IoT MUD enforcement in the edge cloud using programmable switch
A, Harish S and Kothapalli, Hemanth and Lahoti, Shubham and Kataoka, Kotaro and Tammana, Praveen (2022) IoT MUD enforcement in the edge cloud using programmable switch. In: 3rd ACM SIGCOMM 2022 Workshop on Formal Foundations and Security of Programmable Network Infrastructures, FFSPIN 2022, 22 August 2022, Amsterdam.
![[img]](http://raiithold.iith.ac.in/style/images/fileicons/text.png) |
Text
FFSPIN_2022.pdf - Published Version Available under License Creative Commons Attribution. Download (439kB) |
Abstract
Targeted data breaches and cybersecurity attacks involving IoT devices are becoming ever more concerning. To combat these threats and risks, the IETF standardized Manufacturer Usage Description (MUD), which allows IoT device vendors to specify the intended communication patterns (MUD profile) of an IoT device. MUD profile enables validation of the actual communication pattern of an IoT device with the intended behavior at run-time. However, the MUD specification was primarily intended for enforcement at the Local Area Network (LAN) of the IoT device, thus fragmenting the solution across multiple heterogeneous networks. MUD enforcement at higher levels in the network hierarchy (e.g., private edge for enterprise networks) eases security policy management and reduces processing overheads on the existing security infrastructure. To realize MUD enforcement at the edge, there are mainly two challenges: (1) How to identify an IoT device at the edge so that enforcing device-specific MUD profile on the IoT traffic is possible. (2) How to scale MUD enforcement to a large network of IoT devices. In this paper, we present our approach to address these challenges and validate IoT device communication at the edge. In order to scale MUD enforcement to a large IoT network, we leverage multi-stage pipeline architecture and stateful ALUs of P4 programmable switch and process IoT traffic in the dataplane. © 2022 ACM.
| IITH Creators: |
|
||||||
|---|---|---|---|---|---|---|---|
| Item Type: | Conference or Workshop Item (Paper) | ||||||
| Additional Information: | We thank Dhiraj Saharia and Shiv Kumar for their valuable feedback on the final draft of the paper. We also thank Achmad Basuki, Yung-Wey Chong and Selvakumar Manickam for their insights. The work is supported by the SERB ASEAN (CRD/2020/000347) initiative. | ||||||
| Uncontrolled Keywords: | internet of things; manufacturer usage description; network security; programmable networks | ||||||
| Subjects: | Computer science | ||||||
| Divisions: | Department of Computer Science & Engineering | ||||||
| Depositing User: | . LibTrainee 2021 | ||||||
| Date Deposited: | 29 Sep 2022 08:56 | ||||||
| Last Modified: | 29 Sep 2022 08:57 | ||||||
| URI: | http://raiithold.iith.ac.in/id/eprint/10733 | ||||||
| Publisher URL: | http://doi.org/10.1145/3528082.3544832 | ||||||
| Related URLs: |
Actions (login required)
 |
View Item |
|
Statistics for this ePrint Item |
Altmetric
Altmetric