学术文献库

Network traffic whitelisting has emerged as a dominant approach for securing consumer IoT devices. However, determining what the whitelisted behavior of an IoT device should be remains an open challenge. Proposals to date have relied on manufacturers and trusted parties to provide whitelists, but these proposals require manufacturer involvement or placing trust in an additional stakeholder. Alternatively, locally monitoring devices can allow building whitelists of observed behavior, but devices may not exhaust their functionality set during the observation period, or the behavior may change following a software update which requires re-training. This paper proposes a blockchain-based system for determining whether an IoT device is behaving like other devices of the same type. Our system (SERENIoT, pronounced Serenity) overcomes the challenge of initially determining the correct behavior for a device. Nodes in the SERENIoT public blockchain submit summaries of the network behavior observed for connected IoT devices and build whitelists of behavior observed by the majority of nodes. Changes in behavior through software updates are automatically whitelisted once the update is broadly deployed. Through a proof-of-concept implementation of SERENIoT on a small Raspberry Pi IoT network and a large-scale Amazon EC2 simulation, we evaluate the security, scalability, and performance of our system.