Transparent microsegmentation in smart home IoT networks
Research output: Contribution to book/Conference proceedings/Anthology/Report › Conference contribution › Contributed
Contributors
Abstract
Driven by the Internet-of-Things (IoT) and 5G, the growing size and complexity of smart home networks leads to an increased attack surface. Smart home IoT devices are typically online 24/7, have out-of-date firmware, are not regularly patched against the latest security vulnerabilities, and often collect sensitive data and send it to the cloud. In this work we propose microsegmentation as a mean to reduce the attack surface of smart home networks with the assistance of the edge cloud. We implement two network functions that cooperate to enforce fine-grained network security policies in smart homes. One function builds an inventory of all devices and their vulnerabilities. The second utilizes that information to dynamically allocate IoT devices to microsegments, and isolates them from one another using inter- and intra- segment network-level security policies. We evaluated our approach using three different IoT network security metrics and IoT topologies. In the best case, microsegmentation reduces the attack surface exposed to a Mirai-infected IoT webcam by as much as 65.85% at the cost of preventing 2.16% of the otherwise-valid network flows between devices.
Details
Original language | English |
---|---|
Title of host publication | Proceedings of the USENIX Workshop on Hot Topics in Edge Computing (HotEdge) |
Number of pages | 6 |
Publication status | Published - 25 Jun 2020 |
Peer-reviewed | No |
Workshop
Title | 3rd USENIX Workshop on Hot Topics in Edge Computing |
---|---|
Abbreviated title | HotEdge 2020 |
Conference number | 3 |
Duration | 25 - 26 June 2020 |
Location | online |
City |
External IDs
ORCID | /0000-0002-0466-562X/work/142246128 |
---|