Back to Search
Start Over
Role of Device Identification and Manufacturer Usage Description in IoT Security: A Survey
- Source :
- IEEE Access, Vol 9, Pp 41757-41786 (2021)
- Publication Year :
- 2021
- Publisher :
- Institute of Electrical and Electronics Engineers (IEEE), 2021.
-
Abstract
- This paper presents an overview of device identification techniques and the Manufacturer Usage Description (MUD) standard used for the Internet of things to reduce the IoT attack surface. The ongoing diversity and the sheer increase in the number of connected IoT devices have crumpled security efforts. There is a need to reconsider and redesign the underlying concept of developing security systems to resolve IoT security challenges. In this backdrop, device profiling and identification have emerged as an exciting technique that helps to reduce IoT device attack surface. One of the known approaches for device identification is to fingerprint a device. There are many ways to fingerprint the device, mostly using device network flows or device local attributes. The device identification ensures the authenticity of the device attached to the network, like user authentication. Since IoT devices mostly work using machine-to-machine (M2M) communication, this requires identifying each device properly. But there is no unified approach for device identification for the ever-growing world of IoT devices and applications. One of the major steps forward in this direction is the development of the Manufacturer Usage Description (MUD) standard that defines the role of a device within the network. It limits the device to execute the primary task only, which will help to reduce the attack surface. Since the inception of MUD, many security frameworks use this standard for IoT security. However, there is a need to scrutinize the security frameworks based on the MUD, to find out the claimed effectiveness of the standard in IoT security. This paper initially identifies and classifies the potential vulnerabilities in IoT devices. Then, the study provides an overview of the research that focuses on device identification techniques and analyzes their role in IoT security. Finally, the research presents an overview of MUD technology, its implementation scenarios, the limitation of the latest MUD standard, and its applications in the industry. The prime aim of this work is to examine the MUD benefits in IoT security along with the weaknesses and challenges while implementing this standard along with future directions.
- Subjects :
- General Computer Science
Computer science
Cryptography
02 engineering and technology
Computer security
computer.software_genre
Task (project management)
deep learning (DL)
0202 electrical engineering, electronic engineering, information engineering
Profiling (information science)
General Materials Science
device identification (DI)
Password
machine learning (ML)
business.industry
software defined network (SDN)
Manufacturer usage description (MUD)
Fingerprint (computing)
General Engineering
020206 networking & telecommunications
Attack surface
Flow network
Internet of Things (IoT)
Identification (information)
020201 artificial intelligence & image processing
lcsh:Electrical engineering. Electronics. Nuclear engineering
business
lcsh:TK1-9971
computer
Subjects
Details
- ISSN :
- 21693536
- Volume :
- 9
- Database :
- OpenAIRE
- Journal :
- IEEE Access
- Accession number :
- edsair.doi.dedup.....1a640f3c095d0ae431f1fdf3cc2795a4