Demo: NFV-based IoT Security at the ISP Level

Yehuda Afek, David Hay, Lior Shafir, Ihab Zhaika
Poster and brief announcement
Internet of Things (IoT), NFV/SDN


This demo focuses on demonstrating features of a new system to protect IoT devices in customer premises at the ISP level. The core of the system is deployed as a Virtual Network Function (VNF) within the ISP network, and is based on the Manufacturer Usage Description (MUD) framework, a white-list IoT protection scheme that has been proposed in recent years.
As MUD is designed for on-premise deployment, the system makes the necessary adaptations to enable its deployment outside the customer premise. Moreover, the system includes a mechanism to distinguish between flows of different devices at the ISP level despite the fact that most home networks (and their IoT devices) are behind a NAT and all the flows from the same home come out with the same source IP address.
Our demo follows closely a proof-of-concept that we have done with a large national level ISP, showing how our system can identify the various IoT devices that are connected to the network
and detecting any unauthorized communications.


Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email
  title={NFV-based IoT Security at the ISP Level},
  author={Afek, Yehuda and Bremler-Barr, Anat and Hay, David and Shafir, Lior and Zhaika, Ihab},
  booktitle={NOMS 2020-2020 IEEE/IFIP Network Operations and Management Symposium},