Securing small-business and home internet of things (IoT) devices :

Dodson, Donna F.; Montgomery, Douglas C.; Polk, William T.; Ranganathan, M.; Souppaya, Murugiah; Johnson, Steve R.; Kadam, Ashwini; Pratt, Craig; Thakore, Darshak; Walker, Mark; Lear, Eliot; Weis, Brian; Barker, William; Coclin, Dean; Hojjati, Avesta; Wilson, Clint C.; Jones, Tim F.; Baykal, Adnan; Cohen, Drew; Yeich, Kevin; Fashina, Yemi; Grayeli, Parisa; Harrington, Joshua; Klosterman, Joshua; Mulugeta, Blaine; Symington, Susan; Singh, Jasdeep

doi:10.6028/nist.sp.1800-15

Cited by 11 publications

(9 citation statements)

References 1 publication

(4 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Enforcement of rules generated from the MUD file is outside the scope of this report, but several different approaches are described in the NCCoE preliminary draft Practice Guide, Special Publication 1800-15, Securing Small Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD) [7].…”

Section: Purpose and Scopementioning

confidence: 99%

Methodology for Characterizing Network Behavior of Internet of Things Devices

Watrobski¹,

Souppaya²,

Klosterman³

et al. 2022

Self Cite

View full text Add to dashboard Cite

There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST.Organizations are encouraged to review all draft publications during public comment periods and provide feedback to NIST. Many NIST cybersecurity publications, other than the ones noted above, are available at https://csrc.nist.gov/publications.

show abstract

Section: Purpose and Scopementioning

confidence: 99%

Methodology for Characterizing Network Behavior of Internet of Things Devices

Watrobski¹,

Souppaya²,

Klosterman³

et al. 2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…At the time of writing this paper, there are four main projects that implement the core of a MUD instantiation: the Cisco MUD-Manager [44], the Open Source MUD Manager [47], the MUD implementation of NIST [32], and CableLabs Micronets [31]. NIST has a special publication that thoroughly describes four different builds of MUD based on the above-mentioned implementations for mitigating network-based attacks [6].…”

Section: Related Workmentioning

confidence: 99%

“…We have chosen to focus on MUD because, in addition to being an IETF standard, MUD is also a core component of the National Institute of Standards and Technology (NIST) security for IoT Initiatives, particularly the thrust focused on stopping DDoS [6]. MUD can defend IoT devices in a home from other compromised ones in the household and on the network, with a specific goal of blocking the access of compromised devices to command and control channels.…”

Section: Introductionmentioning

confidence: 99%

On the Analysis of MUD-Files' Interactions, Conflicts, and Configuration Requirements Before Deployment

Andalibi¹,

Lear²,

Kim³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Manufacturer Usage Description (MUD) is an Internet Engineering Task Force (IETF) standard designed to protect IoT devices and networks by creating an out-of-the-box access control list for an IoT device. Access control list of each device is defined in its MUD-File and may contain possibly hundreds of access control rules. As a result, reading and validating these files is a challenge; and determining how multiple IoT devices interact is difficult for the developer and infeasible for the consumer. To address this we introduce the MUD-Visualizer to provide a visualization of any number of MUD-Files. MUD-Visualizer is designed to enable developers to produce correct MUD-Files by providing format correction, integrating them with other MUD-Files, and identifying conflicts through visualization. MUD-Visualizer is scalable and its core task is to merge and illustrate ACEs for multiple devices; both within and beyond the local area network. MUD-Visualizer is made publicly available and can be found in GitHub.

show abstract

“…In this direction, the use of MUD files could also help to reduce the users involvement when installing and deploying new IoT devices. The MUD standard is also strongly considered by the NIST in recent reports to mitigate network-based attacks in IoT [16].…”

Section: A Manufacturer Usage Description (Mud)mentioning

confidence: 99%

Toward a Blockchain-based Platform to Manage Cybersecurity Certification of IoT devices

Neisse

Hernández-Ramos

Matheu

et al. 2019

2019 IEEE Conference on Standards for Communications and Networking (CSCN)

View full text Add to dashboard Cite

The goal of this paper is to propose a blockchainbased platform to enhance transparency and traceability of cybersecurity certification information motivated by the recently adopted EU Cybersecurity Act. The proposed platform is generic and intended to support the trusted exchange of cybersecurity certification information for any electronic product, service, or process. However, for the purposes of this paper, we focus on the case study of the cybersecurity certification of IoT devices, which are explicitly referenced in the recently adopted Cybersecurity Act as one of the main domains where it is highlighted the need for an increased level of trust.

show abstract

Securing small-business and home internet of things (IoT) devices :

Cited by 11 publications

References 1 publication

Methodology for Characterizing Network Behavior of Internet of Things Devices

Methodology for Characterizing Network Behavior of Internet of Things Devices

On the Analysis of MUD-Files' Interactions, Conflicts, and Configuration Requirements Before Deployment

Toward a Blockchain-based Platform to Manage Cybersecurity Certification of IoT devices

Contact Info

Product

Resources

About