Content uploaded by Ahmed Basil
Author content
All content in this area was uploaded by Ahmed Basil on Sep 10, 2020
Content may be subject to copyright.
P4-Assisted Network Security for Future Smart Homes
Ahmed Osama Basil∗
Faculty of Arts, Science and Technology
Northamptonshire, United Kingdom
Mu Mu
Faculty of Arts, Science and Technology
Northamptonshire, United Kingdom
James Sharman
Faculty of Arts, Science and Technology
Northamptonshire, United Kingdom
Jacob Goldsney
Faculty of Arts, Science and Technology
Northamptonshire, United Kingdom
ABSTRACT
Recent years have seen an increasing adoption of Internet of Things
(IoT) devices in residential homes. Most IoT devices are connected
to the Internet through home router for cloud-based services or
remote access. While its becoming more challenging to deliver
the large amount of IoT data, security is ever prevalent within
network environment of IoT. This paper highlights the need for
the increased IoT security for future smart homes and a P4-assisted
network security framework.
KEYWORDS
IoT, Security, P4, QoS, QoE, SDN, MUD
ACM Reference Format:
Ahmed Osama Basil, Mu Mu, James Sharman, and Jacob Goldsney. 2018.
P4-Assisted Network Security for Future Smart Homes. In Woodstock ’18:
ACM Symposium on Neural Gaze Detection, June 03–05, 2018, Woodstock, NY .
ACM, New York, NY, USA, 3 pages. https://doi.org/10.1145/1122445.1122456
1 INTRODUCTION
The increased number of smart IoT devices are now being used in
residential homes and our daily lives are becoming increasingly
dependent on them. Most IoT devices are connected with cloud
services or accessed by the end user remotely. The question then
becomes ever more dominant as to how secure these devices are as
we bring them into our homes. This research will illustrate an ex-
ample of a security risk these devices can be aected by, along with
how P4-assisted network designs can potentially help to improve
the security of IoT devices. This research is aimed at a smart home
environment where there could be various types of IoT devices
performing dierent tasks and producing dierent behavioural
patterns. This makes a single simple security solution very imprac-
tical as every type of IoT device produces dierent trac making
it nearly impossible to assume a reference behaviour model for
all devices. P4; a domain-specic language with a number of con-
structs optimized around network data forwarding, allows for the
∗All authors contributed equally to this research.
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for prot or commercial advantage and that copies bear this notice and the full citation
on the rst page. Copyrights for components of this work owned by others than ACM
must be honored. Abstracting with credit is permitted. To copy otherwise, or republish,
to post on servers or to redistribute to lists, requires prior specic permission and/or a
fee. Request permissions from permissions@acm.org.
Woodstock ’18, June 03–05, 2018, Woodstock, NY
©2018 Association for Computing Machinery.
ACM ISBN 978-1-4503-9999-9/18/06. . . $15.00
https://doi.org/10.1145/1122445.1122456
performance of the network for regular devices to be unaected by
this issue while IoT devices are closely monitored for any anomaly.
Programmability, portability and performance on the scalability of
the P4-designed outcome are essential aspects to be considered [
2
].
The aim of this research is to provide the following:
•
Analyze the security risks that IoT devices impose (or en-
counter) and their behaviour,
•
How P4 can assist a management framework to maintain net-
work performance while detecting and mitigating security
attacks or anomaly,
•
A P4-assisted framework and a test-bed structure of the
smart environment with the necessary security measures.
The structure of this study will be displayed accordingly. In section
2, the related work that have been examined and built upon to help
with the research of this paper. Section 3 introduces the framework
design. Section 4 shows the conclusions where the ndings will
be outlined, furthermore, any future work from the ndings that
could be developed will also be stated.
2 RELATED WORK
Although many studies been made on the security of IoT home
environment, very few have given a solution based around using
the more ecient data-plane programming such as P4. A previous
research explains existing security threats to a smart home based
environment as well as current and projected future levels of attacks
[
1
]. Additionally, the research in which will be taken shall show
that P4 will help to secure and protect the most common devices
inside a smart home environment.
The Manufacturer Usage Description (MUD) standard from IETF
can have a signicant impact on how SDNs can be used to protect
a smart network. MUD would allow manufacturers of IoT devices
to produce specic rules on how a device should behave, this infor-
mation can then be used to create dynamic rules for that device. An
example of this is Soft MUD [
3
], where an OpenFlow-based SDN
was used to take parameters from MUD proles to create ow rules
for the paired device. This provides a functional example of how
MUD can be used with SDNs.
These works provide good examples on the types of security
vulnerabilities involved with IoT in a home environment. This is
where the proposal from this poster is built upon where the security
of IoT devices in a smart home can be improved using a P4-assisted
solution. A scenario which demonstrates this is a smart light bulb
which should not be performing any unusual activities outside of
the ones dened using MUD proles. When a light bulb’s main
Woodstock ’18, June 03–05, 2018, Woodstock, NY Ahmed Osama Basil, Mu Mu, James Sharman, and Jacob Goldsney
purpose are to switch on/o and dim, its trac should be limited
so that it is less vulnerable based on dynamic rules per device.
3 PROPOSITION
Using the information gathered a scenario was imagined to build
the proposal. The scenario is a home environment with multiple
smart devices equipped with dierent capabilities such as basic
power controls, audio-visual streaming, motion sensors, etc. The
vulnerabilities of this home environment will come from 1) attacks
on its IoT devices and 2) security defects embedded in the IoT
devices as a result of poor engineering practices. A light bulb is
a good example of how P4 and MUD would help secure a home
network whereby the device itself provides the network with a set
of instructions on the expected behaviours of the device and also
any specic rules that it should follow. If a bulb is not expected to
perform certain scans of the home network, or communicate with
a refrigerator or a smart radio then access to other devices should
be blocked. Meanwhile certain access to the manufacturers server
or key devices on the network still need to be guaranteed.
This proposal enables a future network administrator or home-
owner to have a central control over the IoT devices in a network
without having to have another source of information to produce
an anomaly detection system. Functionality oered by P4 will also
help automate many detection, mitigation and correction actions
without human intervention. This would also allow homeowners
to be more comfortable with IoT devices in their homes as they can
be assured that if a device has been correctly given a strict set of
rules, then their personal information is much more secure.
3.1 Proposed Framework
The proposed framework (as seen in Figure 1) provides an exam-
ple of the functional sections involved. The initial step for this
scenario is a IoT device being switched on and connecting to the
home router, going through the basic steps such as acquiring an
IP address. During this process a MUD URL is sent to the router
which provides a source for the devices prole on a MUD web
server. This is handled by the MUD manager which sends a request
for the devices information using the URL provided by the device.
When the prole is returned to the network, the MUD manager
receives the prole list what the device should be able to do. This
information is then used to create a set of actions for a table for
that device which is where the rules for that device are made. Using
this system, the main user devices such as PCs and laptops do not
have their performance limited. In this future environment there
could be a huge amount added to this framework as P4 is incredibly
broad in what features can be added. This proposal is one small
example of how P4 can be used with other uprising standards to
create a much more secure environment.
3.2 Proposed Testbed
The proposed testbed (Figure 2) has several components. The rst
and most important is the P4-enabled switch (i.e. home router). This
device is where all network trac is processed similar to a normal
home router currently, however using this device has additional
monitoring and data-plane programming functionality thanks to
P4. In a smart home, it is unlikely there is only one form of device
Figure 1: Proposed Framework
such as PCs, laptops, mobile phones as well as the various types
of IoT devices. In this testbed the MUD manager is included in the
home router, however this could also be on an alternative RADIUS
server. The testbed is an example scenario of how this proposal
can be advantageous, however it is generic by design as this allows
implementation to range from being simple or including multiple
houses with similar devices, the proles for these devices could
be stored on a bridging switch from a service provider reducing
the time needed to access the prole. The majority of the testbed
resides within a simulation environment using mininet, ONOS, and
BMv2. The testbed also allows physical devices to be connected
using protocols such as MQTT in order to perform evaluation using
real IoT devices.
Figure 2: Proposed Testbed
4 CONCLUSIONS AND FUTURE WORK
This paper discusses the vulnerabilities that IoT devices have and
the risks they pose in a smart home environment on a network-
level. This information is used to produce a scenario for a smart
home where a vulnerable device is on the network and needs to be
secured. The proposal is therefore to use a P4-enabled home router
to provide a platform for IoT devices to connect to the network
using secure static rules based on what the manufacturer decides a
particular device should do.
Both P4 and MUD are still in development and there is much to
experiment with, regarding how IoT devices can be more secure
and their performance can be managed appropriately based on
the manufacturers specication. The main proposal to prevent
P4-Assisted Network Security for Future Smart Homes Woodstock ’18, June 03–05, 2018, Woodstock, NY
unwanted access to an IoT device is only a small scale scenario with
huge potential to grow. Further research in machine learning must
be undertaken, to strengthen a switch’s ability to identify security
threats and network needs. Areas of further research must include
P4, virtual private networks, layer 3 rewall, port ltering and ood
attack detection to build a safe smart home environment.
REFERENCES
[1]
W. Ali, G. Dustgeer, M. Awais, and M. A. Shah. 2017. IoT based smart home:
Security challenges, security requirements and solutions. In 2017 23rd International
Conference on Automation and Computing (ICAC). 1–6. https://doi.org/10.23919/
IConAC.2017.8082057
[2]
P. G. K. Patra, F. E. R. Cesen, J. S. Mejia, D. L. Feferman, L. Csikor, C. E. Rothenberg,
and G. Pongracz. 2018. Toward a Sweet Spot of Data Plane Programmability,
Portability, and Performance: On the Scalability of Multi-ArchitectureP4 Pip elines.
IEEE Journal on Selected Areas in Communications 36, 12 (Dec 2018), 2603–2611.
https://doi.org/10.1109/JSAC.2018.2871288
[3]
Mudumbai Ranganathan. 2019. Soft MUD: Implementing Manufacturer Usage
Descriptions on OpenFlow SDN Switches.
