Disrupting Attacker Value Propositions in Residential Networks
WPI - Computer Science
Date: Thursday, April 22, 2021
Time: 11:30 AM - 12:00 PM
Zoom Link: https://wpi.zoom.us/j/7647389533
Meeting ID: 764 738 9533
Advisor: Craig A. Shue
Reader: Mark L. Claypool
Attacks on residential networks continue to rise because poor security practices provide access for infiltration and compromised smart devices serve as ideal systems for botnets. Reducing the target on home networks requires a defense model that disrupts an attacker's value proposition; that is, the defense increases the required work to access a home network and decreases the perceived benefits of controlling home-networked devices.
In this work, we explore two areas of home network security schemes, namely remote access and residential proxy detection. Remote access is a simple, easy-to-understand approach that addresses the threat of home network intrusion and allows homeowners to access their devices and services anywhere outside the network. With a remote access scheme in place, attackers must spend more time and effort to find and compromise vulnerable devices. Residential proxy detection addresses the threat of IoT malware that allows attackers to remotely control home-networked devices; furthermore, residential proxies are relatively new services, and thus detecting them has not received much attention in network security research. With a proxy detection scheme in place, attackers' benefits decrease because they lose control of home-networked devices once their activity is detected.
We implement both classes of security services on a consumer-grade home router to show how the services work in practice. Additionally, we run performance evaluations to determine whether the router can run the services without significant performance overhead. Overall, we find that the service designs successfully address relevant attack vectors while offering minimal performance overhead for consumer-grade routers.