Transparent microsegmentation in smart home IoT networks

Research output: Contribution to book/Conference proceedings/Anthology/ReportConference contributionContributed

Contributors

Abstract

Driven by the Internet-of-Things (IoT) and 5G, the growing size and complexity of smart home networks leads to an increased attack surface. Smart home IoT devices are typically online 24/7, have out-of-date firmware, are not regularly patched against the latest security vulnerabilities, and often collect sensitive data and send it to the cloud. In this work we propose microsegmentation as a mean to reduce the attack surface of smart home networks with the assistance of the edge cloud. We implement two network functions that cooperate to enforce fine-grained network security policies in smart homes. One function builds an inventory of all devices and their vulnerabilities. The second utilizes that information to dynamically allocate IoT devices to microsegments, and isolates them from one another using inter- and intra- segment network-level security policies. We evaluated our approach using three different IoT network security metrics and IoT topologies. In the best case, microsegmentation reduces the attack surface exposed to a Mirai-infected IoT webcam by as much as 65.85% at the cost of preventing 2.16% of the otherwise-valid network flows between devices.

Details

Original languageEnglish
Title of host publicationProceedings of the USENIX Workshop on Hot Topics in Edge Computing (HotEdge)
Number of pages6
Publication statusPublished - 25 Jun 2020
Peer-reviewedNo

Workshop

Title3rd USENIX Workshop on Hot Topics in Edge Computing
Abbreviated titleHotEdge 2020
Conference number3
Duration25 - 26 June 2020
Locationonline
City

External IDs

ORCID /0000-0002-0466-562X/work/142246128