Sorry, you need to enable JavaScript to visit this website.
Part 2: Cybersecurity and the Internet of Things August 8, 2019

by Diana Proud-Madruga

This three-part series explores the challenges of securing the Internet of Things. Part 2 examines the architecture and inner workings of the Internet Engineering Task Force’s specification rfc8520.  

In March 2019, the Internet Engineering Task Force (IETF) published a draft internet standard intended to increase the ability of networks to safely deploy Internet of Things (IoT) devices. The Manufacturer Usage Description (MUD) Specification delineates an architecture that allows IoT devices to communicate functionality and access control needs in order for the device to function as intended.

Building in Security

Until recently, the internet was largely constructed for general-purpose devices, such as computers, where device owners determined their use and devices were presumed capable of protecting themselves. With the advent of IoT devices, the landscape of the internet is changing. In addition to general-purpose devices, there’s an explosion of specific-purpose ones with limited computing power that lack the capacity to carry security software and perform security updates. MUD addresses threats in specific-purpose devices by building in security in a way that is simple and secure.

MUD Architecture

The “M” in MUD stands for “manufacturer,” however, it does not necessarily mean the entity that originally created the device. It is the organization in the device’s supply chain that is responsible for informing the network about how the device needs to function, including the amount and types of access the device requires.

The intent behind MUD is to:

  • Limit device communications to only those intended by the manufacturer.
  • Simplify policy management of the ever-increasing types of devices in the network.
  • Speed up the process of addressing vulnerabilities, even in systems that are no longer supported by updates.
  • Keep costs of implementation down.
  • Make it easy for manufacturers to add device capabilities and requirements.

The MUD architecture consists of

  • A URL that points to the device description,
  • A device description (including an interpretation of the description) and
  • A way for local network management systems to retrieve the description.

How Does It Work?

Here is a vastly simplified description of how MUD works:

  • MUD-enabled devices come containing the MUD URL.
  • When that device is plugged into a system, it communicates that URL to the system’s MUD manager.
  • The MUD manager uses the URL to get the MUD file containing the device description. It then processes the file.
  • Once the MUD file is processed, changes to the system may be implemented automatically or manually depending on organizational policy.

But what about non-MUD-enabled devices? Here, the MUD manager may need to search for the MUD URL and/or file using other mechanisms, such as serial numbers or public keys. Everything else remains the same. Thus, MUD is flexible enough to address security concerns of devices implemented prior to the creation of the MUD specification.

What do the descriptions look like? Let’s use the example of a printer. The MUD description for a printer might specify:

  • Allow access for port IPP or port LPD.
  • Allow local access for port HTTP.
  • Deny all other access.

In this way, anyone can print to the printer, but local access would be required for the management interface.

A Way Forward . . .

The final part of this series will explore applications of MUD as described in NIST Special Publication 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices.

Diana Proud-Madruga, CISSP, is a Senior Security Analyst with Electrosoft.

Return to Electroblog