry. The ability to control inappropriate communication between devices in the form of access control lists (ACLs) is expected to limit the attack surface on IoT devices; however, little is known about how MUD policies will get enforced in operational networks, and how they will interact with current and future intrusion detection systems (IDS). We believe this paper is the first attempt to translate MUD policies into flow rules that can be enforced using SDN, and in relating exception behavior to attacks that can be detected via off-the-shelf IDS. Our first contribution develops and implements a system that translates MUD policies to flow rules that are proactively configured into network switches, as well as reactively inserted based on run-time bindings of DNS. We use traces of 28 consumer IoT devices taken over several months to evaluate the performance of our system in terms of switch flow-table size and fraction of exception traffic that needs software inspection. Our second contribution identifies the limitations of flow-rules derived from MUD in protecting IoT devices from internal and external network attacks, and we show how our system is able to detect such volumetric attacks (including port scanning, TCP/UDP/ICMP flooding, ARP spoofing, and TCP/SSDP/SNMP reflection) by sending only a very small fraction of exception packets to off-the-shelf IDS.

International Conference on High Performance Computing and Simulation, 2018

Service level agreement (SLA) in IoT involve many providers within the same architectural layer or between different architectural layers. For example, sensors that collect a patient's data are supplied by an actor that is different from the actor that provides a networking service in order to feed data to an IoT application, which in turn is provided by another actor. An actor is any participant in delivering an IoT application/service: it might be software, hardware or a human being. Each actor has responsibilities, abilities and requirements. To create an SLA, these different actors need to be considered, ensuring that each actor involved is delivering the required job within a certain level of Quality of Service (QoS), as well as receiving its requests within its QoS constraints. Therefore, this kind of dependability needs to be reflected and captured, and currently available SLA specification languages do not reflect this need. Several key challenges need to be considered to enable a shift from previous SLA specification languages to an SLA specification language for IoT applications. One of the challenges is the multi-layer nature of IoT Applications. Therefore, in this demo, we demonstrate a toolkit for creating SLA specifications for IoT applications. The toolkit is used to simplify the process of capturing the requirements of IoT applications. We present a demonstration of the toolkit using a Remote Health Monitoring Service (RHMS) use-case. The toolkit supports the following: (1) specifying the Service-Level Objectives (SLO) of an IoT application at the application level; (2) specifying the workflow activities of the IoT application; (3) mapping each activity to the required software and hardware resources and specifying the constraints of SLOs and other configuration-related metrics of the required hardware and software; and (4) creating the composed SLA in JSON format.

2019

Manufacturer Usage Description (MUD) is a proposed IETF standard enabling local area networks (LAN) to automatically configure their access control when adding a new IoT device based on the recommendations provided for that device by the manufacturer. MUD has been proposed as an isolation-based defensive mechanism with a focus on devices in the home, where there is no dedicated network administrator. In this paper, we describe the efficacy of MUD for a generic IoT device under different threat scenarios in the context of the Fog. We propose a method to use rate limiting to prevent end devices from participating in denial of service attacks (DDoS), including against the Fog itself. We illustrate our assumptions by providing a possible real world example and describe the benefits for MUD in the Fog for various stakeholders.

IEEE Access

Defining the intended behaviour of IoT devices is considered as a key aspect to detect and mitigate potential security attacks. In this direction, the Manufacturer Usage Description (MUD) has been recently standardised to reduce the attack surface of a certain device through the definition of access control policies. However, the semantic model is only intended to provide network level restrictions for the communication of such device. In order to increase the expressiveness of this approach, we propose the use of an automated IoT security testing methodology, so that testing results are used to generate augmented MUD profiles, in which additional security aspects are considered. For the enforcement of these profiles, we propose the use of different access control technologies addressing application layer security concerns. Furthermore, the methodology is based on the use of Model-Based Testing (MBT) techniques to automate the generation, design and implementation of security tests. Then, we describe the application of the resulting approach to the Elliptic Curve Diffie-Hellman over COSE (EDHOC) protocol, which represents a standardisation effort to build a lightweight authenticated key exchange protocol for IoT constrained scenarios.

Applied Sciences

The fourth industrial revolution is being mainly driven by the integration of Internet of Things (IoT) technologies to support the development lifecycle of systems and products. Despite the well-known advantages for the industry, an increasingly pervasive industrial ecosystem could make such devices an attractive target for potential attackers. Recently, the Manufacturer Usage Description (MUD) standard enables manufacturers to specify the intended use of their devices, thereby restricting the attack surface of a certain system. In this direction, we propose a mechanism to manage securely the obtaining and enforcement of MUD policies through the use of a Software-Defined Network (SDN) architecture. We analyze the applicability and advantages of the use of MUD in industrial environments based on our proposed solution, and provide an exhaustive performance evaluation of the required processes.

IEEE Wireless Communications, 2019

Journal of Sensor and Actuator Networks, 2013

Smart embedded objects will become an important part of what is called the Internet of Things. However, the integration of embedded devices into the Internet introduces several challenges, since many of the existing Internet technologies and protocols were not designed for this class of devices. In the past few years, there have been many efforts to enable the extension of Internet technologies to constrained devices. Initially, this resulted in proprietary protocols and architectures. Later, the integration of constrained devices into the Internet was embraced by IETF, moving towards standardized IP-based protocols. In this paper, we will briefly review the history of integrating constrained devices into the Internet, followed by an extensive overview of IETF standardization work in the 6LoWPAN, ROLL and CoRE working groups. This is complemented with a broad overview of related research results that illustrate how this work can be extended or used to tackle other problems and with a discussion on open issues and challenges. As such the aim of this paper is twofold: apart from giving readers solid insights in IETF standardization work on the Internet of Things, it also aims to encourage readers to further explore the world of Internet-connected objects, pointing to future research opportunities. OPEN ACCESS J. Sens. Actuator Netw. 2013, 2 236 239

IEEE Access

Distributed Denial of Service (DDoS) attacks have caused significant disruptions in the operations of Internet-based services. These DDoS attacks use large scale botnets, which often exploit millions of compromised Internet of Things (IoT) devices worldwide. IoT devices are traditionally less secure and are easy to be exploited. The extent of these exploitations has increased after the publication of the Mirai botnet source code on GitHub that provided a foundation for the attackers to develop and launch Mirai botnet variants. The Internet Engineering Task Force (IETF) proposed RFC 8520 Manufacturer Usage Description (MUD) so that an IoT device can convey to the network the level of network access it requires to accomplish its standard functionality. Though MUD is a promising effort, there is a need to evaluate its effectiveness, identify its limitations, and enhance its architecture to overcome its weakness and improve its efficiency. The latest Mirai variant malware is exploiting vulnerabilities of Internet of Things devices. As MUD does not consider identifying and patching vulnerabilities present in the device before the issuance of the MUD profile, a device can be compromised even in the presence of the Manufacturer Usage Description profile by exploiting either the configuration vulnerabilities or firmware vulnerabilities present in the device. This paper presents an evaluation study of the Manufacturer Usage Description (MUD), identifies its weaknesses, and proposed enhancements in its architecture. This research proposed a mechanism for identifying and eliminating the configuration vulnerabilities before creating the MUD profile for a device to minimize the attack surface. This research adopts the OWASP firmware testing methodology for discovering vulnerabilities in the firmware of WiFi home routers. The device is allowed to request the MUD profile only if the identified firmware vulnerabilities are low. The identified firmware vulnerabilities are patched in case the score of the identified firmware vulnerabilities is moderate or high. The device is allowed to request the MUD profile after the vulnerabilities are patched. The firmware vulnerabilities are shared with other peers using blockchain smart contracts. There is a possibility that the MUD URL might be pointing to a corrupted or malicious MUD profile hosted at the attacker file server due to the absence of an authentication mechanism in the MUD process. This research also proposed an authentication mechanism for device MUD profile, MUD file generator, and MUD file server. Implementation results show that proposed enhancements improve the security services provided by the Manufacturer Usage Description (MUD).