NFV-based IoT Security for Home Networks using MUD

Yehuda Afek, Anat Bremler-Barr, David Hay, Ran Goldschmidt, Lior Shafir, Gafnit Avraham, Avraham Shalev

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

17 Scopus citations

Abstract

We present a new system to protect IoT devices in multiple premises by a single Virtual Network Function (VNF) deployed in the ISP network. The system is based on the Manufacturer Usage Description (MUD) framework, a white-list IoT protection scheme that has been proposed in recent years.While MUD is designed for on-premise deployment, here we adapt it to work as a scalable, managed service in the ISP level. Our service does not require any cooperation or installation on the client premise or on the IoT devices themselves. Furthermore, it monitors the IoT traffic and detects malicious behavior, including outgoing DDoS traffic, without being on the critical path, and it filters bad traffic by ACLs on either the POP router or the client CPE. The CPE itself is considered an IoT device and traffic destined or that originates at the CPE is monitored as well. For the white-list method we extend the MUD architectural framework to support peer to peer communicating IoT devices (e.g., direct mobile device to IoT device communication).The system includes a mechanism to distinguish between flows of different devices at the ISP level despite the fact that most home networks (and their IoT devices) are behind a NAT and all the flows from the same home come out with the same source IP address. Moreover, the NFV system needs to receive only the first packet of each flow/connection at the VNF, and rules space is proportional to the number of unique types of IoT devices rather than the total number of IoT devices (which is much larger).A PoC with a large national level ISP proves that our technology works as expected, identifying the various IoT devices that are connected to the network and detecting any unauthorized communications.

Original languageEnglish
Title of host publicationProceedings of IEEE/IFIP Network Operations and Management Symposium 2020
Subtitle of host publicationManagement in the Age of Softwarization and Artificial Intelligence, NOMS 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728149738
DOIs
StatePublished - Apr 2020
Event2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020 - Budapest, Hungary
Duration: 20 Apr 202024 Apr 2020

Publication series

NameProceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020

Conference

Conference2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020
Country/TerritoryHungary
CityBudapest
Period20/04/2024/04/20

Bibliographical note

Publisher Copyright:
© 2020 IEEE.

Fingerprint

Dive into the research topics of 'NFV-based IoT Security for Home Networks using MUD'. Together they form a unique fingerprint.

Cite this