Highly Scalable Architecture for White-list Based IoT Security as a Service by ISPs

Computer networks have undergone and continue to experience a major transformation, whereby billions of low-cost devices are being connected to the network to provide additional functionality and better user experience. Unlike traditional network devices, these devices, collectively known as the "Internet of Things" (IoT), typically have very limited computational, memory, and power resources. These IoT devices became a major security concerns, both due to human factors and to technical challenges in deploying security mechanisms on devices with low resources. The number and diversity of IoT devices creates a huge attack surface that is often exploited by attackers to launch large-scale attacks, sometimes exploiting well-known vulnerabilities.

This talk will highlight the security concerns of IoT devices from a networking perspective and explore how to secure IoT devices using whitelists, in which communication between a device and an endpoint is prohibited unless that endpoint appears in the corresponding whitelist.  Finally, we will discuss deployment options for such a solution (namely, within the internet gateway, as virtual network function within the ISP network, or a combination of the two).