Demo: NFV-based IoT Security at the ISP Level

Yehuda Afek, David Hay, Lior Shafir, Ihab Zhaika
Poster and brief announcement
Internet of Things (IoT), NFV/SDN


This demo focuses on demonstrating features of a new system to protect IoT devices in customer premises at the ISP level. The core of the system is deployed as a Virtual Network Function (VNF) within the ISP network, and is based on the Manufacturer Usage Description (MUD) framework, a white-list IoT protection scheme that has been proposed in recent years.
As MUD is designed for on-premise deployment, the system makes the necessary adaptations to enable its deployment outside the customer premise. Moreover, the system includes a mechanism to distinguish between flows of different devices at the ISP level despite the fact that most home networks (and their IoT devices) are behind a NAT and all the flows from the same home come out with the same source IP address.
Our demo follows closely a proof-of-concept that we have done with a large national level ISP, showing how our system can identify the various IoT devices that are connected to the network
and detecting any unauthorized communications.


  title={NFV-based IoT Security at the ISP Level},
  author={Afek, Yehuda and Bremler-Barr, Anat and Hay, David and Shafir, Lior and Zhaika, Ihab},
  booktitle={NOMS 2020-2020 IEEE/IFIP Network Operations and Management Symposium},