Distributed Firewall for IoT

Minimal local resources, lack of consistency in low level protocols and market pressures contribute to IoT devices being more vulnerable than traditional computing devices. These devices not only have a wide variety of processors and implementations, but they often serve different purposes and generate unique network traffic. Current IoT network security solutions fail to account for and handle both the scale at which IoT devices can be deployed and the heterogeneous nature of the traffic they produce. In order to accommodate these differences and improve on current solutions, we propose the implementation of a microsegmented firewall for IoT networks. Unlike traditional microsegmented architectures, which use a virtual management layer and hypervisors to manage, route, and filter the traffic from VMs, we propose the use of a cloud based management layer working in cooperation with fog node filters to manage end device traffic. The fog nodes act as the first hop from the IoT devices, filtering traffic according to the rules given to them by the management layer. This decreases packet filtering latency by distributing the computing load and limiting the number of hops packets make for processing. Meanwhile, having a singular management point gives network administrators the convenience of controlling all traffic flows at a moments notice as would be the case in a traditional SDN. As a result, this architecture promotes both the adaptability and scalability needed in IoT networks, all while securing traffic flows and minimizing latency

But is it exploitable? Exploring how Router Vendors Manage and Patch Security Vulnerabilities in Consumer-Grade Routers

Millions of consumer-grade routers are vulnerable to security attacks. Router network attacks are dangerous and infections, presenting a serious security threat. They account for 80% of infected devices in the market, posing a greater threat than infected IoT devices and desktop computers. Routers offer an attractive target of attacks due to their gateway function to home networks, internet accessibility, and higher likelihood of having vulnerabilities. A major problem with these routers is their unpatched and unaddressed security vulnerabilities. Reports show that 30% of critical router vulnerabilities discovered in 2021 have not received any response from vendors. Why? To better understand how router vendors manage and patch vulnerabilities in consumer-grade routers, and the accompanying challenges, we conducted 30 semi-structured interviews with professionals in router vendor companies selling broadband and retail routers in the UK. We found that router professionals prioritize vulnerability patching based on customer impact rather than vulnerability severity score. However, they experienced obstacles in patching vulnerabilities due to outsourcing development to third parties and the inability to support outdated models. To address these challenges, they developed workarounds such as offering replacement routers and releasing security advisories. However, they received pushback from customers who were not technically capable or concerned about security. Based on our results, we concluded with recommendations to improve security practice in routers

SPLICEcube Architecture: An Extensible Wi-Fi Monitoring Architecture for Smart-Home Networks

The vision of smart homes is rapidly becoming a reality, as the Internet of Things and other smart devices are deployed widely. Although smart devices offer convenience, they also create a significant management problem for home residents. With a large number and variety of devices in the home, residents may find it difficult to monitor, or even locate, devices. A central controller that brings all the home’s smart devices under secure management and a unified interface would help homeowners and residents track and manage their devices. We envision a solution called the SPLICEcube whose goal is to detect smart devices, locate them in three dimensions within the home, securely monitor their network traffic, and keep an inventory of devices and important device information throughout the device’s lifecycle. The SPLICEcube system consists of the following components: 1) a main cube, which is a centralized hub that incorporates and expands on the functionality of the home router, 2) a database that holds network data, and 3) a set of support cubelets that can be used to extend the range of the network and assist in gathering network data. To deliver this vision of identifying, securing, and managing smart devices, we introduce an architecture that facilitates intelligent research applications (such as network anomaly detection, intrusion detection, device localization, and device firmware updates) to be integrated into the SPLICEcube. In this thesis, we design a general-purpose Wi-Fi architecture that underpins the SPLICEcube. The architecture specifically showcases the functionality of the cubelets (Wi-Fi frame detection, Wi-Fi frame parsing, and transmission to cube), the functionality of the cube (routing, reception from cubelets, information storage, data disposal, and research application integration), and the functionality of the database (network data storage). We build and evaluate a prototype implementation to demonstrate our approach is scalable to accommodate new devices and extensible to support different applications. Specifically, we demonstrate a successful proof-of-concept use of the SPLICEcube architecture by integrating a security research application: an Inside-Outside detection system that classifies an observed Wi-Fi device as being inside or outside the home