Masters Thesis

The Internet of Things - An Engineering Approach to Combating a Potential Skynet

For our Semester-in-Residence project, we worked with the networking team and the Security Operations Center (SOC) team to install and configure third party products to detect, identify, and classify device types on the network, group these devices into categories based on the network traffic and behaviors associated with them, and finally, begin to develop security related rules/policies for the identified traffic and related behaviors in order to reduce the risks that Internet of Things (IoT) devices pose. The ability to positively identify device types was imperative to the project: in a 2017 report, Gartner made the projection that 20.4 billion IoT devices will be in use by the year 2020, and, in a 2018 publication, made the claim that IoT devices introduce a multitude of security challenges to not only the devices themselves, but also to the systems to which they are connected to. As an Internet transport company providing connectivity to customers and forecasting Internet consumption for the near future in a non-infinite bandwidth reality, it is imperative Viasat understand the devices on the network at large and identify ways of categorizing and handling this traffic at scale. Our project proposal garnered technical and business development leadership interest: the ability to enhance customer experience, decrease network downtime, and decrease wasted bandwidth consumption to improve network security and reputation, brand loyalty and monetary savings was a worthy undertaking. Installing and configuring vendor hardware into physical Internet Service Provider (ISP) -level network space was the most time consuming and most technically complex piece of the project. The vendors’ capabilities introduced the classic “create it or buy it” scenario that technical companies often face; for this project, Viasat opted to pursue utilizing the vendors’ capabilities to accomplish detecting and identifying endpoint device types to focus efforts on better classifying and understanding the network and how to most effectively enforce security-centric policies in the future. With the proliferation of IoT devices, it is imperative that ISPs and security providers implement creative identification and effective enforcement solutions that stymie the risks these devices perpetuate all while being at the distinct disadvantage of not owning or administering the devices at either end of the conversation.

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.