This demo focuses on demonstrating features of a new system to protect IoT devices in customer premises at the ISP level. The core of the system is deployed as a Virtual Network Function (VNF) within the ISP network, and is based on the Manufacturer Usage Description (MUD) framework, a white-list IoT protection scheme that has been proposed in recent years.
As MUD is designed for on-premise deployment, the system makes the necessary adaptations to enable its deployment outside the customer premise. Moreover, the system includes a mechanism to distinguish between flows of different devices at the ISP level despite the fact that most home networks (and their IoT devices) are behind a NAT and all the flows from the same home come out with the same source IP address.
Our demo follows closely a proof-of-concept that we have done with a large national level ISP, showing how our system can identify the various IoT devices that are connected to the network
and detecting any unauthorized communications.
DEEPNESS Lab 2022 © all rights reserved
@inproceedings{afek2020nfv, title={NFV-based IoT Security at the ISP Level}, author={Afek, Yehuda and Bremler-Barr, Anat and Hay, David and Shafir, Lior and Zhaika, Ihab}, booktitle={NOMS 2020-2020 IEEE/IFIP Network Operations and Management Symposium}, pages={1--2}, year={2020}, organization={IEEE} }