University of Twente Student Theses

Login

Towards automated DDoS abuse protection using MUD device profiles

Schutijser, C.J.T.M. (2018) Towards automated DDoS abuse protection using MUD device profiles.

[img] PDF
679kB
Abstract:Insecure Internet of Things (IoT) devices are posing a threat to the stability of the Internet. These insecure IoT devices are used to perform Distributed Denial of Service (DDoS) attacks. The Manufacturer Usage Description (MUD) is a work in progress specification in the Internet Engineering Task Force. The MUD attempts to provide network operators with a tool to limit the network access of IoT devices. The MUD allows a vendor to specify the network access requirements of a device. The network is then able to restrict the network access of the device to the absolute minimum that is required to let the device carry out its functions. The applicability of the MUD in protecting a device against hacking attempts and usability in DDoS attacks is examined in this research. A system to automatically generate MUD profiles is designed and implemented. It is then verified whether the IoT devices are still able to function properly once the profile is enforced. Furthermore, a theoretical analysis is performed. The goal of the analysis is twofold. First, we will verify whether enforcing a profile prevents an IoT device from being hacked. Second, we will verify whether an IoT device can be misused in a DDoS attack if it were hacked anyway. For specific-purpose (as opposed to general-purpose) IoT devices, the approach taken to gener- ating MUD profiles appears to work well. Furthermore, the generated profiles do indeed make it harder to compromise an IoT device. However, in order to make IoT devices less useful in DDoS attacks once they are compromised, it is recommended to apply rate limiting, especially as more services are moving to cloud platforms.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Internet Science and Technology MSc (60032)
Link to this item:https://purl.utwente.nl/essays/76207
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page