SlideShare une entreprise Scribd logo

A Gateway based MUD Architecture to Enhance Smart Home Security

Luca Mannella
Luca Mannella

This is the presentation of the paper: "A Gateway based MUD Architecture to Enhance Smart Home Security". The paper was presented during the 8th International Conference on Smart and Sustainable Technologies (SpliTech 2023). Specifically, the paper was presented at the Special Session on Cybersecurity and IoT within the International Symposium on the Internet of Things. Abstract of the paper: Smart home systems, including consumer-grade Internet of Things (IoT) devices, are in a dangerous situation. On the one hand, the number of smart homes is increasing. On the other hand, the devices in these dwellings are often affected by vulnerabilities that could be exploited to generate massive (distributed) attacks. To mitigate the issue of having compromised devices involved in such attacks, the Internet Engineering Task Force (IETF) recently proposed a new standard: the Manufacturer Usage Description (MUD). The main contribution of this paper is to propose a slightly extended version of the MUD architecture. This architecture is centered around a smart home gateway (SHG) that can be extended through the contributions of plug-in developers. Indeed, our proposed approach allows developers to specify which endpoints their plug-ins need to reach. These requirements will then be processed to generate a consolidated gateway-level MUD file exposed by the SHG itself. Thus, thanks to this solution and developers’ intervention, even devices that are not natively “MUD-enabled” would be protected by the MUD standard if integrated through a proper plug-in. Moreover, these requirements are transparent for the device itself. To demonstrate the feasibility of this approach, we realized a proof-of-concept for a widespread open-source smart home gateway: Home Assistant.

Ingénierie
1  sur  21
Télécharger pour lire hors ligne
A Gateway-based MUD Architecture to Enhance Smart Home Security Fulvio Corno and Luca Mannella e-Lite research group Department of Control and Computer Engineering Politecnico di Torino,Turin, Italy 8th International Conference On Smart and Sustainable Technologies Bol, June 21, 2023
Outline • Internet of Things and smart homes context Introduction • Manufacturer Usage Description (MUD) Background • Presenting the architecture and the PoC Proposed Approach • Sum up and future work Conclusions June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 2
Introduction • Smart Home (SH) systems are in a dangerous situation • Very widespread (12.2 billion active endpoints) • USENIX 2019: at least 40% houses have an IoT device (70% in the U.S.A.) • A large percentage of these devices has a known vulnerability • Compromised devices could create serious issues • IoT devices are infected to carry on DDoS attacks (Mirai Botnet) • Affecting other devices in the same network • To manage them, Smart Home Gateways (SHG) are often involved • Goal: take advantage of the SHG to enhance SH security thanks to • the MUD standard • plug-in developers' intervention June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 3
Manufacturer Usage Description (MUD) Less (connection) is more (secure) June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 4
Manufacturer Usage Description (MUD) • IETF Standard: RFC-8520 (originally proposed by CISCO) • Main goal: reducing unexpected communications to/from an IoT device • Defining a proper architecture and data model • How? With a white-listing approach • The manufacturer specifies the authorized connections (policy) in a dedicated "MUD file" • Other connections are forbidden June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 5
MUD files and MUD Policy Enforcement • Each class of device produced by a Manufacturer must have a dedicated MUD file • E.g., a MUD file for Amazon Echo Dot, a MUD file for the Philips Hue, etc. • The MUD file is composed by a set of policy • Expressed in JSON format • Each policy defines the endpoints of the allowed communications • These policies are enforced by the network where the device is deployed • A "MUD Manager" must be in the local network • The enforcement is partially left to the local network administration June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 6
How MUD Works These two components can be deployed on the same device Thing Router or Switch 1. Expose a MUD URL DHCP, LLDP, 802.1AR MUD Manager 2. Forward the MUD URL 5. Enforce the device’s policies End system network 3. Get URL HTTPS 4. MUD file MUD File Server F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security June 21, 2023 7
Promising but not much deployed • MUD is considered promising by ENISA and NIST • Manufacturers are not creating (and deploying) MUD files • A possible solution (already faced in literature): • a third party could create the MUD file instead of the manufacturer June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 8
Proposed approach A Gateway-based MUD Architecture to Enhance Smart Home Security June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 9
Extending MUD Architecture • A suitable third-party could be a smart home gateway • Device able to coordinate many IoT devices • Often extensible through plug-ins • Developers and tinkerers could help in creating these MUD files • specifying plug-ins’ endpoints through some “MUD snippets” • even if they have • limited experience with the technology • no dedicated servers • To achieve this goal is necessary to extend the MUD architecture June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 10
Extended MUD Architecture Smart Home Gateway Router or Switch 2. Expose MUD URL DHCP, LLDP, 802.1AR MUD Manager 6. Enforce the SHG policies End system network Func 1 Thing 1 Plug-in N 3. Forward the MUD URL MUD Generator MUD Policies MUD Policies MUD Policies MUD File F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 1. Generate and sign the MUD File 0. Plug-in’s developer writes MUD-compliant policies June 21, 2023 11 7. Reiterate the flow
Main Contributions of the Paper 1. Extend the MUD concept in a transparent way • A SHG can manage many devices in its smart home • The devices and the MUD manager are not aware of this change 2. Protect devices not natively MUD-enabled • Thanks to developers’ contributions 3. Protect SHGs and their plug-ins with the MUD standard • Protecting every kind of plug-in • Regardless of the offered functionality • I.e., not only devices June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 12
Use Case: MUD Manager OpenWrt — https://openwrt.org/ • Open Wireless Router • a Linux operating system targeting embedded devices • Initial release in January 2004 osMUD — https://osmud.org • The open source MUD manager • A C-based MUD manager • Designed to run on OpenWrt version 17 • Version 0.2 (released in March 2019) • improved for this project — https://github.com/Sarcares/osmud/tree/mud-refreshing • osMUD is now able to manage updated versions of the devices’ MUD files June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 13
Use Case: Smart Home Gateway Home Assistant (HAss) — https://www.home-assistant.io/ • A Python-based open-source smart home gateway software • Developed since 2013 and released in 2016 • More than 240,000 active installations • Four different types of release • Each of them with additional features with respect to core version • Extensible through two different kind of plug-ins: integrations and add-ons • Focus on Integrations — https://www.home-assistant.io/integrations • Available in all Home Assistant releases • Closer to “traditional” plug-in concept • Deeply integrated in Hass • Developed integration: MUD Generator June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 14
The Prototype • Two Raspberry Pi 3 Model B • One Raspberry equipped with: • OpenWrt OS: version 17.01.6 • Slightly improved version of osMUD 0.2 • adding processing of MUD files from already known devices • Another Raspberry equipped with: • Home-Assistant OS: version 9.2 (currently updated to 10.2) • default and custom integrations • the MUD generator integration F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security June 21, 2023 15
Testing the Prototype • Testing the solution with 3 integrations • 2 custom: an emulated temperature sensor and a switch • 1 standard: a meteo adapter • We wrote the related “MUD snippets” • With the necessary endpoints • MUD generator merges them in a gateway-level MUD file • The MUD file is correctly signed, exposed, verified, and enforced • After the enforcement, we observed as the SHG can reach only the specified endpoints June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 16
Conclusions June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 17
Conclusions • Purposes of this proposed approach • Protect devices not natively MUD-enabled • Extend the MUD concept even to software functionalities • Achieved through an extended MUD architecture • Transparent for • The MUD manager • The integrated devices June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 18
Current and Next Steps • Expanding this proposed approach even to add-ons • MUD snippets’ authentication • only trusted developers must be able to add their MUD snippets • MUD snippets must be associated to the proper plug-in • MUD policies issue • Policy Errors: detecting if a policy is wrong-written • Policy Conflicts: detecting if two policies contradict each other • Policy Sub-Optimizations: detecting if policies are overlapping June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 19
Thanks for your kind attention! Any questions? F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security e-Lite research group Department of Control and Computer Engineering Politecnico di Torino, Turin, Italy June 21, 2023 Publications Stay Connected Fulvio Corno fulvio.corno@polito.it Full Professor Luca Mannella luca.mannella@polito.it Ph.D. student 20
License • These slides are distributed under a Creative Commons license: “Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)” • You are free to: • Share — copy and redistribute the material in any medium or format • Adapt — remix, transform, and build upon the material • The licensor cannot revoke these freedoms as long as you follow the license terms. • Under the following terms: • Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. • NonCommercial — You may not use the material for commercial purposes. • ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original. • No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits. • https://creativecommons.org/licenses/by-nc-sa/4.0/ June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 21

Recommandé

A Threat Model for Extensible Smart Home Gateways
A Threat Model for Extensible Smart Home GatewaysA Threat Model for Extensible Smart Home Gateways
A Threat Model for Extensible Smart Home GatewaysLuca Mannella
 
Grid and Cloud Computing Lecture 1a.pptx
Grid and Cloud Computing Lecture 1a.pptxGrid and Cloud Computing Lecture 1a.pptx
Grid and Cloud Computing Lecture 1a.pptxDrAdeelAkram2
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to ProductionMender.io
 
MAJOR_PROJECT
MAJOR_PROJECTMAJOR_PROJECT
MAJOR_PROJECTPraveen Born To Rock
 
Course: "Introductory course to HLS FPGA programming"
Course: "Introductory course to HLS FPGA programming"Course: "Introductory course to HLS FPGA programming"
Course: "Introductory course to HLS FPGA programming"Mirko Mariotti
 
Building a More Connected World
Building a More Connected WorldBuilding a More Connected World
Building a More Connected WorldSilicon Labs
 
Lightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edgeLightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edgeAgence du Numérique (AdN)
 

Recommandé

A Threat Model for Extensible Smart Home Gateways
A Threat Model for Extensible Smart Home GatewaysA Threat Model for Extensible Smart Home Gateways
A Threat Model for Extensible Smart Home GatewaysLuca Mannella
 
Grid and Cloud Computing Lecture 1a.pptx
Grid and Cloud Computing Lecture 1a.pptxGrid and Cloud Computing Lecture 1a.pptx
Grid and Cloud Computing Lecture 1a.pptxDrAdeelAkram2
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to ProductionMender.io
 
MAJOR_PROJECT
MAJOR_PROJECTMAJOR_PROJECT
MAJOR_PROJECTPraveen Born To Rock
 
Course: "Introductory course to HLS FPGA programming"
Course: "Introductory course to HLS FPGA programming"Course: "Introductory course to HLS FPGA programming"
Course: "Introductory course to HLS FPGA programming"Mirko Mariotti
 
Building a More Connected World
Building a More Connected WorldBuilding a More Connected World
Building a More Connected WorldSilicon Labs
 
Lightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edgeLightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edgeAgence du Numérique (AdN)
 
1_COMPONENTS OF COMPUTER SYSTEM_Show
1_COMPONENTS OF COMPUTER SYSTEM_Show1_COMPONENTS OF COMPUTER SYSTEM_Show
1_COMPONENTS OF COMPUTER SYSTEM_ShowManojKumar4723
 
Design and implementation of a smart home system with two levels of security ...
Design and implementation of a smart home system with two levels of security ...Design and implementation of a smart home system with two levels of security ...
Design and implementation of a smart home system with two levels of security ...nooriasukmaningtyas
 
iNGENIOUS: Next Generation IoT for the Next-Generation Supply Chain
iNGENIOUS: Next Generation IoT for the Next-Generation Supply ChainiNGENIOUS: Next Generation IoT for the Next-Generation Supply Chain
iNGENIOUS: Next Generation IoT for the Next-Generation Supply ChainiNGENIOUSIoT
 
Entreprises : découvrez les briques essentielles d’une solution IoT
Entreprises : découvrez les briques essentielles d’une solution IoTEntreprises : découvrez les briques essentielles d’une solution IoT
Entreprises : découvrez les briques essentielles d’une solution IoTScaleway
 
[PPT] _ Unit 2 _ Complete PPT.pptx
[PPT] _ Unit 2 _ Complete PPT.pptx[PPT] _ Unit 2 _ Complete PPT.pptx
[PPT] _ Unit 2 _ Complete PPT.pptxSelvaraj Seerangan
 
UNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGSUNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGSbinuvijay1
 
AccML, co-located with HiPEAC 2021_Pedro Trancoso presentation
AccML, co-located with HiPEAC 2021_Pedro Trancoso presentationAccML, co-located with HiPEAC 2021_Pedro Trancoso presentation
AccML, co-located with HiPEAC 2021_Pedro Trancoso presentationVEDLIoT Project
 
[[IAA JSR 10(1)36-48, 2023.Automated Hybrid Smart Door Control System.pdf
[[IAA JSR 10(1)36-48, 2023.Automated Hybrid Smart Door Control System.pdf[[IAA JSR 10(1)36-48, 2023.Automated Hybrid Smart Door Control System.pdf
[[IAA JSR 10(1)36-48, 2023.Automated Hybrid Smart Door Control System.pdfPUBLISHERJOURNAL
 
Automated Hybrid Smart Door Control System.pdf
Automated Hybrid Smart Door Control System.pdfAutomated Hybrid Smart Door Control System.pdf
Automated Hybrid Smart Door Control System.pdfssuser793b4e
 
Pushing the Boundaries of Data Visualization
Pushing the Boundaries of Data VisualizationPushing the Boundaries of Data Visualization
Pushing the Boundaries of Data VisualizationInductive Automation
 
FG2.pptx
FG2.pptxFG2.pptx
FG2.pptxpanvalkarchaitali
 
PhD Defense of Teodoro Montanaro
PhD Defense of Teodoro MontanaroPhD Defense of Teodoro Montanaro
PhD Defense of Teodoro MontanaroTeodoro Montanaro
 
IOT UNIT 1 INTRODUCTION TO INTERNET OF THINGS
IOT UNIT 1 INTRODUCTION TO INTERNET OF THINGSIOT UNIT 1 INTRODUCTION TO INTERNET OF THINGS
IOT UNIT 1 INTRODUCTION TO INTERNET OF THINGSbinuvijay1
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to productionMender.io
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
Secure context-awareness in ubiquitous computing
Secure context-awareness in ubiquitous computingSecure context-awareness in ubiquitous computing
Secure context-awareness in ubiquitous computingVille Seppänen
 
OPPORTUNISTIC MANET AND ITS ROLE IN NEXTGENERATION ANDROID IOT NETWORKING
OPPORTUNISTIC MANET AND ITS ROLE IN NEXTGENERATION ANDROID IOT NETWORKING OPPORTUNISTIC MANET AND ITS ROLE IN NEXTGENERATION ANDROID IOT NETWORKING
OPPORTUNISTIC MANET AND ITS ROLE IN NEXTGENERATION ANDROID IOT NETWORKING AlAtfat
 
Connecting Home Appliances via Bluetooth using IoT
Connecting Home Appliances via Bluetooth using IoTConnecting Home Appliances via Bluetooth using IoT
Connecting Home Appliances via Bluetooth using IoTIRJET Journal
 
Bluetooth
BluetoothBluetooth
Bluetoothkajalsingh177
 
Track 2 session 2 - st dev con 2016 - stm32 open development environment
Track 2 session 2 - st dev con 2016 - stm32 open development environmentTrack 2 session 2 - st dev con 2016 - stm32 open development environment
Track 2 session 2 - st dev con 2016 - stm32 open development environmentST_World
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 

Contenu connexe

Similaire à A Gateway based MUD Architecture to Enhance Smart Home Security

1_COMPONENTS OF COMPUTER SYSTEM_Show
1_COMPONENTS OF COMPUTER SYSTEM_Show1_COMPONENTS OF COMPUTER SYSTEM_Show
1_COMPONENTS OF COMPUTER SYSTEM_ShowManojKumar4723
 
Design and implementation of a smart home system with two levels of security ...
Design and implementation of a smart home system with two levels of security ...Design and implementation of a smart home system with two levels of security ...
Design and implementation of a smart home system with two levels of security ...nooriasukmaningtyas
 
iNGENIOUS: Next Generation IoT for the Next-Generation Supply Chain
iNGENIOUS: Next Generation IoT for the Next-Generation Supply ChainiNGENIOUS: Next Generation IoT for the Next-Generation Supply Chain
iNGENIOUS: Next Generation IoT for the Next-Generation Supply ChainiNGENIOUSIoT
 
Entreprises : découvrez les briques essentielles d’une solution IoT
Entreprises : découvrez les briques essentielles d’une solution IoTEntreprises : découvrez les briques essentielles d’une solution IoT
Entreprises : découvrez les briques essentielles d’une solution IoTScaleway
 
[PPT] _ Unit 2 _ Complete PPT.pptx
[PPT] _ Unit 2 _ Complete PPT.pptx[PPT] _ Unit 2 _ Complete PPT.pptx
[PPT] _ Unit 2 _ Complete PPT.pptxSelvaraj Seerangan
 
UNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGSUNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGSbinuvijay1
 
AccML, co-located with HiPEAC 2021_Pedro Trancoso presentation
AccML, co-located with HiPEAC 2021_Pedro Trancoso presentationAccML, co-located with HiPEAC 2021_Pedro Trancoso presentation
AccML, co-located with HiPEAC 2021_Pedro Trancoso presentationVEDLIoT Project
 
[[IAA JSR 10(1)36-48, 2023.Automated Hybrid Smart Door Control System.pdf
[[IAA JSR 10(1)36-48, 2023.Automated Hybrid Smart Door Control System.pdf[[IAA JSR 10(1)36-48, 2023.Automated Hybrid Smart Door Control System.pdf
[[IAA JSR 10(1)36-48, 2023.Automated Hybrid Smart Door Control System.pdfPUBLISHERJOURNAL
 
Automated Hybrid Smart Door Control System.pdf
Automated Hybrid Smart Door Control System.pdfAutomated Hybrid Smart Door Control System.pdf
Automated Hybrid Smart Door Control System.pdfssuser793b4e
 
Pushing the Boundaries of Data Visualization
Pushing the Boundaries of Data VisualizationPushing the Boundaries of Data Visualization
Pushing the Boundaries of Data VisualizationInductive Automation
 
PhD Defense of Teodoro Montanaro
PhD Defense of Teodoro MontanaroPhD Defense of Teodoro Montanaro
PhD Defense of Teodoro MontanaroTeodoro Montanaro
 
IOT UNIT 1 INTRODUCTION TO INTERNET OF THINGS
IOT UNIT 1 INTRODUCTION TO INTERNET OF THINGSIOT UNIT 1 INTRODUCTION TO INTERNET OF THINGS
IOT UNIT 1 INTRODUCTION TO INTERNET OF THINGSbinuvijay1
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to productionMender.io
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
Secure context-awareness in ubiquitous computing
Secure context-awareness in ubiquitous computingSecure context-awareness in ubiquitous computing
Secure context-awareness in ubiquitous computingVille Seppänen
 
OPPORTUNISTIC MANET AND ITS ROLE IN NEXTGENERATION ANDROID IOT NETWORKING
OPPORTUNISTIC MANET AND ITS ROLE IN NEXTGENERATION ANDROID IOT NETWORKING OPPORTUNISTIC MANET AND ITS ROLE IN NEXTGENERATION ANDROID IOT NETWORKING
OPPORTUNISTIC MANET AND ITS ROLE IN NEXTGENERATION ANDROID IOT NETWORKING AlAtfat
 
Connecting Home Appliances via Bluetooth using IoT
Connecting Home Appliances via Bluetooth using IoTConnecting Home Appliances via Bluetooth using IoT
Connecting Home Appliances via Bluetooth using IoTIRJET Journal
 
Track 2 session 2 - st dev con 2016 - stm32 open development environment
Track 2 session 2 - st dev con 2016 - stm32 open development environmentTrack 2 session 2 - st dev con 2016 - stm32 open development environment
Track 2 session 2 - st dev con 2016 - stm32 open development environmentST_World
 

Similaire à A Gateway based MUD Architecture to Enhance Smart Home Security (20)

1_COMPONENTS OF COMPUTER SYSTEM_Show
1_COMPONENTS OF COMPUTER SYSTEM_Show1_COMPONENTS OF COMPUTER SYSTEM_Show
1_COMPONENTS OF COMPUTER SYSTEM_Show
 
Design and implementation of a smart home system with two levels of security ...
Design and implementation of a smart home system with two levels of security ...Design and implementation of a smart home system with two levels of security ...
Design and implementation of a smart home system with two levels of security ...
 
iNGENIOUS: Next Generation IoT for the Next-Generation Supply Chain
iNGENIOUS: Next Generation IoT for the Next-Generation Supply ChainiNGENIOUS: Next Generation IoT for the Next-Generation Supply Chain
iNGENIOUS: Next Generation IoT for the Next-Generation Supply Chain
 
Entreprises : découvrez les briques essentielles d’une solution IoT
Entreprises : découvrez les briques essentielles d’une solution IoTEntreprises : découvrez les briques essentielles d’une solution IoT
Entreprises : découvrez les briques essentielles d’une solution IoT
 
[PPT] _ Unit 2 _ Complete PPT.pptx
[PPT] _ Unit 2 _ Complete PPT.pptx[PPT] _ Unit 2 _ Complete PPT.pptx
[PPT] _ Unit 2 _ Complete PPT.pptx
 
UNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGSUNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGS
 
AccML, co-located with HiPEAC 2021_Pedro Trancoso presentation
AccML, co-located with HiPEAC 2021_Pedro Trancoso presentationAccML, co-located with HiPEAC 2021_Pedro Trancoso presentation
AccML, co-located with HiPEAC 2021_Pedro Trancoso presentation
 
[[IAA JSR 10(1)36-48, 2023.Automated Hybrid Smart Door Control System.pdf
[[IAA JSR 10(1)36-48, 2023.Automated Hybrid Smart Door Control System.pdf[[IAA JSR 10(1)36-48, 2023.Automated Hybrid Smart Door Control System.pdf
[[IAA JSR 10(1)36-48, 2023.Automated Hybrid Smart Door Control System.pdf
 
Automated Hybrid Smart Door Control System.pdf
Automated Hybrid Smart Door Control System.pdfAutomated Hybrid Smart Door Control System.pdf
Automated Hybrid Smart Door Control System.pdf
 
Pushing the Boundaries of Data Visualization
Pushing the Boundaries of Data VisualizationPushing the Boundaries of Data Visualization
Pushing the Boundaries of Data Visualization
 
FG2.pptx
FG2.pptxFG2.pptx
FG2.pptx
 
PhD Defense of Teodoro Montanaro
PhD Defense of Teodoro MontanaroPhD Defense of Teodoro Montanaro
PhD Defense of Teodoro Montanaro
 
IOT UNIT 1 INTRODUCTION TO INTERNET OF THINGS
IOT UNIT 1 INTRODUCTION TO INTERNET OF THINGSIOT UNIT 1 INTRODUCTION TO INTERNET OF THINGS
IOT UNIT 1 INTRODUCTION TO INTERNET OF THINGS
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to production
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
 
Secure context-awareness in ubiquitous computing
Secure context-awareness in ubiquitous computingSecure context-awareness in ubiquitous computing
Secure context-awareness in ubiquitous computing
 
OPPORTUNISTIC MANET AND ITS ROLE IN NEXTGENERATION ANDROID IOT NETWORKING
OPPORTUNISTIC MANET AND ITS ROLE IN NEXTGENERATION ANDROID IOT NETWORKING OPPORTUNISTIC MANET AND ITS ROLE IN NEXTGENERATION ANDROID IOT NETWORKING
OPPORTUNISTIC MANET AND ITS ROLE IN NEXTGENERATION ANDROID IOT NETWORKING
 
Connecting Home Appliances via Bluetooth using IoT
Connecting Home Appliances via Bluetooth using IoTConnecting Home Appliances via Bluetooth using IoT
Connecting Home Appliances via Bluetooth using IoT
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
Track 2 session 2 - st dev con 2016 - stm32 open development environment
Track 2 session 2 - st dev con 2016 - stm32 open development environmentTrack 2 session 2 - st dev con 2016 - stm32 open development environment
Track 2 session 2 - st dev con 2016 - stm32 open development environment
 

Dernier

Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesPrabhanshu Chaturvedi
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 

Dernier (20)

Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and Properties
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 

A Gateway based MUD Architecture to Enhance Smart Home Security

  • 1. A Gateway-based MUD Architecture to Enhance Smart Home Security Fulvio Corno and Luca Mannella e-Lite research group Department of Control and Computer Engineering Politecnico di Torino,Turin, Italy 8th International Conference On Smart and Sustainable Technologies Bol, June 21, 2023
  • 2. Outline • Internet of Things and smart homes context Introduction • Manufacturer Usage Description (MUD) Background • Presenting the architecture and the PoC Proposed Approach • Sum up and future work Conclusions June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 2
  • 3. Introduction • Smart Home (SH) systems are in a dangerous situation • Very widespread (12.2 billion active endpoints) • USENIX 2019: at least 40% houses have an IoT device (70% in the U.S.A.) • A large percentage of these devices has a known vulnerability • Compromised devices could create serious issues • IoT devices are infected to carry on DDoS attacks (Mirai Botnet) • Affecting other devices in the same network • To manage them, Smart Home Gateways (SHG) are often involved • Goal: take advantage of the SHG to enhance SH security thanks to • the MUD standard • plug-in developers' intervention June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 3
  • 4. Manufacturer Usage Description (MUD) Less (connection) is more (secure) June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 4
  • 5. Manufacturer Usage Description (MUD) • IETF Standard: RFC-8520 (originally proposed by CISCO) • Main goal: reducing unexpected communications to/from an IoT device • Defining a proper architecture and data model • How? With a white-listing approach • The manufacturer specifies the authorized connections (policy) in a dedicated "MUD file" • Other connections are forbidden June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 5
  • 6. MUD files and MUD Policy Enforcement • Each class of device produced by a Manufacturer must have a dedicated MUD file • E.g., a MUD file for Amazon Echo Dot, a MUD file for the Philips Hue, etc. • The MUD file is composed by a set of policy • Expressed in JSON format • Each policy defines the endpoints of the allowed communications • These policies are enforced by the network where the device is deployed • A "MUD Manager" must be in the local network • The enforcement is partially left to the local network administration June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 6
  • 7. How MUD Works These two components can be deployed on the same device Thing Router or Switch 1. Expose a MUD URL DHCP, LLDP, 802.1AR MUD Manager 2. Forward the MUD URL 5. Enforce the device’s policies End system network 3. Get URL HTTPS 4. MUD file MUD File Server F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security June 21, 2023 7
  • 8. Promising but not much deployed • MUD is considered promising by ENISA and NIST • Manufacturers are not creating (and deploying) MUD files • A possible solution (already faced in literature): • a third party could create the MUD file instead of the manufacturer June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 8
  • 9. Proposed approach A Gateway-based MUD Architecture to Enhance Smart Home Security June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 9
  • 10. Extending MUD Architecture • A suitable third-party could be a smart home gateway • Device able to coordinate many IoT devices • Often extensible through plug-ins • Developers and tinkerers could help in creating these MUD files • specifying plug-ins’ endpoints through some “MUD snippets” • even if they have • limited experience with the technology • no dedicated servers • To achieve this goal is necessary to extend the MUD architecture June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 10
  • 11. Extended MUD Architecture Smart Home Gateway Router or Switch 2. Expose MUD URL DHCP, LLDP, 802.1AR MUD Manager 6. Enforce the SHG policies End system network Func 1 Thing 1 Plug-in N 3. Forward the MUD URL MUD Generator MUD Policies MUD Policies MUD Policies MUD File F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 1. Generate and sign the MUD File 0. Plug-in’s developer writes MUD-compliant policies June 21, 2023 11 7. Reiterate the flow
  • 12. Main Contributions of the Paper 1. Extend the MUD concept in a transparent way • A SHG can manage many devices in its smart home • The devices and the MUD manager are not aware of this change 2. Protect devices not natively MUD-enabled • Thanks to developers’ contributions 3. Protect SHGs and their plug-ins with the MUD standard • Protecting every kind of plug-in • Regardless of the offered functionality • I.e., not only devices June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 12
  • 13. Use Case: MUD Manager OpenWrt — https://openwrt.org/ • Open Wireless Router • a Linux operating system targeting embedded devices • Initial release in January 2004 osMUD — https://osmud.org • The open source MUD manager • A C-based MUD manager • Designed to run on OpenWrt version 17 • Version 0.2 (released in March 2019) • improved for this project — https://github.com/Sarcares/osmud/tree/mud-refreshing • osMUD is now able to manage updated versions of the devices’ MUD files June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 13
  • 14. Use Case: Smart Home Gateway Home Assistant (HAss) — https://www.home-assistant.io/ • A Python-based open-source smart home gateway software • Developed since 2013 and released in 2016 • More than 240,000 active installations • Four different types of release • Each of them with additional features with respect to core version • Extensible through two different kind of plug-ins: integrations and add-ons • Focus on Integrations — https://www.home-assistant.io/integrations • Available in all Home Assistant releases • Closer to “traditional” plug-in concept • Deeply integrated in Hass • Developed integration: MUD Generator June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 14
  • 15. The Prototype • Two Raspberry Pi 3 Model B • One Raspberry equipped with: • OpenWrt OS: version 17.01.6 • Slightly improved version of osMUD 0.2 • adding processing of MUD files from already known devices • Another Raspberry equipped with: • Home-Assistant OS: version 9.2 (currently updated to 10.2) • default and custom integrations • the MUD generator integration F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security June 21, 2023 15
  • 16. Testing the Prototype • Testing the solution with 3 integrations • 2 custom: an emulated temperature sensor and a switch • 1 standard: a meteo adapter • We wrote the related “MUD snippets” • With the necessary endpoints • MUD generator merges them in a gateway-level MUD file • The MUD file is correctly signed, exposed, verified, and enforced • After the enforcement, we observed as the SHG can reach only the specified endpoints June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 16
  • 17. Conclusions June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 17
  • 18. Conclusions • Purposes of this proposed approach • Protect devices not natively MUD-enabled • Extend the MUD concept even to software functionalities • Achieved through an extended MUD architecture • Transparent for • The MUD manager • The integrated devices June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 18
  • 19. Current and Next Steps • Expanding this proposed approach even to add-ons • MUD snippets’ authentication • only trusted developers must be able to add their MUD snippets • MUD snippets must be associated to the proper plug-in • MUD policies issue • Policy Errors: detecting if a policy is wrong-written • Policy Conflicts: detecting if two policies contradict each other • Policy Sub-Optimizations: detecting if policies are overlapping June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 19
  • 20. Thanks for your kind attention! Any questions? F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security e-Lite research group Department of Control and Computer Engineering Politecnico di Torino, Turin, Italy June 21, 2023 Publications Stay Connected Fulvio Corno fulvio.corno@polito.it Full Professor Luca Mannella luca.mannella@polito.it Ph.D. student 20
  • 21. License • These slides are distributed under a Creative Commons license: “Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)” • You are free to: • Share — copy and redistribute the material in any medium or format • Adapt — remix, transform, and build upon the material • The licensor cannot revoke these freedoms as long as you follow the license terms. • Under the following terms: • Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. • NonCommercial — You may not use the material for commercial purposes. • ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original. • No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits. • https://creativecommons.org/licenses/by-nc-sa/4.0/ June 21, 2023 F. Corno and L. Mannella — A Gateway-based MUD Architecture to Enhance Smart Home Security 21