PosterPDF Available

P4-Assisted Network Security for Future Smart Homes


Abstract and Figures

Recent years have seen an increasing adoption of Internet of Things (IoT) devices in residential homes. Most IoT devices are connected to the Internet through home router for cloud-based services or remote access. While its becoming more challenging to deliver the large amount of IoT data, security is ever prevalent within network environment of IoT. This paper highlights the need for the increased IoT security for future smart homes and a P4-assisted network security framework.
Content may be subject to copyright.
P4-Assisted Network Security for Future Smart Homes
Ahmed Osama Basil
Faculty of Arts, Science and Technology
Northamptonshire, United Kingdom
Mu Mu
Faculty of Arts, Science and Technology
Northamptonshire, United Kingdom
James Sharman
Faculty of Arts, Science and Technology
Northamptonshire, United Kingdom
Jacob Goldsney
Faculty of Arts, Science and Technology
Northamptonshire, United Kingdom
Recent years have seen an increasing adoption of Internet of Things
(IoT) devices in residential homes. Most IoT devices are connected
to the Internet through home router for cloud-based services or
remote access. While its becoming more challenging to deliver
the large amount of IoT data, security is ever prevalent within
network environment of IoT. This paper highlights the need for
the increased IoT security for future smart homes and a P4-assisted
network security framework.
IoT, Security, P4, QoS, QoE, SDN, MUD
ACM Reference Format:
Ahmed Osama Basil, Mu Mu, James Sharman, and Jacob Goldsney. 2018.
P4-Assisted Network Security for Future Smart Homes. In Woodstock ’18:
ACM Symposium on Neural Gaze Detection, June 03–05, 2018, Woodstock, NY .
ACM, New York, NY, USA, 3 pages.
The increased number of smart IoT devices are now being used in
residential homes and our daily lives are becoming increasingly
dependent on them. Most IoT devices are connected with cloud
services or accessed by the end user remotely. The question then
becomes ever more dominant as to how secure these devices are as
we bring them into our homes. This research will illustrate an ex-
ample of a security risk these devices can be aected by, along with
how P4-assisted network designs can potentially help to improve
the security of IoT devices. This research is aimed at a smart home
environment where there could be various types of IoT devices
performing dierent tasks and producing dierent behavioural
patterns. This makes a single simple security solution very imprac-
tical as every type of IoT device produces dierent trac making
it nearly impossible to assume a reference behaviour model for
all devices. P4; a domain-specic language with a number of con-
structs optimized around network data forwarding, allows for the
All authors contributed equally to this research.
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for prot or commercial advantage and that copies bear this notice and the full citation
on the rst page. Copyrights for components of this work owned by others than ACM
must be honored. Abstracting with credit is permitted. To copy otherwise, or republish,
to post on servers or to redistribute to lists, requires prior specic permission and/or a
fee. Request permissions from
Woodstock ’18, June 03–05, 2018, Woodstock, NY
©2018 Association for Computing Machinery.
ACM ISBN 978-1-4503-9999-9/18/06. . . $15.00
performance of the network for regular devices to be unaected by
this issue while IoT devices are closely monitored for any anomaly.
Programmability, portability and performance on the scalability of
the P4-designed outcome are essential aspects to be considered [
The aim of this research is to provide the following:
Analyze the security risks that IoT devices impose (or en-
counter) and their behaviour,
How P4 can assist a management framework to maintain net-
work performance while detecting and mitigating security
attacks or anomaly,
A P4-assisted framework and a test-bed structure of the
smart environment with the necessary security measures.
The structure of this study will be displayed accordingly. In section
2, the related work that have been examined and built upon to help
with the research of this paper. Section 3 introduces the framework
design. Section 4 shows the conclusions where the ndings will
be outlined, furthermore, any future work from the ndings that
could be developed will also be stated.
Although many studies been made on the security of IoT home
environment, very few have given a solution based around using
the more ecient data-plane programming such as P4. A previous
research explains existing security threats to a smart home based
environment as well as current and projected future levels of attacks
]. Additionally, the research in which will be taken shall show
that P4 will help to secure and protect the most common devices
inside a smart home environment.
The Manufacturer Usage Description (MUD) standard from IETF
can have a signicant impact on how SDNs can be used to protect
a smart network. MUD would allow manufacturers of IoT devices
to produce specic rules on how a device should behave, this infor-
mation can then be used to create dynamic rules for that device. An
example of this is Soft MUD [
], where an OpenFlow-based SDN
was used to take parameters from MUD proles to create ow rules
for the paired device. This provides a functional example of how
MUD can be used with SDNs.
These works provide good examples on the types of security
vulnerabilities involved with IoT in a home environment. This is
where the proposal from this poster is built upon where the security
of IoT devices in a smart home can be improved using a P4-assisted
solution. A scenario which demonstrates this is a smart light bulb
which should not be performing any unusual activities outside of
the ones dened using MUD proles. When a light bulb’s main
Woodstock ’18, June 03–05, 2018, Woodstock, NY Ahmed Osama Basil, Mu Mu, James Sharman, and Jacob Goldsney
purpose are to switch on/o and dim, its trac should be limited
so that it is less vulnerable based on dynamic rules per device.
Using the information gathered a scenario was imagined to build
the proposal. The scenario is a home environment with multiple
smart devices equipped with dierent capabilities such as basic
power controls, audio-visual streaming, motion sensors, etc. The
vulnerabilities of this home environment will come from 1) attacks
on its IoT devices and 2) security defects embedded in the IoT
devices as a result of poor engineering practices. A light bulb is
a good example of how P4 and MUD would help secure a home
network whereby the device itself provides the network with a set
of instructions on the expected behaviours of the device and also
any specic rules that it should follow. If a bulb is not expected to
perform certain scans of the home network, or communicate with
a refrigerator or a smart radio then access to other devices should
be blocked. Meanwhile certain access to the manufacturers server
or key devices on the network still need to be guaranteed.
This proposal enables a future network administrator or home-
owner to have a central control over the IoT devices in a network
without having to have another source of information to produce
an anomaly detection system. Functionality oered by P4 will also
help automate many detection, mitigation and correction actions
without human intervention. This would also allow homeowners
to be more comfortable with IoT devices in their homes as they can
be assured that if a device has been correctly given a strict set of
rules, then their personal information is much more secure.
3.1 Proposed Framework
The proposed framework (as seen in Figure 1) provides an exam-
ple of the functional sections involved. The initial step for this
scenario is a IoT device being switched on and connecting to the
home router, going through the basic steps such as acquiring an
IP address. During this process a MUD URL is sent to the router
which provides a source for the devices prole on a MUD web
server. This is handled by the MUD manager which sends a request
for the devices information using the URL provided by the device.
When the prole is returned to the network, the MUD manager
receives the prole list what the device should be able to do. This
information is then used to create a set of actions for a table for
that device which is where the rules for that device are made. Using
this system, the main user devices such as PCs and laptops do not
have their performance limited. In this future environment there
could be a huge amount added to this framework as P4 is incredibly
broad in what features can be added. This proposal is one small
example of how P4 can be used with other uprising standards to
create a much more secure environment.
3.2 Proposed Testbed
The proposed testbed (Figure 2) has several components. The rst
and most important is the P4-enabled switch (i.e. home router). This
device is where all network trac is processed similar to a normal
home router currently, however using this device has additional
monitoring and data-plane programming functionality thanks to
P4. In a smart home, it is unlikely there is only one form of device
Figure 1: Proposed Framework
such as PCs, laptops, mobile phones as well as the various types
of IoT devices. In this testbed the MUD manager is included in the
home router, however this could also be on an alternative RADIUS
server. The testbed is an example scenario of how this proposal
can be advantageous, however it is generic by design as this allows
implementation to range from being simple or including multiple
houses with similar devices, the proles for these devices could
be stored on a bridging switch from a service provider reducing
the time needed to access the prole. The majority of the testbed
resides within a simulation environment using mininet, ONOS, and
BMv2. The testbed also allows physical devices to be connected
using protocols such as MQTT in order to perform evaluation using
real IoT devices.
Figure 2: Proposed Testbed
This paper discusses the vulnerabilities that IoT devices have and
the risks they pose in a smart home environment on a network-
level. This information is used to produce a scenario for a smart
home where a vulnerable device is on the network and needs to be
secured. The proposal is therefore to use a P4-enabled home router
to provide a platform for IoT devices to connect to the network
using secure static rules based on what the manufacturer decides a
particular device should do.
Both P4 and MUD are still in development and there is much to
experiment with, regarding how IoT devices can be more secure
and their performance can be managed appropriately based on
the manufacturers specication. The main proposal to prevent
P4-Assisted Network Security for Future Smart Homes Woodstock ’18, June 03–05, 2018, Woodstock, NY
unwanted access to an IoT device is only a small scale scenario with
huge potential to grow. Further research in machine learning must
be undertaken, to strengthen a switch’s ability to identify security
threats and network needs. Areas of further research must include
P4, virtual private networks, layer 3 rewall, port ltering and ood
attack detection to build a safe smart home environment.
W. Ali, G. Dustgeer, M. Awais, and M. A. Shah. 2017. IoT based smart home:
Security challenges, security requirements and solutions. In 2017 23rd International
Conference on Automation and Computing (ICAC). 1–6.
P. G. K. Patra, F. E. R. Cesen, J. S. Mejia, D. L. Feferman, L. Csikor, C. E. Rothenberg,
and G. Pongracz. 2018. Toward a Sweet Spot of Data Plane Programmability,
Portability, and Performance: On the Scalability of Multi-ArchitectureP4 Pip elines.
IEEE Journal on Selected Areas in Communications 36, 12 (Dec 2018), 2603–2611.
Mudumbai Ranganathan. 2019. Soft MUD: Implementing Manufacturer Usage
Descriptions on OpenFlow SDN Switches.
ResearchGate has not been able to resolve any citations for this publication.
Full-text available
Despite having received less attention compared to the control and application plane aspects of Software-Defined Networking (SDN), the data plane is a critical piece of the puzzle. P4 takes SDN datapaths to the next level by unlocking deep programmability through a target-independent high-level programming language that can be compiled to run on a variety of targets (e.g., ASIC, FPGA, GPU). This article presents the design and evaluation of our sweet spot approach on SDN datapaths offering three contending characteristics, namely, performance, portability and scalability in multiple realistic scenarios. The focus is on our Multi-Architecture Compiler System for Abstract Dataplanes (MACSAD) proposal, which blends the high-level protocol-independent programmability of P4 with lowlevel but cross-platform (HW & SW) APIs brought by OpenDataPlane (ODP), this way supporting many different vendors and architectures. Besides the performance evaluation for varying packet sizes and memory lookup tables, we investigate the impact of increasing pipeline complexity ranging from elemental L2 switching to more complex data center and border network gateways. We investigate the scalability for increasing number of cores and evaluate a novel method for run-time core reallocation. Furthermore, we run experiments on different target platforms (e.g., x86, ARM, 10G/100G), inducing different ways of packet mangling through specific drivers (e.g., DPDK, Netmap), and compare the results to state-of-the-art datapath alternatives.