MUDThread: Securing Constrained IoT Networks via Manufacturer Usage Descriptions

The manufacturer usage description (MUD) standard recently published by the IETF allows manufacturers of Internet of things (IoT) devices to equip their products with device specifications, that is, information about the expected network connections of the devices. Such data can be used to detect unauthorized behavior and mitigate attacks involving IoT devices. However, at the time of this writing, no previous work integrated security services based on MUD into constrained IoT networks, for example, the ones using the standardized protocol stack Thread. This article proposes MUDThread, a framework for integrating and managing security services into constrained Thread-based IoT networks using MUD-derived security specifications. Using MUDThread, IoT devices can provide MUD-related information at the join of the network using a standard-compliant extension of the Mesh Link Establishment protocol. At the same time, the MUD Manager, integrated into the edge border router of the network, can enforce MUD-based rules to stop unauthorized network traffic. We deploy a proof-of-concept of our solution using actual nRF5340 and nRF 52833 IoT devices, and we experimentally verify its limited communication latency (0.012% more) and capability to detect both incoming and outgoing unauthorized network traffic during regular operations of a constrained IoT network.