SERENIoT: Distributed Network Security Policy Management and Enforcement for Smart Homes

Selectively allowing network traffic has emerged as a dominant approach for securing consumer IoT devices. However, determining what the allowed behavior of an IoT device should be remains an open challenge. Proposals to date have relied on manufacturers and trusted parties to provide allow lists of network traffic, but these proposals require manufacturer involvement or placing trust in an additional stakeholder. Alternatively, locally monitoring devices can allow building allow lists of observed behavior, but devices may not exhaust their functionality set during the observation period, and the behavior may change following a software update which requires re-training. This paper proposes a blockchain-based system for determining whether an IoT device is behaving like other devices of the same type. Our system, SERENIoT, overcomes the challenge of initially determining the correct behavior for a device. Nodes in the SERENIoT public blockchain submit summaries of the network behavior observed for connected IoT devices and build allow lists of behavior observed by the majority of nodes. Changes in behavior through software updates are automatically added to the allow list once the update is broadly deployed. Through a proofof-concept implementation of SERENIoT on a small IoT network and a large-scale Amazon EC2 simulation, we evaluate the security, scalability, and performance of our system.