Preventing IoT Malware Exploits: Enforcing Network Restrictions with MUD Profiles

Abstract

The importance of IoT devices and their relationship to network security is examined in this thesis, with particular focus placed on how Manufacturer Usage Description (MUD) profiles can be used to enhance cybersecurity. IoT is regarded as one of the most rapidly evolving technological fields, with devices being continuously upgraded and integrated into various environments. As a result, several challenges are encountered, including the need for securing the data that is stored and transmitted, the difficulty in applying consistent security standards across heterogeneous devices, and the increased attack surface introduced into networks. To address these concerns, various IoT application domains are explored, and the risks and challenges associated with the security of IoT devices are assessed. The primary security threats are identified, and issues concerning end-user privacy are evaluated. As a technical response, a system was developed through which the network behavior of IoT devices is passively monitored and analyzed, in order to determine which servers are legitimately communicated with. Based on this behaviour, a Manufacturer Usage Description (MUD) profile is dynamically generated so that unwanted or unauthorized network traffic can be restricted. The solution was implemented on a Raspberry Pi 4 platform, with an ESP32 device being used as an IoT device. During the experimental phase, a simulated malware attack was launched against the ESP32 device. The unauthorized communication attempt was successfully blocked by the dynamically generated MUD profile, thereby demonstrating the effectiveness of the system in the prevention of malicious activity. Through these results, the usefulness of dynamically generated MUD profiles in improving the overall security posture of IoT environments is demonstrated.