Towards Secure Smart Home IoT: Manufacturer and User Network Access Control Framework

Insecure smart home IoT network is growing in number and size, and enforcing standard security solutions in IoT is a challenge due to its limited resources. The vulnerable smart home IoT poses huge security threats. It puts smart home network security at risk as it can be used as an entry point into the network, also it exposes users' privacy due to the amount of personal data it collects. Meanwhile, as IoT increases in popularity, it has a significant impact on the security of the rest of the Internet community (e.g. forming botnets). Previous research delegates IoT security to a third party (e.g. ISP) and ignores social and contextual factor. In this paper, we propose an SDN-based framework for enforcing network static and dynamic access control, where manufacturers, security providers, and users can cooperate to enhance the smart home IoT security. Proposed approach has three features: a) it allows the manufacturers to enforce the least privileged policy for IoT, and hence reduce the risk associated with exposing IoT to the Internet; b) it enables to enforce access policy as a feedback from security services; c) it enables users to customize IoT access based on social and contextual needs (e.g. only permits LAN access to the IoT through his/her mobile), which reduce the attack surface within the network. We also proposed IPv4 ARP server as an NFV security service to mitigate ARP spoofing attack by replying to ARP requests in the network. We implement a prototype to demonstrate the functionality of the framework against common attack scenarios (i.e. network scanning, ARP spoofing).