Enhancing and testing smart home security through a MUD-enabled environment

The increasing number of Internet of Things (IoT) devices in smart homes now offers a high level of efficiency and convenience that we have never seen before. However, this rapid growth also introduces some new challenges related to the security of these systems. To address those challenges, IETF introduced Manufacturer Usage Description (MUD). MUD is a standard that offers a way to specify the network behavior and permissions of devices that are MUD-enabled. To achieve this goal, the MUD standard uses a white-listing approach based on a set of rules (also called policies), written by the device's manufacturer. So, all traffic that is not expressly allowed by the manufacturer is blocked. These rules are read from a file, called MUD File, and instantiated for allowing connections between two end-points, for instance, using a firewall. By offering better control over devices’ interactions inside the smart home ecosystem, provides a potential way to improve network security. This potential is also recognized by ENISA and NIST. The main contribution of this thesis is to build and test a MUD-enabled smart home environment. In this scenario, there is a diverse set of IoT devices that should be managed by a Smart Home Gateway (SHG), in our case Home Assistant. By integrating the MUD standard inside the SHG, it is possible to achieve a higher level of network security and reduce the surface of attacks (e.g., avoiding unauthorized access or Denial of Service attacks). In the context of IoT devices, the produced solution includes end-point identification for the production of the rules for the different integrations. This is done by performing a manual analysis of the traffic and source code of the integrations. After the initial setup, the proposed solution increases the security of the smart home without the need for further user action.