Abstract
This paper presents an overview of device identification techniques and the Manufacturer Usage Description (MUD) standard used for the Internet of things to reduce the IoT attack surface. The ongoing diversity and the sheer increase in the number of connected IoT devices have crumpled security efforts. There is a need to reconsider and redesign the underlying concept of developing security systems to resolve IoT security challenges. In this backdrop, device profiling and identification have emerged as an exciting technique that helps to reduce IoT device attack surface. One of the known approaches for device identification is to fingerprint a device. There are many ways to fingerprint the device, mostly using device network flows or device local attributes. The device identification ensures the authenticity of the device attached to the network, like user authentication. Since IoT devices mostly work using machine-to-machine (M2M) communication, this requires identifying each device properly. But there is no unified approach for device identification for the ever-growing world of IoT devices and applications. One of the major steps forward in this direction is the development of the Manufacturer Usage Description (MUD) standard that defines the role of a device within the network. It limits the device to execute the primary task only, which will help to reduce the attack surface. Since the inception of MUD, many security frameworks use this standard for IoT security. However, there is a need to scrutinize the security frameworks based on the MUD, to find out the claimed effectiveness of the standard in IoT security. This paper initially identifies and classifies the potential vulnerabilities in IoT devices. Then, the study provides an overview of the research that focuses on device identification techniques and analyzes their role in IoT security. Finally, the research presents an overview of MUD technology, its implementation scenarios, the limitation of the latest MUD standard, and its applications in the industry. The prime aim of this work is to examine the MUD benefits in IoT security along with the weaknesses and challenges while implementing this standard along with future directions.
Highlights
T HEREis a sharp hike in security attacks due to the increase of Internet of Things (IoT) applications in our daily lives
When encryption is not strictly enforced, if it is absent from your smart devices, it leaves data vulnerable and becomes an IoT security issue. (v) Lack of Device Management: Just as it is vital to know what assets are on your network, it’s important to handle them efficiently
2) DEVICE IDENTIFICATION (DI) and UnSupervised Machine Learning (ML) Training classification models take a lot of time and human effort to train the model from labeled data, due to the enormous number of IoT devices from different vendors
Summary
T HEREis a sharp hike in security attacks due to the increase of Internet of Things (IoT) applications in our daily lives. One of the study FlowFence [7] use information flow tracking to ensure legal data access by the users Such a solution mainly focus on IoT applications security. The paper discusses MUD weaknesses in the context of providing end-to-end IoT security along with MUD limitations and extensions proposed by different researchers. The contribution of this paper is as follow: 1) The study presents a summary of IoT vulnerabilities by Identifying and classifying them based on their scope This will help the researchers to quickly get an overview of the IoT security challenges in general without getting dive down on each IoT architectural layer issue. 5) The research further provides a detailed discussion on the MUD limitations and proposed extensions for industrial applications and future work in this domain.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
