Article, Publication

SunBlock: Cloudless Protection for IoT Systems

L I M

PETRAS announces a paper from thePrivacy Preserving IoT Security Management (PRISM) project — “SunBlock: Cloudless Protection for IoT Systems. 

The paper has been accepted to be published to the Passive and Active Measurement Conference, PAM 2024. It follows on from a series of papers exploring IoT safeguards. 

The paper is now available to view and download on Cornell University’s curated research-sharing platform arXiv. 

Abstract 

With an increasing number of Internet of Things (IoT) devices present in homes, there is a rise in the number of potential information leakage channels and their associated security threats and privacy risks. Despite a long history of attacks on IoT devices in unprotected home networks, the problem of accurate, rapid detection and prevention of such attacks remains open. Many existing IoT protection solutions are cloud-based, sometimes ineffective, and might share consumer data with unknown third parties. This paper investigates the potential for effective IoT threat detection locally, on a home router, using AI tools combined with classic rule-based traffic-filtering algorithms. Our results show that with a slight rise of router hardware resources caused by machine learning and traffic filtering logic, a typical home router instrumented with our solution is able to effectively detect risks and protect a typical home IoT network, equalling or outperforming existing popular solutions, without any effects on benign IoT functionality, and without relying on cloud services and third parties. 

Summary 

In this paper, the researchers investigate the possibility of using locally-run threat detection and prevention algorithms on a typical home router, as well as measure quantitative implications on router’s memory (RAM), processing power (CPU), bandwidth (BW), and whether consuming these resources has any impact on the smooth operation of user’s home network devices and applications. Specifically, the researchers demonstrate the feasibility of a completely local IoT protection solution, named SunBlock, which combines existing rule-based traffic filtering tools and machine-learning libraries to provide a resource-efficient prototype combining both intrusion detection (IDS) and intrusion prevention (IPS) systems. The paper is concluded by exposing the SunBlock prototype to a set of various IoT threats, demonstrating that it can detect a spectrum of threats more than twice as large as that detected by popular commercial IoT protection solutions. 

Primary Questions 

  • Can the commercial cloud-based safeguards be replaced by a threat detection and prevention software running locally on a home router? 
  • What is the performance of SunBlock in terms of overhead and threat detection capability? 

Key Conclusions 

  • IoT threats can be rapidly mitigated on a home router, equipped with ML/AI anomaly detection and rule-based traffic filtering algorithms. 
  • Most types of threats are promptly identified and blocked within the first 5 seconds. 
  • The local threat detection approach eliminates the need for dependence on cloud-based IoT security solutions and thus blocks extra channels of potential PII and other user-sensitive data exposure. 

If you have any questions relating to this work, please contact the PETRAS Centre Team at petras@ucl.ac.uk.