Is Visualization Enough? Evaluating the Efficacy of MUD-Visualizer in Enabling Ease of Deployment for Manufacturer Usage Description (MUD) (original) (raw)
Related papers
IEEE Access, 2021
With the strong development of the Internet of Things (IoT), the definition of IoT devices' intended behavior is key for an effective detection of potential cybersecurity attacks and threats in an increasingly connected environment. In 2019, the Manufacturer Usage Description (MUD) was standardized within the IETF as a data model and architecture for defining, obtaining and deploying MUD files, which describe the network behavioral profiles of IoT devices. While it has attracted a strong interest from academia, industry, and Standards Developing Organizations (SDOs), MUD is not yet widely deployed in real-world scenarios. In this work, we analyze the current research landscape around this standard, and describe some of the main challenges to be considered in the coming years to foster its adoption and deployment. Based on the literature analysis and our own experience in this area, we further describe potential research directions exploiting the MUD standard to encourage the development of secure IoTenabled scenarios.
ArXiv, 2021
Manufacturer Usage Description (MUD) is an Internet Engineering Task Force (IETF) standard designed to protect IoT devices and networks by creating an out-of-the-box access control list for an IoT device. Access control list of each device is defined in its MUD-File and may contain possibly hundreds of access control rules. As a result, reading and validating these files is a challenge; and determining how multiple IoT devices interact is difficult for the developer and infeasible for the consumer. To address this we introduce the MUD-Visualizer to provide a visualization of any number of MUD-Files. MUD-Visualizer is designed to enable developers to produce correct MUD-Files by providing format correction, integrating them with other MUD-Files, and identifying conflicts through visualization. MUD-Visualizer is scalable and its core task is to merge and illustrate ACEs for multiple devices; both within and beyond the local area network. MUD-Visualizer is made publicly available and c...
Clear as MUD: Generating, Validating and Applying IoT Behaviorial Profiles (Technical Report)
ArXiv, 2018
IoT devices are increasingly being implicated in cyber-attacks, driving community concern about the risks they pose to critical infrastructure, corporations, and citizens. In order to reduce this risk, the IETF is pushing IoT vendors to develop formal specifications of the intended purpose of their IoT devices, in the form of a Manufacturer Usage Description (MUD), so that their network behavior in any operating environment can be locked down and verified rigorously. This paper aims to assist IoT manufacturers in developing and verifying MUD profiles, while also helping adopters of these devices to ensure they are compatible with their organizational policies. Our first contribution is to develop a tool that takes the traffic trace of an arbitrary IoT device as input and automatically generates a MUD profile for it. We contribute our tool as open source, apply it to 28 consumer IoT devices, and highlight insights and challenges encountered in the process. Our second contribution is ...
Extending MUD profiles through an Automated IoT Security Testing Methodology
IEEE Access
Defining the intended behaviour of IoT devices is considered as a key aspect to detect and mitigate potential security attacks. In this direction, the Manufacturer Usage Description (MUD) has been recently standardised to reduce the attack surface of a certain device through the definition of access control policies. However, the semantic model is only intended to provide network level restrictions for the communication of such device. In order to increase the expressiveness of this approach, we propose the use of an automated IoT security testing methodology, so that testing results are used to generate augmented MUD profiles, in which additional security aspects are considered. For the enforcement of these profiles, we propose the use of different access control technologies addressing application layer security concerns. Furthermore, the methodology is based on the use of Model-Based Testing (MBT) techniques to automate the generation, design and implementation of security tests. Then, we describe the application of the resulting approach to the Elliptic Curve Diffie-Hellman over COSE (EDHOC) protocol, which represents a standardisation effort to build a lightweight authenticated key exchange protocol for IoT constrained scenarios.
Verifying and Monitoring IoTs Network Behavior Using MUD Profiles
IEEE Transactions on Dependable and Secure Computing, 2020
IoT devices are increasingly being implicated in cyberattacks, raising community concern about the risks they pose to critical infrastructure, corporations, and citizens. In order to reduce this risk, the IETF is pushing IoT vendors to develop formal specifications of the intended purpose of their IoT devices, in the form of a Manufacturer Usage Description (MUD), so that their network behavior in any operating environment can be locked down and verified rigorously. This paper aims to assist IoT manufacturers in developing and verifying MUD profiles, while also helping adopters of these devices to ensure they are compatible with their organizational policies and track device network behavior using their MUD profile. Our first contribution is to develop a tool that takes the traffic trace of an arbitrary IoT device as input and automatically generates the MUD profile for it. We contribute our tool as open source, apply it to 28 consumer IoT devices, and highlight insights and challenges encountered in the process. Our second contribution is to apply a formal semantic framework that not only validates a given MUD profile for consistency, but also checks its compatibility with a given organizational policy. We apply our framework to representative organizations and selected devices, to demonstrate how MUD can reduce the effort needed for IoT acceptance testing. Finally, we show how operators can dynamically identify IoT devices using known MUD profiles and monitor their behavioral changes in their network.
IoT Information Security Evaluation for Developers and Users
Journal of Information Security and Cryptography (Enigma)
The accelerated growth of Internet of Things (IoT) exposes many unsecured issues related to design and usage of devices leading to a new technological security paradigm. This paper presents an evaluation method and corrective actions to be carried out in order to make the usage of IoT devices safer. This method combines both the developer’s perspective and user’s perspective, thus differing from current guides. The proposed evaluation method is divided by categories, each one composed of security control clauses and their corresponding action recommendation. The user perspective of such evaluation method was applied into a service company, and the developer perspective into an IoT device manufacturer. These experiments produced useful perceptions on such view points. The evaluation provided an opportunity to enhance manufacturer security awareness and improve user experience with IoT devices.
Network Security for Home IoT Devices Must Involve the User: A Position Paper
Foundations and Practice of Security
Many home IoT devices suffer from poor security design and confusing interfaces, lowering the bar for successful cyberattacks. A popular approach to identify compromised IoT devices is network-based detection, in which network traffic is analyzed to fingerprint and identify such devices. However, while several network-based techniques for identifying misbehaving devices have been proposed, the role of the user in remediating IoT security incidents has been conspicuously overlooked. In this paper, we argue that successful IoT security must involve the user, even if the user is not a technical expert, and that the form in which security findings are communicated is as important as the technique used to generate such warnings. Finally, we present the design of a research testbed designed to foster further research in IoT security warnings.
eMUD: Enhanced Manufacturer Usage Description for IoT Botnets Prevention on Home WiFi Routers
IEEE Access
Distributed Denial of Service (DDoS) attacks have caused significant disruptions in the operations of Internet-based services. These DDoS attacks use large scale botnets, which often exploit millions of compromised Internet of Things (IoT) devices worldwide. IoT devices are traditionally less secure and are easy to be exploited. The extent of these exploitations has increased after the publication of the Mirai botnet source code on GitHub that provided a foundation for the attackers to develop and launch Mirai botnet variants. The Internet Engineering Task Force (IETF) proposed RFC 8520 Manufacturer Usage Description (MUD) so that an IoT device can convey to the network the level of network access it requires to accomplish its standard functionality. Though MUD is a promising effort, there is a need to evaluate its effectiveness, identify its limitations, and enhance its architecture to overcome its weakness and improve its efficiency. The latest Mirai variant malware is exploiting vulnerabilities of Internet of Things devices. As MUD does not consider identifying and patching vulnerabilities present in the device before the issuance of the MUD profile, a device can be compromised even in the presence of the Manufacturer Usage Description profile by exploiting either the configuration vulnerabilities or firmware vulnerabilities present in the device. This paper presents an evaluation study of the Manufacturer Usage Description (MUD), identifies its weaknesses, and proposed enhancements in its architecture. This research proposed a mechanism for identifying and eliminating the configuration vulnerabilities before creating the MUD profile for a device to minimize the attack surface. This research adopts the OWASP firmware testing methodology for discovering vulnerabilities in the firmware of WiFi home routers. The device is allowed to request the MUD profile only if the identified firmware vulnerabilities are low. The identified firmware vulnerabilities are patched in case the score of the identified firmware vulnerabilities is moderate or high. The device is allowed to request the MUD profile after the vulnerabilities are patched. The firmware vulnerabilities are shared with other peers using blockchain smart contracts. There is a possibility that the MUD URL might be pointing to a corrupted or malicious MUD profile hosted at the attacker file server due to the absence of an authentication mechanism in the MUD process. This research also proposed an authentication mechanism for device MUD profile, MUD file generator, and MUD file server. Implementation results show that proposed enhancements improve the security services provided by the Manufacturer Usage Description (MUD).
Usability analysis of shared device ecosystem security
Proceedings of the New Security Paradigms Workshop, 2019
The use of Internet of Things (IoT) devices is an emerging trend for citizens. These devices may have implications for the security of various areas of life; for survivors of technology-facilitated domestic abuse and violence (tech-abuse), a shared ecosystem of IoT devices poses new risks. Here we develop a novel adaptation of 'heuristic walkthrough' usability assessment, applying it to two readily available families of consumer smart assistant devices (Amazon Echo and Google Home). The paradigm underpinning the method considers the shared device ecosystem, and the potential threats to a person sharing smart devices with another. Prior tech abuse research informed the design of 11 tasks representing dierent phases of potential IoT tech-abuse. Phenomena produced by the tasks were assessed across well-dened design heuristics. Assessment was from both primary and secondary user perspectives, via a range of service interfaces (such as App, browser interface, and visual device cues). We nd that many security-related elements of devices do not present usability problems, including that a secondary user has only a very limited view of the actions of a primary device user. We dierentiate between features which delay or block eective use, informing potential areas for developing support solutions. For instance, ndings indicate that task feedback and instructions may impact a tech-abuse survivor in an IoT ecosystem. Our results have implications for the denition of usability for concurrent users with diering expectations and needs, especially within a tech-abuse context. Our approach can inform the stakeholder conversations necessary to explore these issues across a range of other IoT devices.
Towards a Visual Grammar for IoT Systems Representation and their Cybersecurity Requirements
2020 IEEE Colombian Conference on Communications and Computing (COLCOM), 2020
In this paper we present progress towards visual iconography (elements) and a grammar for Internet of Things (IoT) system representations and their cybersecurity requirements. Our visual representation of IoT systems aims to facilitate the identification of the IoT attack surface and the vulnerabilities that an attacker may exploit. The paper first outlines the basic visual elements and the associated grammar, which are then applied to a series of smart home IoT use cases to demonstrate how these can be used to represent these networks and their cybersecurity requirements in a visual and intuitive way. The motivation behind this work is to improve our ability to reason about IoT attack surfaces towards improving our defense capabilities for those systems.