Clearer than Mud: Extending Manufacturer Usage Description (MUD) for Securing IoT Systems

摘要

Internet of Things (IoT) devices, expected to increase exponentially over the next several years, are easy targets for attackers. To make these devices more secure, the IETF's draft of Manufacturer Usage Description (MUD) provides a means for the manufacturer of an IoT device to specify its intended purpose and communication patterns in terms of access control lists (ACLs), thereby defining the device's normal behaviour. However, MUD may not be sufficient to comprehensively capture the normal behaviour specification, as it cannot incorporate variable operational settings that depend on the environment. Further, MUD only supports limited features. Our approach overcomes these limitations by allowing the administrator to define the normal behaviour by choosing combinations from a wider set of features that includes physical layer parameters, values of packet headers, and flow statistics. We developed and implemented a learning-based system that captures and demodulates wireless packets from IoT devices over a period of time, extracts the features specified in the normal behaviour specification, and uses a learning algorithm to create a normal model of each device. Our implementation also enforces these normal models by detecting violations and taking appropriate actions, in terms of ACLs on an Internet Gateway, against the misbehaving devices. Hence, our framework makes the specification tighter and clearer than what is possible with MUD alone, thereby making IoT systems more secure.