Clear as MUD: Generating, Validating and Applying IoT Behaviorial Profiles (Technical Report)
This work addresses the risk of IoT devices in cyber-attacks for manufacturers and adopters, though it is incremental as it builds on existing MUD standards.
The paper tackles the problem of securing IoT devices by assisting manufacturers in creating and verifying Manufacturer Usage Description (MUD) profiles, resulting in a tool that automatically generates MUD profiles from traffic traces for 28 devices and a framework that validates these profiles for consistency and policy compatibility.
IoT devices are increasingly being implicated in cyber-attacks, driving community concern about the risks they pose to critical infrastructure, corporations, and citizens. In order to reduce this risk, the IETF is pushing IoT vendors to develop formal specifications of the intended purpose of their IoT devices, in the form of a Manufacturer Usage Description (MUD), so that their network behavior in any operating environment can be locked down and verified rigorously. This paper aims to assist IoT manufacturers in developing and verifying MUD profiles, while also helping adopters of these devices to ensure they are compatible with their organizational policies. Our first contribution is to develop a tool that takes the traffic trace of an arbitrary IoT device as input and automatically generates a MUD profile for it. We contribute our tool as open source, apply it to 28 consumer IoT devices, and highlight insights and challenges encountered in the process. Our second contribution is to apply a formal semantic framework that not only validates a given MUD profile for consistency, but also checks its compatibility with a given organizational policy. Finally, we apply our framework to representative organizations and selected devices, to demonstrate how MUD can reduce the effort needed for IoT acceptance testing.