Role of device identification and manufacturer usage description in IoT security: A survey

Mazhar, Noman and Salleh, Rosli and Zeeshan, Muhammad and Hameed, M. Muzaffar (2021) Role of device identification and manufacturer usage description in IoT security: A survey. IEEE Access, 9. pp. 41757-41786. ISSN 2169-3536, DOI https://doi.org/10.1109/ACCESS.2021.3065123.

Full text not available from this repository.

Abstract

This paper presents an overview of device identification techniques and the Manufacturer Usage Description (MUD) standard used for the Internet of things to reduce the IoT attack surface. The ongoing diversity and the sheer increase in the number of connected IoT devices have crumpled security efforts. There is a need to reconsider and redesign the underlying concept of developing security systems to resolve IoT security challenges. In this backdrop, device profiling and identification have emerged as an exciting technique that helps to reduce IoT device attack surface. One of the known approaches for device identification is to fingerprint a device. There are many ways to fingerprint the device, mostly using device network flows or device local attributes. The device identification ensures the authenticity of the device attached to the network, like user authentication. Since IoT devices mostly work using machine-to-machine (M2M) communication, this requires identifying each device properly. But there is no unified approach for device identification for the ever-growing world of IoT devices and applications. One of the major steps forward in this direction is the development of the Manufacturer Usage Description (MUD) standard that defines the role of a device within the network. It limits the device to execute the primary task only, which will help to reduce the attack surface. Since the inception of MUD, many security frameworks use this standard for IoT security. However, there is a need to scrutinize the security frameworks based on the MUD, to find out the claimed effectiveness of the standard in IoT security. This paper initially identifies and classifies the potential vulnerabilities in IoT devices. Then, the study provides an overview of the research that focuses on device identification techniques and analyzes their role in IoT security. Finally, the research presents an overview of MUD technology, its implementation scenarios, the limitation of the latest MUD standard, and its applications in the industry. The prime aim of this work is to examine the MUD benefits in IoT security along with the weaknesses and challenges while implementing this standard along with future directions.

Item Type: Article
Funders: RU Grants of the Malaysia Research University Network (MRUN), University of Malaya, Malaysia (GPF017D-2019), Faculty of Computer Science and Information Technology, University of Malaya, Center for Research in Industry 4.0, University of Malaya
Uncontrolled Keywords: Multiuser detection; Security; Internet of Things; Standards; Industries; Cryptography; Password; Manufacturer usage description (MUD); Internet of Things (IoT); device identification (DI); software defined network (SDN); machine learning (ML); deep learning (DL)
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
T Technology > TA Engineering (General). Civil engineering (General)
Divisions: Faculty of Computer Science & Information Technology > Department of Computer System & Technology
Faculty of Engineering
Depositing User: Ms. Juhaida Abd Rahim
Date Deposited: 04 Apr 2022 04:55
Last Modified: 04 Apr 2022 04:55
URI: http://eprints.um.edu.my/id/eprint/26646

Actions (login required)

View Item View Item
UM Research Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.