DeepAI AI Chat
Log In Sign Up

NFV-based IoT Security for Home Networks using MUD

11/01/2019
by   Yehuda Afek, et al.
0

A new scalable ISP level system architecture to secure and protect all IoT devices in a large number of homes is presented. The system is based on whitelisting, as in the Manufacturer Usage Description (MUD) framework, implemented as a VNF. Unlike common MUD suggestions that place the whitelist application at the home/enterprise network, our approach is to place the enforcement upstream at the provider network, combining an NFV (Network Function Virtualization) with router/switching filtering capabilities, e.g., ACLs. The VNF monitors many home networks simultaneously, and therefore, is a highly-scalable managed service solution that provides both the end customers and the ISP with excellent visibility and security of the IoT devices at the customer premises. The system includes a mechanism to distinguish between flows of different devices at the ISP level despite the fact that most home networks (and their IoT devices) are behind a NAT and all the flows from the same home come out with the same source IP address. Moreover, the NFV system needs to receive only the first packet of each connection at the VNF, and rules space is proportional to the number of unique types of IoT devices rather than the number of IoT devices. The monitoring part of the solution is off the critical path and can also uniquely protect from incoming DDoS attacks. To cope with internal traffic, that is not visible outside the customer premise and often consists of P2P communication, we suggest a hybrid approach, where we deploy a lightweight component at the CPE, whose sole purpose is to monitor P2P communication. As current MUD solution does not provide a secure solution to P2P communication, we also extend the MUD protocol to deal also with peer-to-peer communicating devices. A PoC with a large national level ISP proves that our technology works as expected.

READ FULL TEXT

page 2

page 3

page 4

page 5

page 6

page 7

page 8

page 9

10/30/2019

Two Phase Authentication and VPN Based Secured Communication for IoT Home Networks

With the advancement of technology, devices, which are considered non-tr...
12/17/2022

IoT Device Identification Based on Network Traffic Characteristics

IoT device identification plays an important role in monitoring and impr...
03/26/2022

Human-centred home network security

This chapter draws from across the foregoing chapters discussing many co...
11/22/2017

A novel JXTA-based architecture for implementing heterogenous Networks of Things

This paper presents EmbJXTAChord, a novel peer-to-peer (P2P) architectur...
12/30/2018

The Device War - The War Between IOT Brands In A Household

Users buy compatible IOT devices from different brands with an expectati...
12/03/2022

It Is Not Where You Are, It Is Where You Are Registered: IoT Location Impact

This paper investigates how and with whom IoT devices communicate and ho...
02/14/2018

ICN enabling CoAP Extensions for IP based IoT devices

The Constrained Application Protocol (CoAP) and its extensions, such as ...