Comments
Security

Micronets: Enterprise-Level Security Is No Longer Just For Enterprises

Darshak Thakore
Lead Software Architect

Nov 14, 2018

Today we are introducing CableLabs® Micronets, a framework that simplifies and helps secure increasingly complex home and small business networks.

As we add devices to our networks such as cell phones, computers, printers, thermostats, appliances, lights and even medical monitors, our networks become more susceptible to intrusions. Micronets automatically segments devices into separate, policy-driven trust domains to help protect the devices, data and the user. Agile and easy-to-use, Micronets gives consumers increased protection and control of their local network without overwhelming them with technical details. Micronets reduces the risks associated with vulnerable devices but is not a substitute for strong device security.

The Micronets Advantage: Smart Security and Ease of Use

CableLabs Micronets is an advanced network management framework that utilizes three components to provide enhanced security:

Automated Networked Devices: While CableLabs is not the first organization to introduce the concept of network segmentation, Micronets’ primary advantage is in its implementation. The Micronets framework uses advanced mechanisms like device fingerprinting and Manufacture Usage Definitions (MUD) to intelligently group networked devices into dynamically managed trust domains or “micronets.”

For example, children’s devices are assigned to one micronet, home automation on another and so on. If one device is compromised, devices on the other micronets will not be visible to the attacker. The system will automatically quarantine the infected device, minimizing the risk to the network and other connected devices. While the system is largely autonomous, the user has the visibility and control to adjust trust domains and add new devices.

Seamless User Experience: Micronets provides a layer of dynamic management and secure credential provisioning that hides the complexity associated with network orchestration and focuses on improving the user experience. It’s a self-organizing platform that’s very easy to use and control which is a major benefit to an average customer who lacks the time and knowledge required for manual network administration.

Adaptive Devices: The Micronets framework also includes an intelligence layer that manages the connectivity between the individual trust domains, the Internet and third-party provider services. Because security threats continuously evolve, Micronets is built to evolve as well. State-of-the-art identity management and cloud-based intelligence technologies, like machine learning and neural networks, are leveraged to provide adaptive security that can evolve over the years, thereby providing a solution that will work for today’s as well as tomorrow’s needs.

Another benefit that Micronets can provide is enhanced security for highly sensitive devices or applications, through secure network extension via APIs. For example, Micronets can be used to establish a secure, end-to-end network connection between an Internet-connected medical device, like a glucose tester, and the cloud services of a healthcare provider. This enhanced capability provides confidentiality, integrity and availability of the medical device and the healthcare data to and from the device.

Micronets provides features, such as network isolation, similar to 5G network slicing but can operate across Wi-Fi and mobile networks. Micronets is focused on security of private networks (e.g., home networks and SMB networks) where 5G slicing is focused on different service segment performance levels of end to end networks. Since Micronets is an overlay technology, it’s compatible with existing networks, even 5G slicing, where 5G slicing is dependent on the broad deployment of the underlying 5G technologies.

Under the Hood: A Deeper Dive into How Micronets Works

Micronets has five major architectural components:

  • Intelligent Services and Business Logic: This layer acts as the interface for the Micronets platform to interact with the rest of the world. It functions as a receiver of the user’s intent and business rules from the user’s services and combines them into operational decisions that are handed over to the Micronets Manager for execution.
  • Micronets Manager: This critical element orchestrates all Micronets activities, especially flow switching rules between the home network, cable operator and third-party providers that allow the delivery of services. It also provides controls that allow the user to interact with the Micronets platform.
  • Micronets Gateway: Micronets Gateway could be a cable modem, router, wireless access point, or LTE hub/femtocell. It’s a core networking component that uses Software Defined Networking (SDN) to define how Micronets services interact with the home network. It also oversees the entire device profile on the user network—both wired and wireless.
  • The Home Network: All the devices on the customer’s home or SMB network are automatically organized into appropriate trust domains—or micronets—using the device identity and SDN based logic. However, the customer can always make manual changes through a user-friendly Micronets interface.
  • Micronets API: Operator partners and third-party operators can interact with the Micronet manager via secure APIs. Micronets ensure that third-party devices and services are secured through mutual authenticated and encrypted communications channels.

Micronets Enterprise Level Security

The Rollout: Getting Micronets In Homes and Business

  • White Paper: Our white paper lays out the vision and architecture of Micronets in greater detail.
  • Industry Partnerships: We’re working with our industry partners and cable operator members to bring Micronets to consumers. We are also working on implementing an easy-onboarding framework that builds on top of features from the Wi-Fi Alliance (WFA), namely EasyConnect, WPA3 security and the Internet Engineering Task Force (IETF) Manufacturer Usage Description framework to enable the secure and seamless configuration and on-boarding of consumer devices. We are also leading the development of a secure interoperability specification for IoT devices in the Open Connectivity Foundation, and with Micronets, we’re making significant strides to simplifying and securing increasingly complex networks.
  • Code: We are releasing the reference code, currently under development, to the open source community in the coming months.
  • Government Collaboration: We’re participating in and supporting government efforts like NIST’s National Cybersecurity Center of Excellence project on mitigating botnets in home and small business networks.
  • Our Members and Vendors: We are planning on developing and publishing specifications for standardized API’s for advanced security services based on machine learning and device fingerprinting in collaboration with our members and vendors.

CableLabs has long been a leader in the development of security technologies for the delivery of video and broadband Internet access services. With Micronets we are bringing our expertise to the growing world of connected devices, for which security is a shared responsibility across the Internet ecosystem.  Micronets helps mitigate the risks associated with insecure IoT, but is not a substitute for or alternative to the ongoing efforts to drive increased device security, to prevent vulnerabilities at their source.

Download our white paper by clicking below or learn more here.

Micronets White Paper

Interested in working with the CableLabs team or hearing more about Micronets? Contact Darshak Thakore (d.thakore@cablelabs.com).

Comments