Demo: NFV-based IoT Security at the ISP Level

Yehuda Afek; Anat Bremler-Barr; David Hay; Lior Shafir; Ihab Zhaika

doi:10.1109/NOMS47738.2020.9110409

Demo: NFV-based IoT Security at the ISP Level

Yehuda Afek, Anat Bremler-Barr, David Hay, Lior Shafir, Ihab Zhaika

Tel Aviv University, The Hebrew University of Jerusalem

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

This demo focuses on demonstrating features of a new system to protect IoT devices in customer premises at the ISP level. The core of the system is deployed as a Virtual Network Function (VNF) within the ISP network, and is based on the Manufacturer Usage Description (MUD) framework, a white-list IoT protection scheme that has been proposed in recent years.As MUD is designed for on-premise deployment, the system makes the necessary adaptations to enable its deployment outside the customer premise. Moreover, the system includes a mechanism to distinguish between flows of different devices at the ISP level despite the fact that most home networks (and their IoT devices) are behind a NAT and all the flows from the same home come out with the same source IP address.Our demo follows closely a proof-of-concept that we have done with a large national level ISP, showing how our system can identify the various IoT devices that are connected to the network and detecting any unauthorized communications.

Original language	English
Title of host publication	Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020
Subtitle of host publication	Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781728149738
DOIs	https://doi.org/10.1109/NOMS47738.2020.9110409
State	Published - Apr 2020
Event	2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020 - Budapest, Hungary Duration: 20 Apr 2020 → 24 Apr 2020

Publication series

Name	Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020

Conference

Conference	2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020
Country/Territory	Hungary
City	Budapest
Period	20/04/20 → 24/04/20

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Computer Science Applications
Signal Processing
Information Systems and Management
Health Informatics
Artificial Intelligence

Access to Document

10.1109/NOMS47738.2020.9110409

Cite this

Afek, Y., Bremler-Barr, A., Hay, D., Shafir, L., & Zhaika, I. (2020). Demo: NFV-based IoT Security at the ISP Level. In Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020 Article 9110409 (Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/NOMS47738.2020.9110409

Afek, Yehuda ; Bremler-Barr, Anat ; Hay, David et al. / Demo : NFV-based IoT Security at the ISP Level. Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020. Institute of Electrical and Electronics Engineers Inc., 2020. (Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020).

@inproceedings{165051ab36f1427a9092d5205e1f195c,

title = "Demo: NFV-based IoT Security at the ISP Level",

abstract = "This demo focuses on demonstrating features of a new system to protect IoT devices in customer premises at the ISP level. The core of the system is deployed as a Virtual Network Function (VNF) within the ISP network, and is based on the Manufacturer Usage Description (MUD) framework, a white-list IoT protection scheme that has been proposed in recent years.As MUD is designed for on-premise deployment, the system makes the necessary adaptations to enable its deployment outside the customer premise. Moreover, the system includes a mechanism to distinguish between flows of different devices at the ISP level despite the fact that most home networks (and their IoT devices) are behind a NAT and all the flows from the same home come out with the same source IP address.Our demo follows closely a proof-of-concept that we have done with a large national level ISP, showing how our system can identify the various IoT devices that are connected to the network and detecting any unauthorized communications.",

author = "Yehuda Afek and Anat Bremler-Barr and David Hay and Lior Shafir and Ihab Zhaika",

note = "Publisher Copyright: {\textcopyright} 2020 IEEE.; 2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020 ; Conference date: 20-04-2020 Through 24-04-2020",

year = "2020",

month = apr,

doi = "10.1109/NOMS47738.2020.9110409",

language = "الإنجليزيّة",

series = "Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020",

address = "الولايات المتّحدة",

}

Afek, Y, Bremler-Barr, A , Hay, D, Shafir, L & Zhaika, I 2020, Demo: NFV-based IoT Security at the ISP Level. in Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020., 9110409, Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020, Institute of Electrical and Electronics Engineers Inc., 2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020, Budapest, Hungary, 20/04/20. https://doi.org/10.1109/NOMS47738.2020.9110409

Demo: NFV-based IoT Security at the ISP Level. / Afek, Yehuda; Bremler-Barr, Anat ; Hay, David et al.
Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020. Institute of Electrical and Electronics Engineers Inc., 2020. 9110409 (Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Demo

T2 - 2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020

AU - Afek, Yehuda

AU - Bremler-Barr, Anat

AU - Hay, David

AU - Shafir, Lior

AU - Zhaika, Ihab

PY - 2020/4

Y1 - 2020/4

N2 - This demo focuses on demonstrating features of a new system to protect IoT devices in customer premises at the ISP level. The core of the system is deployed as a Virtual Network Function (VNF) within the ISP network, and is based on the Manufacturer Usage Description (MUD) framework, a white-list IoT protection scheme that has been proposed in recent years.As MUD is designed for on-premise deployment, the system makes the necessary adaptations to enable its deployment outside the customer premise. Moreover, the system includes a mechanism to distinguish between flows of different devices at the ISP level despite the fact that most home networks (and their IoT devices) are behind a NAT and all the flows from the same home come out with the same source IP address.Our demo follows closely a proof-of-concept that we have done with a large national level ISP, showing how our system can identify the various IoT devices that are connected to the network and detecting any unauthorized communications.

AB - This demo focuses on demonstrating features of a new system to protect IoT devices in customer premises at the ISP level. The core of the system is deployed as a Virtual Network Function (VNF) within the ISP network, and is based on the Manufacturer Usage Description (MUD) framework, a white-list IoT protection scheme that has been proposed in recent years.As MUD is designed for on-premise deployment, the system makes the necessary adaptations to enable its deployment outside the customer premise. Moreover, the system includes a mechanism to distinguish between flows of different devices at the ISP level despite the fact that most home networks (and their IoT devices) are behind a NAT and all the flows from the same home come out with the same source IP address.Our demo follows closely a proof-of-concept that we have done with a large national level ISP, showing how our system can identify the various IoT devices that are connected to the network and detecting any unauthorized communications.

UR - http://www.scopus.com/inward/record.url?scp=85086770394&partnerID=8YFLogxK

U2 - 10.1109/NOMS47738.2020.9110409

DO - 10.1109/NOMS47738.2020.9110409

M3 - منشور من مؤتمر

T3 - Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020

BT - Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 20 April 2020 through 24 April 2020

ER -

Afek Y, Bremler-Barr A , Hay D, Shafir L, Zhaika I. Demo: NFV-based IoT Security at the ISP Level. In Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020. Institute of Electrical and Electronics Engineers Inc. 2020. 9110409. (Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020). doi: 10.1109/NOMS47738.2020.9110409

Demo: NFV-based IoT Security at the ISP Level

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this