Gartner predicts there will be 20.4 billion connected IoT devices by 2020. With so many IoT devices operating in homes and businesses, security concerns are also increasing. Unlike full-featured devices such as personal or business computers or mobile devices, IoT products are designed to perform a single function and often lack state-of-the-art security software. This helps keep costs down, but there are consequences. In typical networking environments, malicious actors can detect and attack an IoT device within minutes of it being connected and then launch an attack on that same device from any system on the internet, unbeknownst to the user. They can also commandeer a group of compromised devices, called botnets, to launch large-scale distributed denial-of-service (DDoS) and other attacks.
The Internet Engineering Task Force’s manufacturer usage description (MUD) architecture is designed to constrain IoT devices so they behave only as intended by the device manufacturers. This is done by providing a standard way for manufacturers to indicate the network communications that each device requires to perform its intended function. When MUD is used, the network will automatically permit the IoT device to send and receive only this required traffic. Even if an IoT device is compromised, MUD prevents it from being used in any attack that would require the device to communicate with an unauthorized destination.
The NCCoE aims to improve the resiliency of IoT devices against distributed attacks and improve the service availability characteristics of the internet by mitigating the propagation of attacks across the network. This project also supports the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (EO 13800). In collaboration with stakeholders in the IoT community, the NCCoE published this practice guide, which demonstrates an approach using MUD to significantly strengthen security while deploying IoT devices in home and small-business networks.
This project can help different stakeholder groups, including:
- IoT device manufacturers that implement support for MUD understand the relatively small steps that are required of them to design and enable their devices to take advantage of MUD
- Gateway manufacturers that implement support for MUD will benefit from increased trust, confidence, and loyalty that they can build among their customers by demonstrating a commitment to protecting users’ security.
- Communications service providers and businesses that rely on the internet understand how wide deployment of MUD can effectively combat DDoS attacks.
- Users of IoT devices better understand that MUD is a crucial component of overall network security and that they should deploy the infrastructure required to support MUD and use IoT devices that can take advantage of MUD.
Questions? Comments? Reach us at firstname.lastname@example.org.
MUD Related Resources
Find resources to MUD-related information, including standards, tools, implementations, research papers, articles, and conferences here.
IETF Hackathon – IoT MUD Implementations
Members of the Mitigating IoT-Based DDoS project team participated in the Internet Engineering Task Force’s (IETF) Hackathon in Montreal, Canada on July 20-21, 2019. IETF hackathons aim to advance the pace and relevance of new and evolving internet standards. In Montreal, the Mitigating IoT-Based DDoS project team shared practical implementations of the MUD technology and collaborated with the IETF participants on a number of activities leveraging the MUD components as described in RFC 8520, Manufacturer Usage Description Specification. See the presentation.
IoT MUD Industry Day
Members of the Mitigating IoT-Based DDoS project team held an Industry Event on April 10, 2019 at the NCCoE. Thanks to everyone who joined to learn firsthand about the important work the team is doing to strengthen the security of IoT. See the presentations here.