Detecting Volumetric Attacks on loT Devices via SDN-Based Monitoring of MUD Activity

Hamza, Ayyoob; Gharakheili, Hassan Habibi; Benson, Theophilus; Sivaraman, Vijay

doi:10.1145/3314148.3314352

Cited by 145 publications

(104 citation statements)

References 34 publications

Supporting

Mentioning

104

Contrasting

Order By: Relevance

“…The use of MUD as an isolation-based defensive mechanism to restrict traic generated from IoT devices is still in its early phase. Therefore, only a few deployment scenarios and proof-of-concept (PoC) implementations currently exist [1,2,10,11,19,28]. To the best of our knowledge, no work has considered the deployment of FL in MUD-compliant networks.…”

Section: Background and Related Workmentioning

confidence: 99%

“…To reduce the attack surface in IoT, the Internet Engineering Task Force (IETF) has ratiied a standard for IoT device manufacturers to provide a Manufacturer Usage Description (MUD) with their IoT devices [14]. The MUD standard restricts and limits traic end-points and rates in and out of IoT devices, thus limiting the attack surface and enabling identiication of volumetric and man-in-the-middle attacks [11,27]. Deployment of FL in MUD-compliant networks thus not only meets necessary security requirements but also provides a practical solution for limiting the attack surface.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

CoLearn

Feraudo

Yadav

Safronov

et al. 2020

Proceedings of the Third ACM International Workshop on Edge Systems, Analytics and Networking

View full text Add to dashboard Cite

Edge computing and Federated Learning (FL) can work in tandem to address issues related to privacy and collaborative distributed learning in untrusted IoT environments. However, deployment of FL in resource-constrained IoT devices faces challenges including asynchronous participation of such devices in training, and the need to prevent malicious devices from participating. To address these challenges we present CoLearn, which build on the open-source Manufacturer Usage Description (MUD) implementation osMUD and the FL framework PySyft. We deploy CoLearn on resourceconstrained devices in a lab environment to demonstrate (i) an asynchronous participation mechanism for IoT devices in machine learning model training using a publish/subscribe architecture, (ii) a mechanism for reducing the attack surface in FL architecture by allowing only IoT MUD-compliant devices to participate in the training phases, and (iii) a trade-of between communication bandwidth usage, training time and device temperature (thermal fatigue). CCS CONCEPTS • Networks → Network algorithms; Network experimentation; Network privacy and anonymity; • Computer systems organization → Embedded and cyber-physical systems; • Computing methodologies → Neural networks; Machine learning.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

CoLearn

Feraudo

Yadav

Safronov

et al. 2020

Proceedings of the Third ACM International Workshop on Edge Systems, Analytics and Networking

View full text Add to dashboard Cite

show abstract

“…These rules are proactively configured into network switches and used to detect attacks by using an Intrusion Detection System (IDS). The same authors use an SDN-based approach to monitor the compliance of a device's behavior with the corresponding MUD profile [24]. Toward this end, they develop an anomaly detection mechanism to identify potential attacks, such as DoS and Address Resolution Protocol (ARP) spoofing.…”

Section: Related Workmentioning

confidence: 99%

Enforcing Behavioral Profiles through Software-Defined Networks in the Industrial Internet of Things

et al. 2019

View full text Add to dashboard Cite

The fourth industrial revolution is being mainly driven by the integration of Internet of Things (IoT) technologies to support the development lifecycle of systems and products. Despite the well-known advantages for the industry, an increasingly pervasive industrial ecosystem could make such devices an attractive target for potential attackers. Recently, the Manufacturer Usage Description (MUD) standard enables manufacturers to specify the intended use of their devices, thereby restricting the attack surface of a certain system. In this direction, we propose a mechanism to manage securely the obtaining and enforcement of MUD policies through the use of a Software-Defined Network (SDN) architecture. We analyze the applicability and advantages of the use of MUD in industrial environments based on our proposed solution, and provide an exhaustive performance evaluation of the required processes.

show abstract

“…MUD standard has attracted the attention of different Standards Developing Organization (SDOs), such as the National Institute Standards and Technology (NIST) in U.S. [3,4] that has proposed the creation of a vulnerability behavior database based on this standard (https://www.nist.gov/itl/applied-cybersecurity/nist-initiatives-iot). One of the strong points of the MUD standard is the potential integration with the Software-Defined Networking (SDN) paradigm for the automated and dynamic enforcement of the restrictions included in a MUD profile as discussed by Hamza et al [5] and Ranganathan [6] by using OpenFlow [7].…”

Section: Introductionmentioning

confidence: 99%

Security Architecture for Defining and Enforcing Security Profiles in DLT/SDN-Based IoT Systems

Matheu

Robles-Enciso

Zarca

et al. 2020

Sensors

View full text Add to dashboard Cite

Despite the advantages that the Internet of Things (IoT) will bring to our daily life, the increasing interconnectivity, as well as the amount and sensitivity of data, make IoT devices an attractive target for attackers. To address this issue, the recent Manufacturer Usage Description (MUD) standard has been proposed to describe network access control policies in the manufacturing phase to protect the device during its operation by restricting its communications. In this paper, we define an architecture and process to obtain and enforce the MUD restrictions during the bootstrapping of a device. Furthermore, we extend the MUD model with a flexible policy language to express additional aspects, such as data privacy, channel protection, and resource authorization. For the enforcement of such enriched behavioral profiles, we make use of Software Defined Networking (SDN) techniques, as well as an attribute-based access control approach by using authorization credentials and encryption techniques. These techniques are used to protect devices’ data, which are shared through a blockchain platform. The resulting approach was implemented and evaluated in a real scenario, and is intended to reduce the attack surface of IoT deployments by restricting devices’ communication before they join a certain network.

show abstract

Detecting Volumetric Attacks on loT Devices via SDN-Based Monitoring of MUD Activity

Cited by 145 publications

References 34 publications

CoLearn

CoLearn

Enforcing Behavioral Profiles through Software-Defined Networks in the Industrial Internet of Things

Security Architecture for Defining and Enforcing Security Profiles in DLT/SDN-Based IoT Systems

Contact Info

Product

Resources

About