Arm Community
Arm Community
  • Site
  • User
  • Site
  • Search
  • User
Research Collaboration and Enablement
Research Collaboration and Enablement
Research Articles Securing Small-Business and Home IoT Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)
  • Research Articles
  • Arm Research - Most active
  • Arm Research Events
  • Members
  • Mentions
  • Sub-Groups
  • Tags
  • Jump...
  • Cancel
Research Collaboration and Enablement requires membership for participation - click to join
More blogs in Research Collaboration and Enablement
  • Research Articles

Tags
  • Arm Research
  • iot security
  • Security
  • Research collaboration
  • Internet of Things (IoT)
Actions
  • RSS
  • More
  • Cancel
Related blog posts
Related forum threads

Securing Small-Business and Home IoT Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)

Charlotte Christopherson
Charlotte Christopherson
May 14, 2019
3 minute read time.

Arm Research explore, evaluate and develop a number of advanced IoT security techniques, together with collaborators from across academia and industry. One of our current collaborative projects is with NIST in the National Cybersecurity Center of Excellence (NCCoE), working on Mitigating IoT-Based DDoS to develop practical, interoperable cybersecurity approaches that address the real-world needs of complex Information Technology (IT) systems. By accelerating dissemination and use of these integrated tools and technologies for protecting IT assets, the NCCoE aims to enhance trust in U.S. IT communications, data, and storage systems; reduce risk for companies and individuals using IT systems; and encourage development of innovative, job-creating cybersecurity products and services. NIST does not evaluate commercial products under this Consortium and does not endorse any product or service used. Additional information on the Consortium can be found here.

Billions of electronic devices such as smart TVs, smart speakers, digital thermostats, even tooth brushes comprise the growing, diverse universe that is the Internet of Things (IoT). Homeowners and small-business owners may be surprised to discover how many of their devices are directly or indirectly connected to the internet. Because IoT devices may have unpatched or easily discoverable software flaws, coupled with minimal security, malicious actors can easily exploit these vulnerabilities to conduct network-based attacks. They can also commandeer groups of compromised devices into botnets that coordinate a variety of attacks. One such attack is a large-scale assault known as distributed denial of service (DDoS) that may result in substantial revenue loss, harm to reputation, and erosion of customer trust, not only for businesses that rely on the internet and for internet service providers, but also for IoT device manufacturers themselves. IoT device users may suffer service degradation and they may potentially incur extra costs if malicious actors integrate their device(s) into botnets.

The Internet Engineering Task Force’s manufacturer usage description (MUD) architecture provides a standard way for manufacturers to identify each device’s type and to indicate the network communications that it requires to perform its intended function. The NCCoE has demonstrated the ability to ensure that when an IoT device connects to a home or small-business network, MUD can limit the device to send and receive only the traffic it requires to perform its intended function, and prohibit all other communications with the device. This blunts DDoS attacks as well as other internet-based intrusions into home and small-business networks.

By all estimates, the popularity and many uses of the IoT in businesses and home environments will continue to grow and evolve along with the cyber risks. That’s why Arm Research and the National Institute of Standards and Technology’s (NIST)  National Cybersecurity Center of Excellence (NCCoE) have embarked on a project with our fellow tech industry collaborators, including CableLabs, Cisco, CTIA, DigiCert, ForeScout, Global Cyber Alliance, MasterPeace Solutions, Molex, Patton Electronics, and Symantec, who are all helping to make the IoT safer.

Our efforts have culminated in a NIST cybersecurity preliminary draft practice guide, NIST Special Publication 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD), which is available now and open for public comment until June 24, 2019. The guide comprises of an example solution built by the consortium, using methods based on the MUD specification to help reduce the potential for IoT-based DDoS attacks.

Download the Guide

About the National Cybersecurity Center of Excellence (NCCoE)

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. Through this collaboration, the NCCoE applies standards and best practices to develop modular, easily adaptable example cybersecurity solutions using commercially available technology. More information is available at: https://www.nccoe.nist.gov.

Anonymous
Research Articles
  • HOL4 users' workshop 2025

    Hrutvik Kanabar
    Hrutvik Kanabar
    Tue 10th - Wed 11th June 2025. A workshop to bring together developers/users of the HOL4 interactive theorem prover.
    • March 24, 2025
  • TinyML: Ubiquitous embedded intelligence

    Becky Ellis
    Becky Ellis
    With Arm’s vast microprocessor ecosystem at its foundation, the world is entering a new era of Tiny ML. Professor Vijay Janapa Reddi walks us through this emerging field.
    • November 28, 2024
  • To the edge and beyond

    Becky Ellis
    Becky Ellis
    London South Bank University’s Electrical and Electronic Engineering department have been using Arm IP and teaching resources as core elements in their courses and student projects.
    • November 5, 2024