As home and small business networks become increasingly complex from the growing number of internet-connected devices, CableLabs has put simplified IoT security in its sights with a new network management framework called Micronets.
Security continues to be a concern for consumers, particularly in regards to their home devices. A recent report from Parks Associates found the percentage of U.S. broadband households that do not intend to purchase a smart home device due to security and privacy concerns jumped to 32 percent in the first quarter of 2018, up from 21 percent in Q1 2017.
Still, the global number of smart home devices is forecast to hit nearly 1.3 billion by 2022, according to IDC.
The concept of Micronets is to mimic good security practices seen in enterprise networks with many devices, where the network is segmented into smaller portions (or Micronets) so that if there is an issue or threat in one segment, the risk to other parts of the network is minimized, according to Mike Glenn, VP of security technologies at CableLabs. So a consumer’s appliances like a smart refrigerator might be in one network segment and their home security system is in a second Micronet, while a medical device is connected to a third segment.
User Experience
Another key component of Micronets is a streamlined and user-friendly experience so that the network doesn’t require a systems administrator and consumers don’t have to deal with complex security management.
“As you get these large number of devices, it becomes very difficult for the home-user, even a technical home-user, to manage that home network,” Glenn said.
With Micronets, CableLabs is leveraging technologies such as software-defined network, machine learning, and Strong Device Identity, as well as industry initiatives like the IETF Manufacturer Usage Description protocol currently under draft and efforts by the Wi-Fi Alliance around device provisioning protocols.
“Micronets starts with an SDN switch in the gateway in the home or small business, which allows us to define Micronets within the home gateway based on network flows,” Glenn explained. “And that is tied into a set of microservices that are in the cloud.”
Using the Micronets framework, if a consumer’s smart refrigerator, for example, is compromised then the system can quarantine that device or take it offline so that there is less potential for damage to other devices. Or if malicious traffic is identified, through APIs on the gateway and machine learning algorithms in the cloud, then the infected device could be limited and only allowed to ‘talk’ on specific ports and protocols but still allow some functionality for the end user. A consumer would receive a notification or alert about the activity, but would not have to take action outside of a yes/no confirmation.
Darshak Thakore, lead architect of the Micronets project, said enabling a better user experience was one of the main aspects that had to be worked through as the framework was created and is something that differentiates Micronets from other solutions.
“The solution can be technically awesome, it can be great, it can provide the greater security, but if it is something that an average user cannot use or cannot work with, it’s meaningless,” Thakore said.
Network and device security in homes and small businesses is poised to become even more crucial as high-value devices like medical devices, which potentially have implications to life and safety, come online, Glenn noted.
A second use-case CableLabs has developed is for medical devices, which could be preprovisioned at the doctor’s office with network credentials for the consumer’s home router. When brought home, the consumer’s router would allow that device to connect to its own network segment without a configuration stage for the end-user.
Shared responsibility
Although Micronets aims to provide consumer-friendly security, the framework is not the ultimate solution for IoT security, Glenn stressed, rather another tool in the toolkit.
“This is a shared responsibility across the internet ecosystem,” Glenn said, noting IoT device manufacturers need to build in Strong Device Identity and encryption and CableLabs is participating in open initiatives to help this effort.
This week, CableLabs released a white paper describing the Micronets vision, and plans to release a technical architecture document in December. The organization will also release proof-of-concept code for gateways that implements Micronets concepts.
CableLabs has started to work with several security vendors to standardize the APIs for Micronets, and will be working with gateway manufacturers and CableLabs members to standardize implementations on gateways.
One of the earliest phases of implementation will be to streamline onboarding, according to Glenn.
To help drive strong security controls, CableLabs is working with a number of organizations, including NIST and the National Cybersecurity Center of Excellence on a Micronets pilot, in conjunction with their pilot working to reduce DDoS attacks.
Work is also taking place with the Wi-Fi Alliance around standards and open-source code, which vendors and members can eventually leverage, that is focused on strong credentials for devices to connect seamlessly to the home network.
Glenn said he sees a 1- to 3-year implementation time horizon for the Micronets technology.
During that timeline ,homes will continue to add more devices to their network, increasing complexity and security needs.
“If we’re able to work with vendors and security manufacturers and other ecosystem partners, we want really smart defaults so that it minimizes what the end-user has to do,” Glenn said. “If we don’t do something like Micronets, the home network will slowly become unmanageable for the end-user.”