Ihab Zhaika

Wi-Fi (IEEE 802.11) is the most-used protocol for wireless internet access on customer premises. The MAC address of each connected device, which used to be static, is being recently randomized (by the device’s operating system) as frequently as daily to prevent tracking and fingerprinting of devices and users. While this feature might be useful in public areas, it disturbs some day-to-day functionalities, such as firewalls, parental control, and similar applications that require a static identifier per device. In this work, we present methods to ensure the functionalities of these applications, even when the MAC address is changed every time the device connects to the network. Our methods work even if the latest MAC randomization techniques are applied and provide these device identifications only to the gateway router. (Potentially malicious) devices that are connected to the same LAN, still see the randomized MAC

This demo focuses on demonstrating features of a new system to protect IoT devices in customer premises at the ISP level. The core of the system is deployed as a Virtual Network Function (VNF) within the ISP network, and is based on the Manufacturer Usage Description (MUD) framework, a white-list IoT protection scheme that has been proposed in recent years.
As MUD is designed for on-premise deployment, the system makes the necessary adaptations to enable its deployment outside the customer premise. Moreover, the system includes a mechanism to distinguish between flows of different devices at the ISP level despite the fact that most home networks (and their IoT devices) are behind a NAT and all the flows from the same home come out with the same source IP address.
Our demo follows closely a proof-of-concept that we have done with a large national level ISP, showing how our system can identify the various IoT devices that are connected to the network
and detecting any unauthorized communications.