research-article

Free access

Clear as MUD: Generating, Validating and Applying IoT Behavioral Profiles

Authors:

Dinesha Ranathunga,

Hassan Habibi Gharakheili,

Matthew Roughan,

Vijay SivaramanAuthors Info & Claims

IoT S&P '18: Proceedings of the 2018 Workshop on IoT Security and Privacy

Pages 8 - 14

https://doi.org/10.1145/3229565.3229566

Published: 07 August 2018 Publication History

Abstract

IoT devices are increasingly being implicated in cyber-attacks, raising community concern about the risks they pose to critical infrastructure, corporations, and citizens. In order to reduce this risk, the IETF is pushing IoT vendors to develop formal specifications of the intended purpose of their IoT devices, in the form of a Manufacturer Usage Description (MUD), so that their network behavior in any operating environment can be locked down and verified rigorously.

This paper aims to assist IoT manufacturers in developing and verifying MUD profiles, while also helping adopters of these devices to ensure they are compatible with their organizational policies. Our first contribution is to develop a tool that takes the traffic trace of an arbitrary IoT device as input and automatically generates the MUD profile for it. We contribute our tool as open source, apply it to 28 consumer IoT devices, and highlight insights and challenges encountered in the process. Our second contribution is to apply a formal semantic framework that not only validates a given MUD profile for consistency, but also checks its compatibility with a given organizational policy. Finally, we apply our framework to representative organizations and selected devices, to demonstrate how MUD can reduce the effort needed for IoT acceptance testing.

References

[1]

2018. MUD maker. http://www.insecam.org/en/bycountry/US/. (2018).

[2]

Amit Basu and Robert Blanning. 2007. Metagraphs and their applications. Vol. 15. Springer Science & Business Media.

Digital Library

[3]

Sara Boddy and Justin Shattuck. 2017. The Hunt for IoT: The Rise of Thingbots. Technical Report. F5 Labs.

[4]

Eric Byres, John Karsch, and Joel Carter. 2005. NISCC good practice guide on firewall deployment for SCADA and process control networks. NISCC (2005).

[5]

Cisco Systems. 2013. Cisco ASA Series CLI Configuration Guide, 9.0. Cisco Systems, Inc.

[6]

FCC. 2016. Federal Communications Comssion Response 12--05--2016. https://goo.gl/JdLofa. (2016).

[7]

Ayyoob Hamza. 2018. MUDgee. https://github.com/ayyoob/mudgee. (2018).

[8]

A. Hamza, D. Ranathunga, H. Habibi Gharakheili, M. Roughan, and V. Sivaraman. 2018. Clear as MUD: Generating, Validating and Applying IoT Behaviorial Profiles (Technical Report). ArXiv e-prints (April 2018). arXiv:cs.CR/1804.04358

[9]

Scott Hilton. 2016. Dyn Analysis Summary Of Friday October 21 Attack. https://goo.gl/mCdQUF. (2016).

[10]

Juniper Networks, Inc. 2016. Getting Started Guide for the Branch SRX Series. 1133 Innovation Way, Sunnyvale, CA 94089, USA.

[11]

Eliot Lear, Ralph Droms, and Dan Romascanu. 2018. Manufacturer Usage Description Specification (work in progress). Internet-Draft draft-ietf-opsawg-mud-18. IETF Secretariat. http://www.ietf.org/internet-drafts/draft-ietf-opsawg-mud-18.txt

[12]

Franco Loi, Arunan Sivanathan, Hassan Habibi Gharakheili, Adam Radford, and Vijay Sivaraman. 2017. Systematically Evaluating Security and Privacy for Consumer IoT Devices. In Proc. ACM IoT S&P. Dallas, Texas, USA.

Digital Library

[13]

John Matherly. 2018. Shodan. {Online}. Available: https://www.shodan.io/. (2018).

[14]

Diego M Mendez, Ioannis Papapanagiotou, and Baijian Yang. 2017. Internet of Things: Survey on Security and Privacy. CoRR abs/1707.01879 (2017). arXiv:1707.01879

[15]

European Union Agency For Network and Information Security. 2017. Communication network dependencies for ICS/SCADA Systems. https://www.enisa.europa.eu/publications/ics-scada-dependencies. (2017).

[16]

NIST. 2016. Systems Security Engineering. https://goo.gl/Qo9GfD. (2016).

[17]

U.S. Department of Homeland Security. 2016. Strategic Principles For Securing the Internet of Things (IoT). https://goo.gl/PaXbc4. (2016).

[18]

Palo Alto Networks, Inc. 2017. PAN-OS Administrator's Guide, 8.0. 4401 Great America Parkway, Santa Clara, CA 95054, USA.

[19]

Dave Plonka. 2013. Flawed Routers Flood University of Wisconsin Internet Time Server. www.pages.cs.wisc.edu/~plonka/netgear-sntp/. (2013).

[20]

Dinesha Ranathunga, Hung Nguyen, and Matthew Roughan. 2017. MGtoolkit: A python package for implementing metagraphs. SoftwareX 6 (2017), 91--93.

[21]

Dinesha Ranathunga, Matthew Roughan, Phil Kernick, and Nick Falkner. 2016. Malachite: Firewall policy comparison. In IEEE Symposium on Computers and Communication (ISCC). 310--317.

[22]

Dinesha Ranathunga, Matthew Roughan, Phil Kernick, Nick Falkner, Hung Nguyen, Marian Mihailescu, and Michelle McClintock. 2016. Verifiable Policy-defined Networking for Security Management. In SECRYPT. 344--351.

Digital Library

[23]

Dinesha Ranathunga, Matthew Roughan, Hung Nguyen, Phil Kernick, and Nickolas Falkner. 2016. Case studies of scada firewall configurations and the implications for best practices. IEEE Transactions on Network and Service Management 13 (2016), 871--884.

Digital Library

[24]

Arunan Sivanathan, Daniel Sherratt, Hassan Habibi Gharakheili, Adam Radford, Chamith Wijenayake, Arun Vishwanath, and Vijay Sivaraman. 2017. Characterizing and classifying IoT traffic in smart cities and campuses. In Proc. IEEE INFOCOM workshop on SmartCity. Atlanta, Georgia, USA.

[25]

Vijay Sivaraman, Dominic Chan, Dylan Earl, and Roksana Boreli. 2016. Smartphones attacking smart-homes. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks. ACM, 195--200.

Digital Library

[26]

Keith Stouffer, Joe Falco, and Karen Scarfone. 2008. Guide to Industrial Control Systems (ICS) security. NIST Special Publication 800, 82 (2008), 16--16.

[27]

Cisco Systems. 2018. Cisco 2018 Annual Cybersecurity Report. Technical Report.

[28]

Avishai Wool. 2010. Trends in firewall configuration errors: Measuring the holes in Swiss cheese. IEEE Internet Computing 14, 4 (2010), 58--65.

Digital Library

[29]

PC World. 2018. Backdoor accounts found in 80 Sony IP security camera models. https://goo.gl/UUvc2x. (2018).

Cited By

Aroon NLiu VKane LLi YTesfamicael AMcKague M(2024)An Architecture of Enhanced Profiling Assurance for IoT NetworksElectronics10.3390/electronics1314283213:14(2832)Online publication date: 18-Jul-2024
https://doi.org/10.3390/electronics13142832
Feraudo APopescu DYadav PMortier RBellavista P(2024)Mitigating IoT Botnet DDoS Attacks through MUD and eBPF based Traffic FilteringProceedings of the 25th International Conference on Distributed Computing and Networking10.1145/3631461.3631549(164-173)Online publication date: 4-Jan-2024
https://dl.acm.org/doi/10.1145/3631461.3631549
Li RLi QZou QZhao DZeng XHuang YJiang YLyu FOrmazabal GSingh ASchulzrinne H(2024)IoTGemini: Modeling IoT Network Behaviors for Synthetic Traffic GenerationIEEE Transactions on Mobile Computing10.1109/TMC.2024.342660023:12(13240-13257)Online publication date: Dec-2024
https://doi.org/10.1109/TMC.2024.3426600
Show More Cited By

Index Terms

Clear as MUD: Generating, Validating and Applying IoT Behavioral Profiles
1. Security and privacy
  1. Formal methods and theory of security

Recommendations

Combining MUD Policies with SDN for IoT Intrusion Detection
IoT S&P '18: Proceedings of the 2018 Workshop on IoT Security and Privacy

The IETF's push towards standardizing the Manufacturer Usage Description (MUD) grammar and mechanism for specifying IoT device behavior is gaining increasing interest from industry. The ability to control inappropriate communication between devices in ...
Stepping out of the MUD: Contextual threat information for IoT devices with manufacturer-provided behavior profiles
ACSAC '22: Proceedings of the 38th Annual Computer Security Applications Conference

Besides coming with unprecedented benefits, the Internet of Things (IoT) suffers deficits in security measures, leading to attacks increasing every year. In particular, network environments such as smart homes lack managed security capabilities to ...
Is Visualization Enough? Evaluating the Efficacy of MUD-Visualizer in Enabling Ease of Deployment for Manufacturer Usage Description (MUD)
ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference

The IETF Manufacturer Usage Description (MUD) standard was designed to protect IoT devices through network micro-segmentation. In practice, this is implemented using per-device access control that is defined by the manufacturer. This access control is ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IoT S&P '18: Proceedings of the 2018 Workshop on IoT Security and Privacy

August 2018

61 pages

ISBN:9781450359054

DOI:10.1145/3229565

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 August 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Centre of Excellence for Mathematical and Statistical Frontiers (ACEMS)
Australian Research Council
Google Faculty Research Awards

Conference

SIGCOMM '18

Sponsor:

SIGCOMM

SIGCOMM '18: ACM SIGCOMM 2018 Conference

August 20, 2018

Budapest, Hungary

Acceptance Rates

Overall Acceptance Rate 12 of 30 submissions, 40%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

80
Total Citations
View Citations
1,608
Total Downloads

Downloads (Last 12 months)220
Downloads (Last 6 weeks)25

Reflects downloads up to 16 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Aroon NLiu VKane LLi YTesfamicael AMcKague M(2024)An Architecture of Enhanced Profiling Assurance for IoT NetworksElectronics10.3390/electronics1314283213:14(2832)Online publication date: 18-Jul-2024
https://doi.org/10.3390/electronics13142832
Feraudo APopescu DYadav PMortier RBellavista P(2024)Mitigating IoT Botnet DDoS Attacks through MUD and eBPF based Traffic FilteringProceedings of the 25th International Conference on Distributed Computing and Networking10.1145/3631461.3631549(164-173)Online publication date: 4-Jan-2024
https://dl.acm.org/doi/10.1145/3631461.3631549
Li RLi QZou QZhao DZeng XHuang YJiang YLyu FOrmazabal GSingh ASchulzrinne H(2024)IoTGemini: Modeling IoT Network Behaviors for Synthetic Traffic GenerationIEEE Transactions on Mobile Computing10.1109/TMC.2024.342660023:12(13240-13257)Online publication date: Dec-2024
https://doi.org/10.1109/TMC.2024.3426600
Li RLi QHuang YZou QZhao DZhang ZJiang YZhu FVasilakos A(2024)SeIoT: Detecting Anomalous Semantics in Smart Homes via Knowledge GraphIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.342885619(7005-7018)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3428856
Guo SLyu MGharakheili H(2024)Realizing Open and Decentralized Marketplace for Exchanging Data of Expected IoT BehaviorsNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575272(1-5)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575272
Medury LKandah F(2024)GoNP: Graph of Network Patterns for Device Identification using UDP Application Layer Protocols2024 IEEE 49th Conference on Local Computer Networks (LCN)10.1109/LCN60385.2024.10639659(1-8)Online publication date: 8-Oct-2024
https://doi.org/10.1109/LCN60385.2024.10639659
He WBryson KCalderon RPrakash VFeamster NHuang DUr B(2024)Can Allowlists Capture the Variability of Home IoT Device Network Behavior?2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP60621.2024.00015(114-138)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSP60621.2024.00015
Hussain BElmedany W(2024)A Systematic Literature Review on Artificial Intelligence Applications for Internet of Things Security2024 Arab ICT Conference (AICTC)10.1109/AICTC58357.2024.10735004(169-176)Online publication date: 27-Feb-2024
https://doi.org/10.1109/AICTC58357.2024.10735004
Israeli DNoy AAfek YBremler-Barr A(2024)Localhost detour from public to private networks: Vulnerabilities and mitigationsCryptography and Communications10.1007/s12095-024-00750-xOnline publication date: 9-Nov-2024
https://doi.org/10.1007/s12095-024-00750-x
Loginov AAdjei JZincir-Heywood NSampalli Sde Snayer KDougall T(2023)Preliminary Results on Exploring Data Exhaust of Consumer Internet of Things Devices2023 19th International Conference on Network and Service Management (CNSM)10.23919/CNSM59352.2023.10327914(1-5)Online publication date: 30-Oct-2023
https://doi.org/10.23919/CNSM59352.2023.10327914
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents