Threat to the DNS
While the internet of things (IoT) promises to enable many new types of services and applications, IoT devices are often poorly secured and as a result pose a threat to the security and stability of the core systems of the internet, such as to the Domain Name System (DNS). In October 2016, for example, DNS operator Dyn was hit by a Denial of Service (DoS) attack carried out through millions of IoT devices compromised with the Mirai botnet that allegedly reached an aggregate magnitude of 1.2 Tbps. Other potential targets of such attacks include operators of top-level domains (such as .nl, operated by SIDN), hosting providers, and application service providers.
Threat to end-users
Another consequence of poorly secured IoT devices is that they compromise the security and privacy of end-users, for instance because they allow attackers to send spam from a vulnerable fridge. This jeopardizes users’ trust in the internet and their home environment, in particular because the average end-user typically finds it hard to distinguish between well and poorly secured IoT devices and in many cases even lack the interest in these characteristics.
These developments motivated us to design and implement the system for Security and Privacy for In-home Networks (SPIN), which provides network-level security functions that monitor and automatically block vulnerable IoT devices. The goal of the SPIN system is to protect (1) DNS infrastructure operators and other service providers on the internet from DDoS attacks and (2) to protect users’ security and privacy in their homes. SPIN focuses on home networks because they are typically not as well-managed as corporate ones. Our view is that SPIN is an element of a wider integrated approach to IoT security, which for instance also involves setting up a commonly applied security certification mark for IoT devices.
Users at the centre
SPIN takes a unique user-centric approach in that it (1) allows users to easily deploy the system through pluggable SPIN devices that automatically monitor and block traffic for groups of IoT devices in the home, (2) protects users’ privacy by keeping all processing and threat handling on the SPIN devices in their home, (3) allows users to configure the system with their security control preferences, for instance in term of the system’s traffic blocking behavior. SPIN is also unique because it enables the security community to provide traces of malicious traffic, thus extending the systems’ threat detection capabilities.
We have developed a working prototype of the SPIN system, which focuses on visualizing and blocking traffic to and from IoT devices for privacy protection purposes. The source code is available in the form of an open source package for OpenWRT devices, but can also be built and run on other Linux-based systems. We bundled it with our Valibox firmware for DNSSEC validation. A screencast of the SPIN dashboard for a SPIN device running in an actual home network is available here.
Our technical report discusses our ongoing work on the design and implementation of the SPIN system, which builds on the work we previously reported on in this blog.
As usual, we welcome feedback on our work. If you would like to share your thoughts with us, then please drop us an e-mail at firstname.lastname@example.org or contact us via Twitter @sidnlabs.
Download the full tech report.