IoTAegis: A Scalable Framework to Secure the Internet of Things

Abstract

The infamous Mirai attack which hijacked nearly half a million Internet connected devices demonstrated the widespread security vulnerabilities of the Internet-of-Things (IoT). This study employs a set of active and passive observation methods to discover the security vulnerabilities of IoT devices within a university campus. We show that (a) the number of non-compute devices dominates the number of compute devices with open ports in a campus network; (b) 58.9% or more devices do not keep up-to-date firmware and 51.3% or more do not have a user defined password; and (c) the number of devices together with the diversity of device ages and vendors make the protection of IoT devices a difficult problem. We further develop IoTAegis framework which offers device-level protection to automatically manage device configurations and security updates. Our solution is shown to be effective, scalable, lightweight, and deployable in different forms and network types.