ABSTRACT
IoT devices are increasingly being implicated in cyber-attacks, raising community concern about the risks they pose to critical infrastructure, corporations, and citizens. In order to reduce this risk, the IETF is pushing IoT vendors to develop formal specifications of the intended purpose of their IoT devices, in the form of a Manufacturer Usage Description (MUD), so that their network behavior in any operating environment can be locked down and verified rigorously.
This paper aims to assist IoT manufacturers in developing and verifying MUD profiles, while also helping adopters of these devices to ensure they are compatible with their organizational policies. Our first contribution is to develop a tool that takes the traffic trace of an arbitrary IoT device as input and automatically generates the MUD profile for it. We contribute our tool as open source, apply it to 28 consumer IoT devices, and highlight insights and challenges encountered in the process. Our second contribution is to apply a formal semantic framework that not only validates a given MUD profile for consistency, but also checks its compatibility with a given organizational policy. Finally, we apply our framework to representative organizations and selected devices, to demonstrate how MUD can reduce the effort needed for IoT acceptance testing.
- 2018. MUD maker. http://www.insecam.org/en/bycountry/US/. (2018).Google Scholar
- Amit Basu and Robert Blanning. 2007. Metagraphs and their applications. Vol. 15. Springer Science & Business Media. Google ScholarDigital Library
- Sara Boddy and Justin Shattuck. 2017. The Hunt for IoT: The Rise of Thingbots. Technical Report. F5 Labs.Google Scholar
- Eric Byres, John Karsch, and Joel Carter. 2005. NISCC good practice guide on firewall deployment for SCADA and process control networks. NISCC (2005).Google Scholar
- Cisco Systems. 2013. Cisco ASA Series CLI Configuration Guide, 9.0. Cisco Systems, Inc.Google Scholar
- FCC. 2016. Federal Communications Comssion Response 12--05--2016. https://goo.gl/JdLofa. (2016).Google Scholar
- Ayyoob Hamza. 2018. MUDgee. https://github.com/ayyoob/mudgee. (2018).Google Scholar
- A. Hamza, D. Ranathunga, H. Habibi Gharakheili, M. Roughan, and V. Sivaraman. 2018. Clear as MUD: Generating, Validating and Applying IoT Behaviorial Profiles (Technical Report). ArXiv e-prints (April 2018). arXiv:cs.CR/1804.04358Google Scholar
- Scott Hilton. 2016. Dyn Analysis Summary Of Friday October 21 Attack. https://goo.gl/mCdQUF. (2016).Google Scholar
- Juniper Networks, Inc. 2016. Getting Started Guide for the Branch SRX Series. 1133 Innovation Way, Sunnyvale, CA 94089, USA.Google Scholar
- Eliot Lear, Ralph Droms, and Dan Romascanu. 2018. Manufacturer Usage Description Specification (work in progress). Internet-Draft draft-ietf-opsawg-mud-18. IETF Secretariat. http://www.ietf.org/internet-drafts/draft-ietf-opsawg-mud-18.txtGoogle Scholar
- Franco Loi, Arunan Sivanathan, Hassan Habibi Gharakheili, Adam Radford, and Vijay Sivaraman. 2017. Systematically Evaluating Security and Privacy for Consumer IoT Devices. In Proc. ACM IoT S&P. Dallas, Texas, USA. Google ScholarDigital Library
- John Matherly. 2018. Shodan. {Online}. Available: https://www.shodan.io/. (2018).Google Scholar
- Diego M Mendez, Ioannis Papapanagiotou, and Baijian Yang. 2017. Internet of Things: Survey on Security and Privacy. CoRR abs/1707.01879 (2017). arXiv:1707.01879Google Scholar
- European Union Agency For Network and Information Security. 2017. Communication network dependencies for ICS/SCADA Systems. https://www.enisa.europa.eu/publications/ics-scada-dependencies. (2017).Google Scholar
- NIST. 2016. Systems Security Engineering. https://goo.gl/Qo9GfD. (2016).Google Scholar
- U.S. Department of Homeland Security. 2016. Strategic Principles For Securing the Internet of Things (IoT). https://goo.gl/PaXbc4. (2016).Google Scholar
- Palo Alto Networks, Inc. 2017. PAN-OS Administrator's Guide, 8.0. 4401 Great America Parkway, Santa Clara, CA 95054, USA.Google Scholar
- Dave Plonka. 2013. Flawed Routers Flood University of Wisconsin Internet Time Server. www.pages.cs.wisc.edu/~plonka/netgear-sntp/. (2013).Google Scholar
- Dinesha Ranathunga, Hung Nguyen, and Matthew Roughan. 2017. MGtoolkit: A python package for implementing metagraphs. SoftwareX 6 (2017), 91--93.Google ScholarCross Ref
- Dinesha Ranathunga, Matthew Roughan, Phil Kernick, and Nick Falkner. 2016. Malachite: Firewall policy comparison. In IEEE Symposium on Computers and Communication (ISCC). 310--317.Google ScholarCross Ref
- Dinesha Ranathunga, Matthew Roughan, Phil Kernick, Nick Falkner, Hung Nguyen, Marian Mihailescu, and Michelle McClintock. 2016. Verifiable Policy-defined Networking for Security Management.. In SECRYPT. 344--351. Google ScholarDigital Library
- Dinesha Ranathunga, Matthew Roughan, Hung Nguyen, Phil Kernick, and Nickolas Falkner. 2016. Case studies of scada firewall configurations and the implications for best practices. IEEE Transactions on Network and Service Management 13 (2016), 871--884. Google ScholarDigital Library
- Arunan Sivanathan, Daniel Sherratt, Hassan Habibi Gharakheili, Adam Radford, Chamith Wijenayake, Arun Vishwanath, and Vijay Sivaraman. 2017. Characterizing and classifying IoT traffic in smart cities and campuses. In Proc. IEEE INFOCOM workshop on SmartCity. Atlanta, Georgia, USA.Google ScholarCross Ref
- Vijay Sivaraman, Dominic Chan, Dylan Earl, and Roksana Boreli. 2016. Smartphones attacking smart-homes. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks. ACM, 195--200. Google ScholarDigital Library
- Keith Stouffer, Joe Falco, and Karen Scarfone. 2008. Guide to Industrial Control Systems (ICS) security. NIST Special Publication 800, 82 (2008), 16--16.Google Scholar
- Cisco Systems. 2018. Cisco 2018 Annual Cybersecurity Report. Technical Report.Google Scholar
- Avishai Wool. 2010. Trends in firewall configuration errors: Measuring the holes in Swiss cheese. IEEE Internet Computing 14, 4 (2010), 58--65. Google ScholarDigital Library
- PC World. 2018. Backdoor accounts found in 80 Sony IP security camera models. https://goo.gl/UUvc2x. (2018).Google Scholar
Index Terms
- Clear as MUD: Generating, Validating and Applying IoT Behavioral Profiles
Recommendations
Combining MUD Policies with SDN for IoT Intrusion Detection
IoT S&P '18: Proceedings of the 2018 Workshop on IoT Security and PrivacyThe IETF's push towards standardizing the Manufacturer Usage Description (MUD) grammar and mechanism for specifying IoT device behavior is gaining increasing interest from industry. The ability to control inappropriate communication between devices in ...
Stepping out of the MUD: Contextual threat information for IoT devices with manufacturer-provided behavior profiles
ACSAC '22: Proceedings of the 38th Annual Computer Security Applications ConferenceBesides coming with unprecedented benefits, the Internet of Things (IoT) suffers deficits in security measures, leading to attacks increasing every year. In particular, network environments such as smart homes lack managed security capabilities to ...
Is Visualization Enough? Evaluating the Efficacy of MUD-Visualizer in Enabling Ease of Deployment for Manufacturer Usage Description (MUD)
ACSAC '21: Proceedings of the 37th Annual Computer Security Applications ConferenceThe IETF Manufacturer Usage Description (MUD) standard was designed to protect IoT devices through network micro-segmentation. In practice, this is implemented using per-device access control that is defined by the manufacturer. This access control is ...
Comments