SERENIoT: Collaborative Network Security Policy Management and Enforcement for Smart Homes

TL;DR

SERENIoT introduces a blockchain-based framework for collaboratively establishing and updating security policies for IoT devices in smart homes, addressing the challenge of defining and maintaining accurate device behavior profiles.

Contribution

It proposes a novel blockchain system that enables decentralized, automatic, and adaptive behavior whitelisting for IoT devices without manufacturer involvement.

Findings

Effective behavior consensus achieved among nodes.

System adapts to software updates automatically.

Demonstrated scalability and security in real and simulated environments.

Abstract

Network traffic whitelisting has emerged as a dominant approach for securing consumer IoT devices. However, determining what the whitelisted behavior of an IoT device should be remains an open challenge. Proposals to date have relied on manufacturers and trusted parties to provide whitelists, but these proposals require manufacturer involvement or placing trust in an additional stakeholder. Alternatively, locally monitoring devices can allow building whitelists of observed behavior, but devices may not exhaust their functionality set during the observation period, or the behavior may change following a software update which requires re-training. This paper proposes a blockchain-based system for determining whether an IoT device is behaving like other devices of the same type. Our system (SERENIoT, pronounced Serenity) overcomes the challenge of initially determining the correct behavior for a device. Nodes in the SERENIoT public blockchain submit summaries of the network behavior observed for connected IoT devices and build whitelists of behavior observed by the majority of nodes. Changes in behavior through software updates are automatically whitelisted once the update is broadly deployed. Through a proof-of-concept implementation of SERENIoT on a small Raspberry Pi IoT network and a large-scale Amazon EC2 simulation, we evaluate the security, scalability, and performance of our system.