Browse Prior Art Database

DYNAMICALLY GENERATING AND APPLYING MANUFACTURER USAGE DESCRIPTION POLICIES WITHOUT A THIRD PARTY MANUFACTURER USAGE DESCRIPTION SERVER

IP.com Disclosure Number: IPCOM000250526D
Publication Date: 2017-Jul-27
Document File: 7 page(s) / 360K

Publishing Venue

The IP.com Prior Art Database

Related People

Panos Kampanakis: AUTHOR [+3]

Abstract

Current Manufacturer Usage Description (MUD) protocols describe the security policies to be applied to Internet of Things (IoT) endpoints so that they cannot communicate with unexpected destinations. Since some vendors or endpoints do not support MUD, data analytics techniques may be used to generate MUD policies for the endpoints such that they are served by the network itself. Thus, MUD policies may be applied to devices of unknown MUD profiles and may be reused.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 26% of the total text.

Copyright 2017 Cisco Systems, Inc. 1

DYNAMICALLY GENERATING AND APPLYING MANUFACTURER USAGE DESCRIPTION POLICIES WITHOUT A THIRD PARTY MANUFACTURER USAGE

DESCRIPTION SERVER

AUTHORS: Panos Kampanakis

Brian Weis Blake Anderson

CISCO SYSTEMS, INC.

ABSTRACT

Current Manufacturer Usage Description (MUD) protocols describe the security

policies to be applied to Internet of Things (IoT) endpoints so that they cannot

communicate with unexpected destinations. Since some vendors or endpoints do not

support MUD, data analytics techniques may be used to generate MUD policies for the

endpoints such that they are served by the network itself. Thus, MUD policies may be

applied to devices of unknown MUD profiles and may be reused.

DETAILED DESCRIPTION

Manufacturer Usage Description (MUD) is an Internet Engineering Task Force

(IETF) standard (available at https://tools.ietf.org/html/draft-ietf-opsawg-mud) that

defines how devices can use Uniform Resource Identifiers (URIs) to present the network

communications they generate. In MUD, the device offers a MUD URI which points to a

file (a MUD file) served by the manufacturer or another entity. The MUD file describes

the traffic flows the endpoints are expected to generate. Network operators may use the file

to enforce policies in order to control the activities of these devices. In certain contexts like

Internet of Things (IoT), such functionality is very important for security since

compromised endpoints could potentially introduce risks to the internet or the

infrastructure that interconnects the endpoints. An example of a massive attack that could

have been prevented by MUD is the DynDNS attack from October 2016. Information on

this attack is available at http://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-

attack/.

Copyright 2017 Cisco Systems, Inc. 2

Even though many vendors will start serving MUD files, not all of them are

expected to offer such functionality consistently and correctly. It is difficult for a network

operator to limit the behavior of “legacy endpoints” and manufacturers that do not support

MUD. No well-defined solution has been described to address providing the endpoints with

the same protection as a device that supports MUD. As such, it is in the network operator’s

interest to be able to generate a MUD policy based on the expected behavior of an endpoint

and thus allow its operation while security policies are enforced to prevent misbehavior.

Described herein is a methodology that leverages data analytics to provide this

functionality.

In particular, a method is provided in which an endpoint that does not support MUD

joins a network through an edge network element (e.g., a switch), which in turn may apply

MUD policies even though a MUD file is not provided by the manufacturer. This system

includes an Analytics Training Center that is responsible for running analytics and

optionally Machine Learning (ML) algorithms to study the behavior of the endpoint. The

Network Policy Enforcer...