Fane: A Firewall Appliance For The Smart Home
Christoph Haar, Erik Buchmann
Citation: Proceedings of the 2019 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 18, pages 449–458 (2019)
Abstract. With the advent of of the Internet of Things (IoT), many domestic devices have been equipped with information technology. By connecting IoT devices with each other and with the Internet, Smart Home installations exist that allow the automation of complex household tasks. A popular example is Google Nest that controls cooling, heating and home security. However, Smart Home users are tempted to neglect that such IoT devices pose IT-Security risks. Examples like the Mirai malware have already shown that insecure IoT devices can be used for large-scale network attacks. Thus, it is important to adapt security approaches to Smart Home installations. In this paper, we introduce FANE, our concept for a Firewall AppliaNcE for Smart Home installations. FANE makes a few realistic assumptions on the network segmentation and the communication profile of IoT devices. This allows FANE to learn firewall rules automatically. Our prototypical implementation indicates that FANE can secure a wide range of IoT devices without requiring network-security expertise from the Smart Home user.
- Nest Labs, Nest, https://nest.com/, Accessed: 2019-02-25.
- Wareable Ltd., Amazon Echo voice control, https://www.the-ambient.com/guides/best-amazon-alexa-commands-280, Accessed: 2019-02-25.
- C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “Ddos in the iot: Mirai and other botnets,” Computer, vol. 50, no. 7, pp. 80–84, 2017.
- P. P. Gaikwad, J. P. Gabhane, and S. S. Golait, “A survey based on smart homes system using internet-of-things,” in 2015 International Conference on Computation of Power, Energy, Information and Communication, IEEE, 2015, pp. 0330–0335.
- L. Jiang, D.-Y. Liu, and B. Yang, “Smart home research,” in Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No. 04EX826), IEEE, vol. 2, 2004, pp. 659–663.
- R. Roman, J. Zhou, and J. Lopez, “On the features and challenges of security and privacy in distributed internet of things,” Computer Networks, vol. 57, no. 10, pp. 2266–2279, 2013.
- T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle, “Security challenges in the ip-based internet of things,” Wireless Personal Communications, vol. 61, no. 3, pp. 527–542, 2011.
- K. Neupane, R. Haddad, and L. Chen, “Next generation firewall for network security: A survey,” in Southeast-Con 2018, IEEE, 2018, pp. 1–6.
- J. Surana, K. Singh, N. Bairagi, N. Mehto, and N. Jaiswal, “Survey on next generation firewall,” International Journal of Engineering Research and Development, vol. 5, no. 2, pp. 984–988, 2017.
- G. Disterer, “Iso/iec 27000, 27001 and 27002 for information security management,” 2013.
- Bundesamt für Sicherheit in der Informationstechnik, “BSI-Standard 200-2, IT-Grundschutz-Methodik,” https://www.bsi.bund.de, 2017.
- O. of Government Commerce, Introduction to ITIL, The key to managing IT services. Van Haren Publishing, 2005.
- S. Fenz, G. Goluch, A. Ekelhart, B. Riedl, and E. Weippl, “Information security fortification by ontological mapping of the iso/iec 27001 standard,” in 13th Pacific Rim International Symposium on Dependable Computing, IEEE, 2007, pp. 381–388.
- S. W. Lodin and C. L. Schuba, “Firewalls fend off invasions from the net,” IEEE spectrum, vol. 35, no. 2, pp. 26–34, 1998.
- K. Jaswal, P. Kumar, and S. Rawat, “Design and development of a prototype application for intrusion detection using data mining,” in 2015 4th international conference on reliability, infocom technologies and optimization, IEEE, 2015, pp. 1–6.
- L. S. Parihar and A. Tiwari, “Survey on intrusion detection using data mining methods,” International Journal for Science and Advanced Research in Technology, vol. 3, no. 12, pp. 342–7, 2016.
- A. L. Buczak and E. Guven, “A survey of data mining and machine learning methods for cyber security intrusion detection,” IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153–1176, 2016.
- K. Golnabi, R. K. Min, L. Khan, and E. Al-Shaer, “Analysis of firewall policy rules using data mining techniques,” in 2006 IEEE/IFIP Network Operations and Management Symposium NOMS 2006, IEEE, 2006, pp. 305–315.
- A. K. Bandara, A. C. Kakas, E. C. Lupu, and A. Russo, “Using argumentation logic for firewall configuration management,” in 2009 IFIP/IEEE International Symposium on Integrated Network Management, IEEE, 2009, pp. 180–187.
- D. B. Chapman, E. D. Zwicky, and D. Russell, Building internet firewalls. O’Reilly & Associates, Inc., 1995.
- G. Kortuem, F. Kawsar, V. Sundramoorthy, D. Fitton, et al., “Smart objects as building blocks for the internet of things,” IEEE Internet Computing, vol. 14, no. 1, pp. 44–51, 2009.
- Procter & Gamble, Oral-b genius electric toothbrushes, https://www.oralb.co.uk/en-gb/products/electric-toothbrushes/oral-b-genius, Accessed: 2019-04-25.
- N. Gupta, V. Naik, and S. Sengupta, “A firewall for internet of things,” in 2017 9th International Conference on Communication Systems and Networks, IEEE, 2017, pp. 411–412.
- J. Stark, “Product lifecycle management,” in Product lifecycle management, Springer, 2015.
- A. R. Khakpour and A. X. Liu, “First step toward cloud-based firewalling,” in 2012 IEEE 31st Symposium on Reliable Distributed Systems, IEEE, 2012, pp. 41–50.
- C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan, “A survey of intrusion detection techniques in cloud,” Journal of network and computer applications, vol. 36, no. 1, pp. 42–57, 2013.
- ewelink, Sonoff relay, http://ewelink.coolkit.cc, Accessed: 2019-04-25.
- lingansmart, Power outlet, http://www.lingansmart.com, Accessed: 2019-04-25.
- XinweiYa Co.,Ltd., Security camera, http://www.cctvgood.com, Accessed: 2019-04-25.