SPIN: A user-centric Security Extension for In-home Networks

Users at the centre

The internet of things (IoT) will connect billions of devices to the Internet that we normally do not think of as computers, such as fridges, cameras, and light bulbs. At SIDN Labs, we are developing a system called SPIN (Security and Privacy for In-home Networks) that aims to reduce the security risks that these devices pose to core internet systems, service providers, and end-users. We discuss our ongoing work on the design and implementation of the system in a technical report, which we released today.

Threat to the DNS

While the internet of things (IoT) promises to enable many new types of services and applications, IoT devices are often poorly secured and as a result pose a threat to the security and stability of the core systems of the internet, such as to the Domain Name System (DNS). In October 2016, for example, DNS operator Dyn was hit by a Denial of Service (DoS) attack carried out through millions of IoT devices compromised with the Mirai botnet that allegedly reached an aggregate magnitude of 1.2 Tbps. Other potential targets of such attacks include operators of top-level domains (such as .nl, operated by SIDN), hosting providers, and application service providers.

Threat to end-users

Another consequence of poorly secured IoT devices is that they compromise the security and privacy of end-users, for instance because they allow attackers to send spam from a vulnerable fridge. This jeopardizes users’ trust in the internet and their home environment, in particular because the average end-user typically finds it hard to distinguish between well and poorly secured IoT devices and in many cases even lack the interest in these characteristics.


These developments motivated us to design and implement the system for Security and Privacy for In-home Networks (SPIN), which provides network-level security functions that monitor and automatically block vulnerable IoT devices. The goal of the SPIN system is to protect (1) DNS infrastructure operators and other service providers on the internet from DDoS attacks and (2) to protect users’ security and privacy in their homes. SPIN focuses on home networks because they are typically not as well-managed as corporate ones. Our view is that SPIN is an element of a wider integrated approach to IoT security, which for instance also involves setting up a commonly applied security certification mark for IoT devices.

Users at the centre

SPIN takes a unique user-centric approach in that it (1) allows users to easily deploy the system through pluggable SPIN devices that automatically monitor and block traffic for groups of IoT devices in the home, (2) protects users’ privacy by keeping all processing and threat handling on the SPIN devices in their home, (3) allows users to configure the system with their security control preferences, for instance in term of the system’s traffic blocking behavior. SPIN is also unique because it enables the security community to provide traces of malicious traffic, thus extending the systems’ threat detection capabilities.


We have developed a working prototype of the SPIN system, which focuses on visualizing and blocking traffic to and from IoT devices for privacy protection purposes. The source code is available in the form of an open source package for OpenWRT devices, but can also be built and run on other Linux-based systems. We bundled it with our Valibox firmware for DNSSEC validation. A screencast of the SPIN dashboard for a SPIN device running in an actual home network is available here.

Tech report

Our technical report discusses our ongoing work on the design and implementation of the SPIN system, which builds on the work we previously reported on in this blog.

Feedback welcome!

As usual, we welcome feedback on our work. If you would like to share your thoughts with us, then please drop us an e-mail at labs@sidn.nl or contact us via Twitter @sidnlabs.Download the full tech report.


  • Tuesday 25 September 2018


    Cybercrooks use fake websites to harvest health insurance data


    SIDN identifies more than 450 phishing sites exploiting health insurers' brand familiarity

    Read more
  • Thursday 21 June 2018


    Watch out for unscrupulous firms trying to sell you domain names at inflated prices


    Our advice: don't be rushed into agreeing a sale

    Read more
  • Wednesday 3 July 2019


    BIND version 9.14 requires IPv6 and DNSSEC


    Default support for modern internet standards

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.