Securing Home IoT Devices Using MUD

Because IoT devices are designed to be low in cost, with limited functionality using constrained hardware, it is not realistic to try to solve the problem of IoT device vulnerability by requiring that all IoT devices be equipped with robust and state-of-the-art security mechanisms. Instead, we are challenged to develop ways to improve IoT device security without requiring costly or complicated improvements to the devices themselves.

A solution for reducing the vulnerability of IoT devices to network-based attacks and the potential for harm from any IoT devices that become compromised

The NCCoE has produced a practice guide to demonstrate the practicality and effectiveness of using the Internet Engineering Task Force’s Manufacturer Usage Description (MUD) standard to strengthen security for IoT devices on home and small-business networks. This guide demonstrates how organizations can use MUD to reduce the vulnerability of IoT devices to network-based threats such as distributed denial of service attacks (DDoS) and mitigate the potential for harm resulting from exploitation of IoT devices. MUD works by enabling networks to automatically permit each IoT device to send and receive only the traffic it requires to perform as intended, while blocking unauthorized communication with the device
Status: Finalized Practice Guide

The NCCoE has released the final NIST Cybersecurity Practice Guide Special Publication (SP) 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD). For ease of use, this guide is available to download or read in volumes.

This practice guide shows how IoT device developers and manufacturers, network equipment developers and manufacturers, and service providers who employ MUD-capable components how to integrate and use MUD and other tools to satisfy IoT users’ security requirements.

Project Abstract

The goal of the Internet Engineering Task Force’s MUD specification is for IoT devices to behave as the devices’ manufacturers intended. MUD provides a standard way for manufacturers to indicate the network communications that a device requires to perform its intended function.

When MUD is used, the network will automatically permit the IoT device to send and receive only the traffic it requires to perform as intended, and the network will prohibit all other communication with the device, thereby increasing the device’s resilience to network-based attacks.

In this project, the NCCoE demonstrated the ability to ensure that when an IoT device connects to a home or small-business network, MUD can automatically permit the device to send and receive only the traffic it requires to perform its intended function.

When MUD is used, the network will automatically permit the IoT device to send and receive only the traffic it requires to perform as intended, and the network will prohibit all other communication with the device, thereby increasing the device’s resilience to network-based attacks. 

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Supplemental Resources

Cybersecurity Paper: Methodology for Characterizing Network Behavior of Internet of Things (IoT) Devices
Demonstrates how to use device characterization techniques to describe the communication requirements of IoT devices in support of the MUD Specification.  The cybersecurity paper delves into capturing network communications from IoT devices for analysis and generation of MUD files. Learn more about this cybersecurity paper.

Companion Tools
NCCoE created a tool called MUD-PD for characterizing IoT devices particularly for use with MUD. The tool is helpful in generating MUD files and can be accessed here.

MUD-Related Resources 
Find MUD-related resources and information, including standards, tools, implementations, research papers, articles, and conferences here.

Metal arrow pointing upward

Join the Community of Interest

A Community of Interest (COI) is a group of professionals and advisors that share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Members typically meet monthly by teleconference. Share your expertise and consider becoming a member of this project's COI.

Request to join
Employee speaking on video call with colleagues on online briefing with laptop at home