Enhancing Network Security with Device Descriptors

The proliferation of IoT devices and legacy systems in today’s enterprise IT infrastructure has opened up new avenues for security threats. How should these devices behave and what do we know about them? To best protect IoT devices from these threats, network security managers need to find better ways to develop their operations and risk response. This blog outlines some key principles and activities the IoTSF ManySecured Working Group has identified. We hope network security managers will join our cause and help us progress this significant work.

The IoTSF ManySecured Working Group includes senior security leaders from ARM, BT, Vodafone, University of Oxford, CISCO, and Which? As a group we have been working on open standards for new and legacy devices. The dedicated work stream is called Distributed Device Descriptors D3.

The significance of device behaviour and device type claims.

IoT devices are incredibly diverse, ranging from simple sensors and building control systems, to complex machinery. A key challenge in securing IoT ecosystems is that the gateway, responsible for network security, often has limited knowledge of the individual devices connected to it. The device has characteristics which could be used to describe how it is meant to behave and what it is meant to do. We call these device type claims. Device type claims refer to any piece of information asserted by a party, such as the manufacturer, a supplier or owner and help address the network security challenge by communicating information securely between the router and the device.

If a device acts contrary to the claims and the router understands what they are, it can control its behaviour. Device type claims can therefore be aligned to security policies and support compliance processes.

Here are a few examples of their utility:

1. Network Protection

Consider a scenario where webcams from a specific manufacturer are known to communicate with only a restricted set of public internet addresses. With device type claims, the gateway can detect any activity outside of this predefined scope and take corrective actions, such as locking down the device or alerting the network administrator.

2. Firmware Updates

Knowing the type of IoT endpoint device connected to the network enables the gateway to notify users promptly when new firmware updates are available. This proactive approach not only enhances device functionality but also reduces security risks by ensuring devices are running the latest, most secure software.

3. Vulnerability Disclosure

When a vulnerability is reported, it is typically against a class of devices rather than an individual device. Device type claims facilitate the clear and unambiguous identification of the affected device class, streamlining the vulnerability reporting and investigation process.

Functional Use Cases of Device Type Claims

By harnessing the power of device type claims effectively, network security managers can improve their security. Let’s explore some of these use cases:

As part of the ManySecured project we have identified 14 use cases including the following:

1: Assertion: Device type claims can assert the existence of a new device type while providing essential metadata, such as manufacturer details and model numbers.

2: Least Privilege (Static Behavior) Definition from Authority: Device type claims define limits on expected networking behavior, such as allowed ports and IP addresses, as authorised by external authorities.

3: Least Privilege (Static Behavior) from Inference: The gateway can infer a list of static behaviors from network traffic, enhancing security by identifying deviations from expected behavior.

4: Least Privilege (Static Behavior) Enforcement: Device type claims can be used to implement constraints at the router level, ensuring that devices operate within defined limits.

5: Update Method: Device type claims can identify reliable sources for firmware and software updates, ensuring secure and timely updates.

6: Vulnerability Disclosure: These claims enable the precise disclosure of vulnerabilities, reporting incidents with maximum specificity, which is crucial for rapid response.

7: BOM/Vulnerability Detection: By declaring the bill of materials (hardware and software), device type claims assist in vulnerability analysis and management.

To find more please visit manysecured.net

In conclusion, D3 is a very powerful tool for enhancing network security and compliance. Network security managers can leverage device descriptors to not only categorise and protect devices but also streamline various security processes, from network protection to vulnerability disclosure. As the IoT landscape continues to evolve, the effective use of device type claims will be instrumental in maintaining the integrity and security of IoT ecosystems.

The strength of the ManySecured project lies in the collaboration and quality of its contributors. You can be part of our mission and help us develop next generation fit for purpose standards for the enterprise security sector. All we need is your feedback – all input is welcome.

Visit the IoT Security Foundation Many Secured project here and join the Working Group to participate in this vital work.

Our next virtual meeting is on 28th November at 2pm GMT. Contact : [email protected] for details.