Abstract
Manufacturer Usage Description (MUD) is a new, whitelist-based cybersecurity standard that was recently proposed by the IETF to cope with the huge attack surface and a constantly increasing number of IoT devices connected to the Internet. MUD allows the IoT manufacturers themselves to publish the legitimate communication patterns of their devices, making it easier for security devices to enforce this policy, filter out non-complying traffic, and block a device in case it has been compromised. Typically, MUD includes a set of legitimate endpoints, specified either by domain names or by IP addresses, along with the legitimate port numbers and protocols. While these descriptions are adequate when IoT devices connect (as clients) to servers (e.g., services in the cloud), they cannot adequately describe the cases where IoT devices act as servers to which endpoints connect. These endpoints (e.g., users' mobile devices) typically do not have fixed IP addresses, nor do they associate with a domain name. In this case, accounting for 78 % of IoT devices we have surveyed, MUD degrades nowadays to allow all possible endpoints and cannot mitigate any attack. In this work, we evaluate this phenomenon and show it has a high prevalence today, thus harming dramatically the MUD framework security efficiency. We then present a solution, MUDirect, which en-hances the MUD framework to deal with these cases while preserving the current MUD specification. Finally, we have implemented our solution (extending the existing osMUD implementation) and showed that it enables P2P IoT devices protection while having minimal changes to the osMUD code.
Original language | English |
---|---|
Title of host publication | Proceedings - IEEE Congress on Cybermatics |
Subtitle of host publication | 2021 IEEE International Conferences on Internet of Things, iThings 2021, IEEE Green Computing and Communications, GreenCom 2021, IEEE Cyber, Physical and Social Computing, CPSCom 2021 and IEEE Smart Data, SmartData 2021 |
Editors | James Zheng, Xiao Liu, Tom Hao Luan, Prem Prakash Jayaraman, Haipeng Dai, Karan Mitra, Kai Qin, Rajiv Ranjan, Sheng Wen |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 121-129 |
Number of pages | 9 |
ISBN (Electronic) | 9781665417624 |
DOIs | |
State | Published - 2021 |
Event | 2021 IEEE Congress on Cybermatics: 14th IEEE International Conferences on Internet of Things, iThings 2021, 17th IEEE International Conference on Green Computing and Communications, GreenCom 2021, 2021 IEEE International Conference on Cyber Physical and Social Computing, CPSCom 2021 and 7th IEEE International Conference on Smart Data, SmartData 2021 - Virtual, Melbourne, Australia Duration: 6 Dec 2021 → 8 Dec 2021 |
Publication series
Name | Proceedings - IEEE Congress on Cybermatics: 2021 IEEE International Conferences on Internet of Things, iThings 2021, IEEE Green Computing and Communications, GreenCom 2021, IEEE Cyber, Physical and Social Computing, CPSCom 2021 and IEEE Smart Data, SmartData 2021 |
---|
Conference
Conference | 2021 IEEE Congress on Cybermatics: 14th IEEE International Conferences on Internet of Things, iThings 2021, 17th IEEE International Conference on Green Computing and Communications, GreenCom 2021, 2021 IEEE International Conference on Cyber Physical and Social Computing, CPSCom 2021 and 7th IEEE International Conference on Smart Data, SmartData 2021 |
---|---|
Country/Territory | Australia |
City | Virtual, Melbourne |
Period | 6/12/21 → 8/12/21 |
Bibliographical note
Publisher Copyright:© 2021 IEEE.
Keywords
- Internet of Things (IoT)
- Manufacturer Usage Description (MUD)
- Peer-To-Peer (P2P)
- Security