Amr Osman, TU Dresden; Armin Wasicek, Avast Inc., USA; Stefan Köpsell and Thorsten Strufe, TU Dresden
Driven by the Internet-of-Things (IoT) and 5G, the growing size and complexity of smart home networks leads to an increased attack surface. Smart home IoT devices are typically online 24/7, have out-of-date firmware, are not regularly patched against the latest security vulnerabilities, and often collect sensitive data and send it to the cloud. In this work we propose microsegmentation as a mean to reduce the attack surface of smart home networks with the assistance of the edge cloud. We implement two network functions that cooperate to enforce fine-grained network security policies in smart homes. One function builds an inventory of all devices and their vulnerabilities. The second utilizes that information to dynamically allocate IoT devices to microsegments, and isolates them from one another using inter and intra-segment network-level security policies. We evaluated our approach using three different IoT network security metrics and IoT topologies. In the best case, microsegmentation reduces the attack surface exposed to a Mirai-infected IoT webcam by as much as 65.85% at the cost of preventing 2.16% of the otherwise-valid network flows between devices.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Amr Osman and Armin Wasicek and Stefan K{\"o}psell and Thorsten Strufe},
title = {Transparent Microsegmentation in Smart Home {IoT} Networks},
booktitle = {3rd USENIX Workshop on Hot Topics in Edge Computing (HotEdge 20)},
year = {2020},
url = {https://www.usenix.org/conference/hotedge20/presentation/osman},
publisher = {USENIX Association},
month = jun
}
