CableLabs last week released details about Micronets, a framework that uses enterprise-style network segmentation and artificial intelligence (AI) for on-premises networks to enable next generation device and network management for homes and small- to medium-sized businesses (SMBs). It will address security, scalability, management and ease-of-use challenges that are arising from the proliferation of Internet-connected devices.
"We are providing micro network segmentation in the home and small businesses without need for a system administrator," said Michael Glenn, VP, security technologies, CableLabs.
With Micronets, compromised devices will be restricted and quarantined, which will minimize risk to other devices on the network and protect high-value devices and services, like those used for remote patient monitoring, for example. CableLabs has published a white paper outlining the vision and architecture of Micronets and announced that it has several initiatives underway, including an easy-onboarding framework that uses features from the WiFi Alliance's EasyConnect/WPA3 Security and the Internet Engineering Task Force (IETF) Manufacturer Usage Description framework.
The framework described in the whitepaper involves a series of components including an SDN switch in the home gateway to implement flow rules and provide the ability to do micronet dynamic segmentation. There are APIs both on the gateway and in the network that allow security companies to monitor traffic patterns for malicious activity going out into the home and identify devices that are sending malicious traffic. Those devices can be quarantined and rate limited, and the end user will be notified as to what happened.
"(We are) pushing the machine learning into the cloud and moving it off of the gateway within the micronets architecture," Glenn said.
As an example of what the architecture might look like, appliances could attach to one micronet, home security devices to another, a smart car to a third, and high-value medical devices on to yet another micronet.
"Strong device identity is an important concept. The micronet (framework) doesn't work in isolation," Glenn said. "It is an ecosystem, and everyone has responsibility for security … not just ISPs or hosting providers or IoT manufacturers."
While there is an effort to drive security controls into devices with PKI certificates, there are still many devices with weaker security that are protected with user name or password to connect to home WiFi. With micronets, the devices are categorized, and if the refrigerator is compromised, for example, it is put on a quarantined micronet.
There also is a component of the framework that allows for easier onboarding of devices. With a medical device, for example, there could be a business-to-business relationship with the doctor's office so that the device would be preconfigured at the office with the SSID of the user's home. The network operator can pre-provision the device so that it automatically connects to the home network, Glenn said. In future versions of the micronet framework, the medical device might only connect to the doctor's office, the hospital and the manufacturer for software updates.
"This way if the medical device has a vulnerability, it provides an extra set of provisions to prevent attack," Glenn said.
Additionally, CableLabs plans to release the Micronet reference code to contribute to the open source community and will continue work with members and vendors to develop and publish specifications for standardized APIs for advanced security services based on machine learning and device fingerprinting.
"We are trying to standardize this architecture and framework," Glenn said. "That is why we are going public (now). More entities are coming to the conclusion that micronetwork segmentation in the home and small businesses is important for customers to manage (networks)."
CableLabs expects to publish a detailed architecture paper in December.
