Low-cost flow-based security solutions for smart-home IoT devices
Abstract
The rapid growth of Internet-of-Things (IoT) devices, such as smart-bulbs, smoke-alarms, webcams, and health-monitoring devices, is accompanied by escalating threats of attacks that can seriously compromise household and personal safety. Recent works have advocated the use of network-level solutions to detect and prevent attacks on smart-home IoT devices. In this paper we undertake a deeper exploration of network-level security solutions for IoT, by comparing flow-based monitoring with packet-based monitoring approaches. We conduct experiments with real attacks on real IoT devices to validate our flow-based security solution, and use the collected traces as input to simulations to compare its processing performance against a packet-based solution. Our results show that flow-based monitoring can achieve most of the security benefits of packet-based monitoring, but at dramatically reduced processing costs. Our study informs the design of future smart-home network-level security solutions.