eMUD: Enhanced Manufacturer Usage Description for IoT Botnets Prevention on Home WiFi Routers

Sajjad, Syed Muhammad; Yousaf, Muhammad; Afzal, Humaira; Mufti, Muhammad Rafiq

doi:10.1109/access.2020.3022272

Cited by 24 publications

(16 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…MUD is unable to identify the vulnerabilities and bugs in the device firmware before it requests the MUD profile. However, there are some advancements on the MUD [163], that only allowing the device to request a MUD profile when the vulnerability factor of the device is below a certain threshold. Also, it presents an authentication mechanism for MUD profiles for secure and reliable communication of device profiles.…”

Section: A Unable To Detect Firmware Vulnerabilitymentioning

confidence: 99%

Role of Device Identification and Manufacturer Usage Description in IoT Security: A Survey

et al. 2021

View full text Add to dashboard Cite

This paper presents an overview of device identification techniques and the Manufacturer Usage Description (MUD) standard used for the Internet of things to reduce the IoT attack surface. The ongoing diversity and the sheer increase in the number of connected IoT devices have crumpled security efforts. There is a need to reconsider and redesign the underlying concept of developing security systems to resolve IoT security challenges. In this backdrop, device profiling and identification have emerged as an exciting technique that helps to reduce IoT device attack surface. One of the known approaches for device identification is to fingerprint a device. There are many ways to fingerprint the device, mostly using device network flows or device local attributes. The device identification ensures the authenticity of the device attached to the network, like user authentication. Since IoT devices mostly work using machine-to-machine (M2M) communication, this requires identifying each device properly. But there is no unified approach for device identification for the ever-growing world of IoT devices and applications. One of the major steps forward in this direction is the development of the Manufacturer Usage Description (MUD) standard that defines the role of a device within the network. It limits the device to execute the primary task only, which will help to reduce the attack surface. Since the inception of MUD, many security frameworks use this standard for IoT security. However, there is a need to scrutinize the security frameworks based on the MUD, to find out the claimed effectiveness of the standard in IoT security. This paper initially identifies and classifies the potential vulnerabilities in IoT devices. Then, the study provides an overview of the research that focuses on device identification techniques and analyzes their role in IoT security. Finally, the research presents an overview of MUD technology, its implementation scenarios, the limitation of the latest MUD standard, and its applications in the industry. The prime aim of this work is to examine the MUD benefits in IoT security along with the weaknesses and challenges while implementing this standard along with future directions. INDEX TERMSManufacturer usage description (MUD), Internet of Things (IoT), device identification (DI), software defined network (SDN), machine learning (ML), deep learning (DL). NOMAN MAZHAR received the B.E. degree in software engineering and the M.S. degree in information technology from the

show abstract

Section: A Unable To Detect Firmware Vulnerabilitymentioning

confidence: 99%

Role of Device Identification and Manufacturer Usage Description in IoT Security: A Survey

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Furthermore, [32] uses the same tool to create a botnet detection and mitigation system. The authors of [33] also employ MUD Maker to generate MUD files associated to devices that are submitted to a vulnerability assessment process before getting network access. Furthermore, [21] uses this tool as an example to show how MUD restrictions in a network could be modified to mitigate privacy concerns.…”

Section: A Mud Profiles Generationmentioning

confidence: 99%

“…Content may change prior to final publication. [33] (MUD Maker) [34] (MUDgee) [36] (MUDgee) [37] (MUDgee) [38] (MUDgee) [39] (MUDgee) [21] (MUD Maker) [40] (MUDgee) [41] (MUDgee) [20] (security testing results [55]) [44] (devices' changing behavior in smart buildings) [32] (MUD Maker) [19] (Medium-level Security Policy Language (MSPL) [45]) [47] (QoS parameters) [42] (MUDgee) [48] (human usage aspects) [49] (physical layer parameters and flow statistics) [52] (devices' fingerprinting data) [30] (MUD Maker) [42] (MUDgee) behavioral profiles for connected devices. These aspects are further discussed in Section V.…”

Section: A Mud Profiles Generationmentioning

confidence: 99%

“…A similar approach is also proposed by [60], where MUD Manager's functionality is integrated into fog nodes [61]. In the case of [33], the device's certificate is generated before the MUD profile is created for that device. Furthermore, [62] proposes a certificate-based approach by using a Bootstrapping Remote Secure Key Infrastructure (BRSKI) [63] and AAA for obtaining MUD files through the manufacturer.…”

Section: B Mud Profiles Obtainingmentioning

confidence: 99%

“…Similarly, [71] presents a deployment scenario for MUD files that are directly deployed on a local router as part of a home network scenario. Also in a similar home setting, [33] proposes an extended MUD architecture based on blockchain technology to obtain vulnerabilities associated with devices on a certain network. In the case of devices getting over a vulnerability assessment process, MUD restrictions are obtained and enforced in routers deployed throughout the network.…”

Section: Mud Profiles Enforcementmentioning

confidence: 99%

See 2 more Smart Citations

Defining the Behavior of IoT Devices Through the MUD Standard: Review, Challenges, and Research Directions

et al. 2021

View full text Add to dashboard Cite

With the strong development of the Internet of Things (IoT), the definition of IoT devices' intended behavior is key for an effective detection of potential cybersecurity attacks and threats in an increasingly connected environment. In 2019, the Manufacturer Usage Description (MUD) was standardized within the IETF as a data model and architecture for defining, obtaining and deploying MUD files, which describe the network behavioral profiles of IoT devices. While it has attracted a strong interest from academia, industry, and Standards Developing Organizations (SDOs), MUD is not yet widely deployed in real-world scenarios. In this work, we analyze the current research landscape around this standard, and describe some of the main challenges to be considered in the coming years to foster its adoption and deployment. Based on the literature analysis and our own experience in this area, we further describe potential research directions exploiting the MUD standard to encourage the development of secure IoTenabled scenarios.

show abstract

Customized convolutional neural network model for IoT botnet attack detection

Bojarajulu,

Tanwar

2024

SIViP

View full text Add to dashboard Cite

eMUD: Enhanced Manufacturer Usage Description for IoT Botnets Prevention on Home WiFi Routers

Cited by 24 publications

References 23 publications

Role of Device Identification and Manufacturer Usage Description in IoT Security: A Survey

Role of Device Identification and Manufacturer Usage Description in IoT Security: A Survey

Defining the Behavior of IoT Devices Through the MUD Standard: Review, Challenges, and Research Directions

Customized convolutional neural network model for IoT botnet attack detection

Contact Info

Product

Resources

About