Supervising Smart Home Device Interactions: A Profile-Based Firewall Approach

TL;DR

This paper introduces a new expressive language for describing smart home device traffic patterns, enabling more effective firewall configurations that improve security without impacting performance.

Contribution

It presents a novel language for device profiles that surpasses MUD's expressiveness and translates them into efficient firewall rules for enhanced security.

Findings

Accurately blocks unwanted device traffic

Negligible latency impact on network performance

Effective in diverse Smart Home device scenarios

Abstract

Internet of Things devices can now be found everywhere, including in our households in the form of Smart Home networks. Despite their ubiquity, their security is unsatisfactory, as demonstrated by recent attacks. The IETF's MUD standard has as goal to simplify and automate the secure deployment of end devices in networks. A MUD file contains a device specific description of allowed network activities (e.g., allowed IP ports or host addresses) and can be used to configure for example a firewall. A major weakness of MUD is that it is not expressive enough to describe traffic patterns representing device interactions, which often occur in modern Smart Home platforms. In this article, we present a new language for describing such traffic patterns. The language allows writing device profiles that are more expressive than MUD files and take into account the interdependencies of traffic connections. We show how these profiles can be translated to efficient code for a lightweight firewall leveraging NFTables to block non-conforming traffic. We evaluate our approach on traffic generated by various Smart Home devices, and show that our system can accurately block unwanted traffic while inducing negligible latency.