Fingerprinting Edge and Cloud Services in IoT

Kim, DongInn; Andalibi, Vafa; Camp, L. Jean

doi:10.1109/sadfe51007.2020.00011

Cited by 3 publications

(1 citation statement)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One of the well-known attacks Man in The Middle (MiTM) is an attack common to the IoT devices as they are connected with the remote services on the cloud and can be compromised. To defend against this kind of attack the research proposes a Black Pi [135] a local agent that resides on the IoT device, that detects the malicious and mutated connections from the network using the history and the list from the blacklisted databases. However, it shows that using the MUD along with the BlackPi will be a better solution to secure the IoT devices from external attacks.…”

Section: ) Mud and Embedded Solutionsmentioning

confidence: 99%

Role of Device Identification and Manufacturer Usage Description in IoT Security: A Survey

et al. 2021

View full text Add to dashboard Cite

This paper presents an overview of device identification techniques and the Manufacturer Usage Description (MUD) standard used for the Internet of things to reduce the IoT attack surface. The ongoing diversity and the sheer increase in the number of connected IoT devices have crumpled security efforts. There is a need to reconsider and redesign the underlying concept of developing security systems to resolve IoT security challenges. In this backdrop, device profiling and identification have emerged as an exciting technique that helps to reduce IoT device attack surface. One of the known approaches for device identification is to fingerprint a device. There are many ways to fingerprint the device, mostly using device network flows or device local attributes. The device identification ensures the authenticity of the device attached to the network, like user authentication. Since IoT devices mostly work using machine-to-machine (M2M) communication, this requires identifying each device properly. But there is no unified approach for device identification for the ever-growing world of IoT devices and applications. One of the major steps forward in this direction is the development of the Manufacturer Usage Description (MUD) standard that defines the role of a device within the network. It limits the device to execute the primary task only, which will help to reduce the attack surface. Since the inception of MUD, many security frameworks use this standard for IoT security. However, there is a need to scrutinize the security frameworks based on the MUD, to find out the claimed effectiveness of the standard in IoT security. This paper initially identifies and classifies the potential vulnerabilities in IoT devices. Then, the study provides an overview of the research that focuses on device identification techniques and analyzes their role in IoT security. Finally, the research presents an overview of MUD technology, its implementation scenarios, the limitation of the latest MUD standard, and its applications in the industry. The prime aim of this work is to examine the MUD benefits in IoT security along with the weaknesses and challenges while implementing this standard along with future directions. INDEX TERMSManufacturer usage description (MUD), Internet of Things (IoT), device identification (DI), software defined network (SDN), machine learning (ML), deep learning (DL). NOMAN MAZHAR received the B.E. degree in software engineering and the M.S. degree in information technology from the

show abstract

Section: ) Mud and Embedded Solutionsmentioning

confidence: 99%