NFV-based IoT Security for Home Networks using MUD

ArXiv, 2020

Due to the advancement of IoT devices in both domestic and industrial environments, the need to incorporate a mechanism to build accountability in the IoT ecosystem is paramount. In the last few years, various initiatives have been started in this direction addressing many socio-technical concerns and challenges to build an accountable system. The solution that has received a lot of attention in both industry and academia is the Manufacturer Usage Description (MUD) specification. It gives the possibility to the IoT device manufacturers to describe communications needed by each device to work properly. MUD implementation is challenging not only due to the diversity of IoT devices and manufacturer/operator/regulators but also due to the incremental integration of MUD-based flow control in the already existing Internet infrastructure. To provide a better understanding of these challenges, in this work, we explore and investigate the prototypes of three implementations proposed by diffe...

Signal, Image Processing and Embedded Systems Trends

The Internet of Things (IoT) mainly consists of devices with limited processing capabilities and memory. Therefore, these devices could be easily infected with malicious code and can be used as botnets. In this regard, we propose a framework to detect and prevent botnet activities in an IoT network. We first describe the working mechanism of how an attacker infects an IoT device and then spreads the infection to the entire network. Secondly, we propose a set of mechanisms consisting of detection, identifying the abnormal traffic generated from IoT devices using filtering and screening mechanisms, and publishing the abnormal traffic patterns to the rest of the home routers on the network. Further, the proposed approach is lightweight and requires fewer computing capabilities for installation on home routers. In the future, we will test the proposed system on real hardware, and the results will be presented to identify the abnormal traffic generated by malicious IoT devices.

2017 IEEE Conference on Standards for Communications and Networking (CSCN)

Nowadays the adoption of IoT solutions is gaining high momentum in several fields, including energy, home and environment monitoring, transportation, and manufacturing. However, cybersecurity attacks to low-cost end-user devices can severely undermine the expected deployment of IoT solutions in a broad range of scenarios. To face these challenges, emerging software-based networking features can introduce new security enablers, providing further scalability and flexibility required to cope with massive IoT. In this paper, we present a novel framework aiming to exploit SDN/NFV-based security features and devise new efficient integration with existing IoT security approaches. The potential benefits of the proposed framework is validated in two case studies. Finally, a feasibility study is presented, accounting for potential interactions with open-source SDN/NFV projects and relevant standardization activities.

2018

Modern home and corporate networks are interconnecting many different devices types other than personal computers and printers. It is pretty common to have surveillance cameras or thermometers and control them through cloud-based services. Security-wise this practice can create potential threats when connected devices are not kept updated or if they can freely access the network. This paper describes a novel approach to monitoring and enforcing network policies that takes advantage of techniques such as network discovery and device behaviour fingerprinting, to define per-device/user network policies and enforcing them at the network edge before unwanted traffic enters or leaves the monitored network perimeter.

WSEAS TRANSACTIONS ON COMMUNICATIONS

The current IP and other networks such as Power Smart Grids are fast evolving, thus resulting in diverse connectivity methodologies. This has led to the emergence of "the Internet of Things” (IoT) methodologywhose goal is to transform the current IP and related networks to Device-to-Device (D-2-D) basis. It will seamlessly interconnect the globe via intelligent devices and sensors of varying types, this resulting in voluminousgeneration and exchange of data in excess of 20 billion Internet-connected objects and sensors (things) by 2022.The resultant structure will benefit mankind by helping us make tough decisions as well as be provisioned ofbeneficial services. In this paper, we overview both IoT enabled network architecture as well as security forassociated objects and devices. We commence with a description of a generalized IoT enabled network's security architecture as well as how the various elements constituting them interact. We then describe an approachthat allows t...

IEEE Access

Distributed Denial of Service (DDoS) attacks have caused significant disruptions in the operations of Internet-based services. These DDoS attacks use large scale botnets, which often exploit millions of compromised Internet of Things (IoT) devices worldwide. IoT devices are traditionally less secure and are easy to be exploited. The extent of these exploitations has increased after the publication of the Mirai botnet source code on GitHub that provided a foundation for the attackers to develop and launch Mirai botnet variants. The Internet Engineering Task Force (IETF) proposed RFC 8520 Manufacturer Usage Description (MUD) so that an IoT device can convey to the network the level of network access it requires to accomplish its standard functionality. Though MUD is a promising effort, there is a need to evaluate its effectiveness, identify its limitations, and enhance its architecture to overcome its weakness and improve its efficiency. The latest Mirai variant malware is exploiting vulnerabilities of Internet of Things devices. As MUD does not consider identifying and patching vulnerabilities present in the device before the issuance of the MUD profile, a device can be compromised even in the presence of the Manufacturer Usage Description profile by exploiting either the configuration vulnerabilities or firmware vulnerabilities present in the device. This paper presents an evaluation study of the Manufacturer Usage Description (MUD), identifies its weaknesses, and proposed enhancements in its architecture. This research proposed a mechanism for identifying and eliminating the configuration vulnerabilities before creating the MUD profile for a device to minimize the attack surface. This research adopts the OWASP firmware testing methodology for discovering vulnerabilities in the firmware of WiFi home routers. The device is allowed to request the MUD profile only if the identified firmware vulnerabilities are low. The identified firmware vulnerabilities are patched in case the score of the identified firmware vulnerabilities is moderate or high. The device is allowed to request the MUD profile after the vulnerabilities are patched. The firmware vulnerabilities are shared with other peers using blockchain smart contracts. There is a possibility that the MUD URL might be pointing to a corrupted or malicious MUD profile hosted at the attacker file server due to the absence of an authentication mechanism in the MUD process. This research also proposed an authentication mechanism for device MUD profile, MUD file generator, and MUD file server. Implementation results show that proposed enhancements improve the security services provided by the Manufacturer Usage Description (MUD).

2021

IoT devices are already in the process of becoming an essential part of our everyday lives. These devices specialize in performing a single operation efficiently. To maintain the privacy of user data, securing communication with these devices is essential. The plug-pair-play (P3) connection model uses the ZIP (zero interaction pairing) technique to set up a secured key for every pair of user and device so that the user doesn't have to remember a complicated password. The command execution model provides an authentication mechanism for every transaction. Routing the transactions through the gateway allows for auditing, providing a zero-trust environment. The zero-trust (ZT) model described in this paper addresses confidentiality, integrity, and authentication triad of cybersecurity while ensuring that the interactions with these devices are seamless. The architecture described in this article makes security a backbone. The model described in this paper provides an end-to-end framework to secure the communication with these smart devices in a cloud-based architecture respecting the resource limitation of these devices. A novel simplified framework to secure IoT communication.

2020

As domestic Internet of Things (DIoT) devices become more popular, the number of devices connected to the Internet increases. It may also represent a risk to the end-user’s security and privacy. The infected devices can be used in DIoT botnets affecting the Internet’s stability. Although there are efforts to enhance IoT security, such as RFC 8520, there still needs for improvements in the DIoT context. To ensure DIoT security, this paper proposes INXU, an extension of RFC 8520 that enables blocking traffic related to well-known malicious activities. INXU introduces the concept of Malicious Traffic Description, a data model to describe traffic related to malicious activities, and enables Security Operation Centers to protect domestic networks.

2016 IEEE Global Communications Conference (GLOBECOM), 2016

Future Internet of Things (IoT) will connect to the Internet billions of heterogeneous smart devices with the capacity of interacting with the environment. Therefore, the proposed solutions from an IoT networking perspective must take into account the scalability of IoT nodes as well as the operational cost of deploying the networking infrastructure. This will generate a huge volume of data, which poses a tremendous challenge both from the transport, and processing of information point of view. Moreover, security issues appear, due to the fact that untrusted IoT devices are interconnected towards the aggregation networks. In this paper, we propose the usage of a Software-Defined Networking (SDN) framework for introducing security in IoT gateways. An experimental validation of the framework is proposed, resulting in the enforcement of network security at the network edge.

Future Internet

The Internet of Things (IoT) is a recent trend that extends the boundary of the Internet to include a wide variety of computing devices. Connecting many stand-alone IoT systems through the Internet introduces many challenges, with security being front-and-center since much of the collected information will be exposed to a wide and often unknown audience. Unfortunately, due to the intrinsic capability limits of low-end IoT devices, which account for a majority of the IoT end hosts, many traditional security methods cannot be applied to secure IoT systems, which open a door for attacks and exploits directed both against IoT services and the broader Internet. This paper addresses this issue by introducing a unified IoT framework based on the MobilityFirst future Internet architecture that explicitly focuses on supporting security for the IoT. Our design integrates local IoT systems into the global Internet without losing usability, interoperability and security protection. Specifically, we introduced an IoT middleware layer that connects heterogeneous hardware in local IoT systems to the global MobilityFirst network. We propose an IoT name resolution service (IoT-NRS) as a core component of the middleware layer, and develop a lightweight keying protocol that establishes trust between an IoT device and the IoT-NRS.