Towards Secure Smart Home IoT: Manufacturer and User Network Access Control Framework

Insecure smart home IoT network is growing in number and size, and enforcing standard security solutions in IoT is a challenge due to its limited resources. The vulnerable smart home IoT poses huge security threats. It puts smart home network security at risk as it can be used as an entry point into the network, also it exposes users' privacy due to the amount of personal data it collects. Meanwhile, as IoT increases in popularity, it has a significant impact on the security of the rest of the Internet community (e.g. forming botnets). Previous research delegates IoT security to a third party (e.g. ISP) and ignores social and contextual factor. In this paper, we propose an SDN-based framework for enforcing network static and dynamic access control, where manufacturers, security providers, and users can cooperate to enhance the smart home IoT security. Proposed approach has three features: a) it allows the manufacturers to enforce the least privileged policy for IoT, and hence reduce the risk associated with exposing IoT to the Internet; b) it enables to enforce access policy as a feedback from security services; c) it enables users to customize IoT access based on social and contextual needs (e.g. only permits LAN access to the IoT through his/her mobile), which reduce the attack surface within the network. We also proposed IPv4 ARP server as an NFV security service to mitigate ARP spoofing attack by replying to ARP requests in the network. We implement a prototype to demonstrate the functionality of the framework against common attack scenarios (i.e. network scanning, ARP spoofing).

[1]  Bryan Ng,et al.  Towards SDN Network Proofs — Taming a Complex System , 2016, 2016 21st International Conference on Engineering of Complex Computer Systems (ICECCS).

[2]  Xiaohua Jia,et al.  Secure the Internet, One Home at a Time , 2014, 2015 IEEE Global Communications Conference (GLOBECOM).

[3]  Annie I. Antón,et al.  Privacy Impacts of IoT Devices: A SmartTV Case Study , 2016, 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW).

[4]  Vijay Sivaraman,et al.  Enabling Fast and Slow Lanes for Content Providers Using Software Defined Networking , 2017, IEEE/ACM Transactions on Networking.

[5]  Andreas Jacobsson,et al.  A risk analysis of a smart home automation system , 2016, Future Gener. Comput. Syst..

[6]  B. B. Zaidan,et al.  A review of smart home applications based on Internet of Things , 2017, J. Netw. Comput. Appl..

[7]  Vijay Sivaraman,et al.  User control of quality of experience in home networks using SDN , 2013, 2013 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS).

[8]  Nick Feamster,et al.  uCap: An Internet Data Management Tool For The Home , 2015, CHI.

[9]  Lorrie Faith Cranor,et al.  A Framework for Reasoning About the Human in the Loop , 2008, UPSEC.

[10]  Srinivasan Seshan,et al.  Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things , 2015, HotNets.

[11]  Ralph E. Droms,et al.  Manufacturer Usage Description Specification , 2019, RFC.

[12]  Betsy Beyer,et al.  BeyondCorp: A New Approach to Enterprise Security , 2014, login Usenix Mag..

[13]  Bryan Ng,et al.  Scalable Architecture for SDN Traffic Classification , 2018, IEEE Systems Journal.

[14]  Jyotsna P. Gabhane,et al.  A survey based on Smart Homes system using Internet-of-Things , 2015, 2015 International Conference on Computation of Power, Energy, Information and Communication (ICCPEIC).

[15]  Vijay Sivaraman,et al.  Quantifying the reflective DDoS attack capability of household IoT devices , 2017, WISEC.

[16]  Lei Xu,et al.  Enhancing Network Security through Software Defined Networking (SDN) , 2016, 2016 25th International Conference on Computer Communication and Networks (ICCCN).

[17]  Roksana Boreli,et al.  Network-level security and privacy control for smart-home IoT devices , 2015, 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[18]  Jianhua Li,et al.  A multi-stage attack mitigation mechanism for software-defined home networks , 2016, IEEE Transactions on Consumer Electronics.

[19]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[20]  Jens Riegelsberger,et al.  Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems , 2005, NSPW '05.

[21]  Thomas Peltier,et al.  Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .

[22]  Zouheir Trabelsi Microsoft Windows vs. Apple Mac OS X: Resilience against ARP cache poisoning attack in a local area network , 2016, Inf. Secur. J. A Glob. Perspect..

[23]  W. Keith Edwards,et al.  Security automation considered harmful? , 2008, NSPW '07.

[24]  Michael Rash Linux Firewalls: Attack Detection and Response , 2007 .

[25]  Roksana Boreli,et al.  Smart-Phones Attacking Smart-Homes , 2016, WISEC.