DeadBolt: Securing IoT Deployments
| Title | DeadBolt: Securing IoT Deployments |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Ko, Ronny, Mickens, James |
| Conference Name | Proceedings of the Applied Networking Research Workshop |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5585-8 |
| Keywords | attestation, composability, Human Behavior, Internet of Things, IoT, pubcrawl, remote attestation, Resiliency, security, Security by Default |
| Abstract | In this paper, we introduce DeadBolt, a new security framework for managing IoT network access. DeadBolt hides all of the devices in an IoT deployment behind an access point that implements deny-by-default policies for both incoming and outgoing traffic. The DeadBolt AP also forces high-end IoT devices to use remote attestation to gain network access; attestation allows the devices to prove that they run up-to-date, trusted software. For lightweight IoT devices which lack the ability to attest, the DeadBolt AP uses virtual drivers (essentially, security-focused virtual network functions) to protect lightweight device traffic. For example, a virtual driver might provide network intrusion detection, or encrypt device traffic that is natively cleartext. Using these techniques, and several others, DeadBolt can prevent realistic attacks while imposing only modest performance costs. |
| URL | http://doi.acm.org/10.1145/3232755.3232774 |
| DOI | 10.1145/3232755.3232774 |
| Citation Key | ko_deadbolt:_2018 |