eMUD: Enhanced Manufacturer Usage Description for IoT Botnets Prevention on Home WiFi Routers

eMUD: Enhanced Manufacturer Usage Description for IoT Botnets Prevention on Home WiFi Routers

Distributed Denial of Service (DDoS) attacks have caused significant disruptions in the operations of Internet-based services. These DDoS attacks use large scale botnets, which often exploit millions of compromised Internet of Things (IoT) devices worldwide. IoT devices are traditionally less secure...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE access 2020, Vol.8, p.164200-164213
Hauptverfasser: Sajjad, Syed Muhammad, Yousaf, Muhammad, Afzal, Humaira, Mufti, Muhammad Rafiq
Format: Artikel
Sprache:eng
Schlagworte:
Authentication
blockchain
Botnet
botnet prevention
Computer architecture
Configurations
Cryptography
DDoS
Denial of service attacks
ethereum virtual machine
File servers
Firmware
Home automation
hyperledger
Internet of Things
Malware
manufacturer usage description
Mirai
Mud
Multiuser detection
OWASP
Routers
Security
Servers
Source code
the IoT
vulnerabilities
Wireless fidelity
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 164213
container_issue
container_start_page 164200
container_title IEEE access
container_volume 8
creator Sajjad, Syed Muhammad
Yousaf, Muhammad
Afzal, Humaira
Mufti, Muhammad Rafiq
description Distributed Denial of Service (DDoS) attacks have caused significant disruptions in the operations of Internet-based services. These DDoS attacks use large scale botnets, which often exploit millions of compromised Internet of Things (IoT) devices worldwide. IoT devices are traditionally less secure and are easy to be exploited. The extent of these exploitations has increased after the publication of the Mirai botnet source code on GitHub that provided a foundation for the attackers to develop and launch Mirai botnet variants. The Internet Engineering Task Force (IETF) proposed RFC 8520 Manufacturer Usage Description (MUD) so that an IoT device can convey to the network the level of network access it requires to accomplish its standard functionality. Though MUD is a promising effort, there is a need to evaluate its effectiveness, identify its limitations, and enhance its architecture to overcome its weakness and improve its efficiency. The latest Mirai variant malware is exploiting vulnerabilities of Internet of Things devices. As MUD does not consider identifying and patching vulnerabilities present in the device before the issuance of the MUD profile, a device can be compromised even in the presence of the Manufacturer Usage Description profile by exploiting either the configuration vulnerabilities or firmware vulnerabilities present in the device. This paper presents an evaluation study of the Manufacturer Usage Description (MUD), identifies its weaknesses, and proposed enhancements in its architecture. This research proposed a mechanism for identifying and eliminating the configuration vulnerabilities before creating the MUD profile for a device to minimize the attack surface. This research adopts the OWASP firmware testing methodology for discovering vulnerabilities in the firmware of WiFi home routers. The device is allowed to request the MUD profile only if the identified firmware vulnerabilities are low. The identified firmware vulnerabilities are patched in case the score of the identified firmware vulnerabilities is moderate or high. The device is allowed to request the MUD profile after the vulnerabilities are patched. The firmware vulnerabilities are shared with other peers using blockchain smart contracts. There is a possibility that the MUD URL might be pointing to a corrupted or malicious MUD profile hosted at the attacker file server due to the absence of an authentication mechanism in the MUD process. This research also proposed an authent
doi_str_mv 10.1109/ACCESS.2020.3022272
format Article
fullrecord <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_9187209</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9187209</ieee_id><doaj_id>oai_doaj_org_article_fbcd77fdc6b24455bd6ac2325609b3fa</doaj_id><sourcerecordid>2454679772</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-f8e58a989abec262dd44eb9c15389c6f42f7f7c7a09b2c6e29e8cdfc648f64c73</originalsourceid><addsrcrecordid>eNpNUV1LJDEQHA4PFPUX-BK4510znUw-fPPWVRcUj9PlniRkejo6i072khnBf-_oiNg0dFPdVd1QRXFU8nlZcnt8ulgsb2_nwIHPBQcADT-KPSiVnYlKqJ1v_W5xmPOGj2FGqNJ7xT1dr89O2LJ79B1Sw659NwSP_ZAosXX2D8TOKGNqt30bOxZiYqt4x37HvqM-sz-JXqj7GI15GZ-J_WvPW_Y3Dj2lfFD8DP4p0-Fn3S_W58u7xeXs6uZitTi9mqHkpp8FQ5Xx1lhfE4KCppGSaotlJYxFFSQEHTRqz20NqAgsGWwCKmmCkqjFfrGadJvoN26b2mefXl30rfsAYnpwPvUtPpELNTZahwZVDVJWVd0ojyCgUqO4CH7U-jVpbVP8P1Du3SYOqRvfdyArqbTVGsYtMW1hijknCl9XS-7ebXGTLe7dFvdpy8g6mlgtEX0xbGk0cCveABZJiRw</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2454679772</pqid></control><display><type>article</type><title>eMUD: Enhanced Manufacturer Usage Description for IoT Botnets Prevention on Home WiFi Routers</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Sajjad, Syed Muhammad ; Yousaf, Muhammad ; Afzal, Humaira ; Mufti, Muhammad Rafiq</creator><creatorcontrib>Sajjad, Syed Muhammad ; Yousaf, Muhammad ; Afzal, Humaira ; Mufti, Muhammad Rafiq</creatorcontrib><description>Distributed Denial of Service (DDoS) attacks have caused significant disruptions in the operations of Internet-based services. These DDoS attacks use large scale botnets, which often exploit millions of compromised Internet of Things (IoT) devices worldwide. IoT devices are traditionally less secure and are easy to be exploited. The extent of these exploitations has increased after the publication of the Mirai botnet source code on GitHub that provided a foundation for the attackers to develop and launch Mirai botnet variants. The Internet Engineering Task Force (IETF) proposed RFC 8520 Manufacturer Usage Description (MUD) so that an IoT device can convey to the network the level of network access it requires to accomplish its standard functionality. Though MUD is a promising effort, there is a need to evaluate its effectiveness, identify its limitations, and enhance its architecture to overcome its weakness and improve its efficiency. The latest Mirai variant malware is exploiting vulnerabilities of Internet of Things devices. As MUD does not consider identifying and patching vulnerabilities present in the device before the issuance of the MUD profile, a device can be compromised even in the presence of the Manufacturer Usage Description profile by exploiting either the configuration vulnerabilities or firmware vulnerabilities present in the device. This paper presents an evaluation study of the Manufacturer Usage Description (MUD), identifies its weaknesses, and proposed enhancements in its architecture. This research proposed a mechanism for identifying and eliminating the configuration vulnerabilities before creating the MUD profile for a device to minimize the attack surface. This research adopts the OWASP firmware testing methodology for discovering vulnerabilities in the firmware of WiFi home routers. The device is allowed to request the MUD profile only if the identified firmware vulnerabilities are low. The identified firmware vulnerabilities are patched in case the score of the identified firmware vulnerabilities is moderate or high. The device is allowed to request the MUD profile after the vulnerabilities are patched. The firmware vulnerabilities are shared with other peers using blockchain smart contracts. There is a possibility that the MUD URL might be pointing to a corrupted or malicious MUD profile hosted at the attacker file server due to the absence of an authentication mechanism in the MUD process. This research also proposed an authentication mechanism for device MUD profile, MUD file generator, and MUD file server. Implementation results show that proposed enhancements improve the security services provided by the Manufacturer Usage Description (MUD).</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2020.3022272</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Authentication ; blockchain ; Botnet ; botnet prevention ; Computer architecture ; Configurations ; Cryptography ; DDoS ; Denial of service attacks ; ethereum virtual machine ; File servers ; Firmware ; Home automation ; hyperledger ; Internet of Things ; Malware ; manufacturer usage description ; Mirai ; Mud ; Multiuser detection ; OWASP ; Routers ; Security ; Servers ; Source code ; the IoT ; vulnerabilities ; Wireless fidelity</subject><ispartof>IEEE access, 2020, Vol.8, p.164200-164213</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2020</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-f8e58a989abec262dd44eb9c15389c6f42f7f7c7a09b2c6e29e8cdfc648f64c73</citedby><cites>FETCH-LOGICAL-c408t-f8e58a989abec262dd44eb9c15389c6f42f7f7c7a09b2c6e29e8cdfc648f64c73</cites><orcidid>0000-0002-7210-9529 ; 0000-0001-9056-9433 ; 0000-0002-1267-5510 ; 0000-0001-9054-8798</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9187209$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,776,780,860,2095,4009,27612,27902,27903,27904,54912</link.rule.ids></links><search><creatorcontrib>Sajjad, Syed Muhammad</creatorcontrib><creatorcontrib>Yousaf, Muhammad</creatorcontrib><creatorcontrib>Afzal, Humaira</creatorcontrib><creatorcontrib>Mufti, Muhammad Rafiq</creatorcontrib><title>eMUD: Enhanced Manufacturer Usage Description for IoT Botnets Prevention on Home WiFi Routers</title><title>IEEE access</title><addtitle>Access</addtitle><description>Distributed Denial of Service (DDoS) attacks have caused significant disruptions in the operations of Internet-based services. These DDoS attacks use large scale botnets, which often exploit millions of compromised Internet of Things (IoT) devices worldwide. IoT devices are traditionally less secure and are easy to be exploited. The extent of these exploitations has increased after the publication of the Mirai botnet source code on GitHub that provided a foundation for the attackers to develop and launch Mirai botnet variants. The Internet Engineering Task Force (IETF) proposed RFC 8520 Manufacturer Usage Description (MUD) so that an IoT device can convey to the network the level of network access it requires to accomplish its standard functionality. Though MUD is a promising effort, there is a need to evaluate its effectiveness, identify its limitations, and enhance its architecture to overcome its weakness and improve its efficiency. The latest Mirai variant malware is exploiting vulnerabilities of Internet of Things devices. As MUD does not consider identifying and patching vulnerabilities present in the device before the issuance of the MUD profile, a device can be compromised even in the presence of the Manufacturer Usage Description profile by exploiting either the configuration vulnerabilities or firmware vulnerabilities present in the device. This paper presents an evaluation study of the Manufacturer Usage Description (MUD), identifies its weaknesses, and proposed enhancements in its architecture. This research proposed a mechanism for identifying and eliminating the configuration vulnerabilities before creating the MUD profile for a device to minimize the attack surface. This research adopts the OWASP firmware testing methodology for discovering vulnerabilities in the firmware of WiFi home routers. The device is allowed to request the MUD profile only if the identified firmware vulnerabilities are low. The identified firmware vulnerabilities are patched in case the score of the identified firmware vulnerabilities is moderate or high. The device is allowed to request the MUD profile after the vulnerabilities are patched. The firmware vulnerabilities are shared with other peers using blockchain smart contracts. There is a possibility that the MUD URL might be pointing to a corrupted or malicious MUD profile hosted at the attacker file server due to the absence of an authentication mechanism in the MUD process. This research also proposed an authentication mechanism for device MUD profile, MUD file generator, and MUD file server. Implementation results show that proposed enhancements improve the security services provided by the Manufacturer Usage Description (MUD).</description><subject>Authentication</subject><subject>blockchain</subject><subject>Botnet</subject><subject>botnet prevention</subject><subject>Computer architecture</subject><subject>Configurations</subject><subject>Cryptography</subject><subject>DDoS</subject><subject>Denial of service attacks</subject><subject>ethereum virtual machine</subject><subject>File servers</subject><subject>Firmware</subject><subject>Home automation</subject><subject>hyperledger</subject><subject>Internet of Things</subject><subject>Malware</subject><subject>manufacturer usage description</subject><subject>Mirai</subject><subject>Mud</subject><subject>Multiuser detection</subject><subject>OWASP</subject><subject>Routers</subject><subject>Security</subject><subject>Servers</subject><subject>Source code</subject><subject>the IoT</subject><subject>vulnerabilities</subject><subject>Wireless fidelity</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUV1LJDEQHA4PFPUX-BK4510znUw-fPPWVRcUj9PlniRkejo6i072khnBf-_oiNg0dFPdVd1QRXFU8nlZcnt8ulgsb2_nwIHPBQcADT-KPSiVnYlKqJ1v_W5xmPOGj2FGqNJ7xT1dr89O2LJ79B1Sw659NwSP_ZAosXX2D8TOKGNqt30bOxZiYqt4x37HvqM-sz-JXqj7GI15GZ-J_WvPW_Y3Dj2lfFD8DP4p0-Fn3S_W58u7xeXs6uZitTi9mqHkpp8FQ5Xx1lhfE4KCppGSaotlJYxFFSQEHTRqz20NqAgsGWwCKmmCkqjFfrGadJvoN26b2mefXl30rfsAYnpwPvUtPpELNTZahwZVDVJWVd0ojyCgUqO4CH7U-jVpbVP8P1Du3SYOqRvfdyArqbTVGsYtMW1hijknCl9XS-7ebXGTLe7dFvdpy8g6mlgtEX0xbGk0cCveABZJiRw</recordid><startdate>2020</startdate><enddate>2020</enddate><creator>Sajjad, Syed Muhammad</creator><creator>Yousaf, Muhammad</creator><creator>Afzal, Humaira</creator><creator>Mufti, Muhammad Rafiq</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-7210-9529</orcidid><orcidid>https://orcid.org/0000-0001-9056-9433</orcidid><orcidid>https://orcid.org/0000-0002-1267-5510</orcidid><orcidid>https://orcid.org/0000-0001-9054-8798</orcidid></search><sort><creationdate>2020</creationdate><title>eMUD: Enhanced Manufacturer Usage Description for IoT Botnets Prevention on Home WiFi Routers</title><author>Sajjad, Syed Muhammad ; Yousaf, Muhammad ; Afzal, Humaira ; Mufti, Muhammad Rafiq</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-f8e58a989abec262dd44eb9c15389c6f42f7f7c7a09b2c6e29e8cdfc648f64c73</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Authentication</topic><topic>blockchain</topic><topic>Botnet</topic><topic>botnet prevention</topic><topic>Computer architecture</topic><topic>Configurations</topic><topic>Cryptography</topic><topic>DDoS</topic><topic>Denial of service attacks</topic><topic>ethereum virtual machine</topic><topic>File servers</topic><topic>Firmware</topic><topic>Home automation</topic><topic>hyperledger</topic><topic>Internet of Things</topic><topic>Malware</topic><topic>manufacturer usage description</topic><topic>Mirai</topic><topic>Mud</topic><topic>Multiuser detection</topic><topic>OWASP</topic><topic>Routers</topic><topic>Security</topic><topic>Servers</topic><topic>Source code</topic><topic>the IoT</topic><topic>vulnerabilities</topic><topic>Wireless fidelity</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Sajjad, Syed Muhammad</creatorcontrib><creatorcontrib>Yousaf, Muhammad</creatorcontrib><creatorcontrib>Afzal, Humaira</creatorcontrib><creatorcontrib>Mufti, Muhammad Rafiq</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Sajjad, Syed Muhammad</au><au>Yousaf, Muhammad</au><au>Afzal, Humaira</au><au>Mufti, Muhammad Rafiq</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>eMUD: Enhanced Manufacturer Usage Description for IoT Botnets Prevention on Home WiFi Routers</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2020</date><risdate>2020</risdate><volume>8</volume><spage>164200</spage><epage>164213</epage><pages>164200-164213</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Distributed Denial of Service (DDoS) attacks have caused significant disruptions in the operations of Internet-based services. These DDoS attacks use large scale botnets, which often exploit millions of compromised Internet of Things (IoT) devices worldwide. IoT devices are traditionally less secure and are easy to be exploited. The extent of these exploitations has increased after the publication of the Mirai botnet source code on GitHub that provided a foundation for the attackers to develop and launch Mirai botnet variants. The Internet Engineering Task Force (IETF) proposed RFC 8520 Manufacturer Usage Description (MUD) so that an IoT device can convey to the network the level of network access it requires to accomplish its standard functionality. Though MUD is a promising effort, there is a need to evaluate its effectiveness, identify its limitations, and enhance its architecture to overcome its weakness and improve its efficiency. The latest Mirai variant malware is exploiting vulnerabilities of Internet of Things devices. As MUD does not consider identifying and patching vulnerabilities present in the device before the issuance of the MUD profile, a device can be compromised even in the presence of the Manufacturer Usage Description profile by exploiting either the configuration vulnerabilities or firmware vulnerabilities present in the device. This paper presents an evaluation study of the Manufacturer Usage Description (MUD), identifies its weaknesses, and proposed enhancements in its architecture. This research proposed a mechanism for identifying and eliminating the configuration vulnerabilities before creating the MUD profile for a device to minimize the attack surface. This research adopts the OWASP firmware testing methodology for discovering vulnerabilities in the firmware of WiFi home routers. The device is allowed to request the MUD profile only if the identified firmware vulnerabilities are low. The identified firmware vulnerabilities are patched in case the score of the identified firmware vulnerabilities is moderate or high. The device is allowed to request the MUD profile after the vulnerabilities are patched. The firmware vulnerabilities are shared with other peers using blockchain smart contracts. There is a possibility that the MUD URL might be pointing to a corrupted or malicious MUD profile hosted at the attacker file server due to the absence of an authentication mechanism in the MUD process. This research also proposed an authentication mechanism for device MUD profile, MUD file generator, and MUD file server. Implementation results show that proposed enhancements improve the security services provided by the Manufacturer Usage Description (MUD).</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2020.3022272</doi><tpages>14</tpages><orcidid>https://orcid.org/0000-0002-7210-9529</orcidid><orcidid>https://orcid.org/0000-0001-9056-9433</orcidid><orcidid>https://orcid.org/0000-0002-1267-5510</orcidid><orcidid>https://orcid.org/0000-0001-9054-8798</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2169-3536
ispartof IEEE access, 2020, Vol.8, p.164200-164213
issn 2169-3536
2169-3536
language eng
recordid cdi_ieee_primary_9187209
source IEEE Open Access Journals; DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
subjects Authentication
blockchain
Botnet
botnet prevention
Computer architecture
Configurations
Cryptography
DDoS
Denial of service attacks
ethereum virtual machine
File servers
Firmware
Home automation
hyperledger
Internet of Things
Malware
manufacturer usage description
Mirai
Mud
Multiuser detection
OWASP
Routers
Security
Servers
Source code
the IoT
vulnerabilities
Wireless fidelity
title eMUD: Enhanced Manufacturer Usage Description for IoT Botnets Prevention on Home WiFi Routers
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-21T13%3A57%3A02IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=eMUD:%20Enhanced%20Manufacturer%20Usage%20Description%20for%20IoT%20Botnets%20Prevention%20on%20Home%20WiFi%20Routers&rft.jtitle=IEEE%20access&rft.au=Sajjad,%20Syed%20Muhammad&rft.date=2020&rft.volume=8&rft.spage=164200&rft.epage=164213&rft.pages=164200-164213&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2020.3022272&rft_dat=%3Cproquest_ieee_%3E2454679772%3C/proquest_ieee_%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2454679772&rft_id=info:pmid/&rft_ieee_id=9187209&rft_doaj_id=oai_doaj_org_article_fbcd77fdc6b24455bd6ac2325609b3fa&rfr_iscdi=true