Micronets: Enterprise-Level Security Is No Longer Just For Enterprises
Today we are introducing CableLabs® Micronets, a framework that simplifies and helps secure increasingly complex home and small business networks.
As we add devices to our networks such as cell phones, computers, printers, thermostats, appliances, lights and even medical monitors, our networks become more susceptible to intrusions. Micronets automatically segments devices into separate, policy-driven trust domains to help protect the devices, data and the user. Agile and easy-to-use, Micronets gives consumers increased protection and control of their local network without overwhelming them with technical details. Micronets reduces the risks associated with vulnerable devices but is not a substitute for strong device security.
The Micronets Advantage: Smart Security and Ease of Use
CableLabs Micronets is an advanced network management framework that utilizes three components to provide enhanced security:
Automated Networked Devices: While CableLabs is not the first organization to introduce the concept of network segmentation, Micronets’ primary advantage is in its implementation. The Micronets framework uses advanced mechanisms like device fingerprinting and Manufacture Usage Definitions (MUD) to intelligently group networked devices into dynamically managed trust domains or “micronets.”
For example, children’s devices are assigned to one micronet, home automation on another and so on. If one device is compromised, devices on the other micronets will not be visible to the attacker. The system will automatically quarantine the infected device, minimizing the risk to the network and other connected devices. While the system is largely autonomous, the user has the visibility and control to adjust trust domains and add new devices.
Seamless User Experience: Micronets provides a layer of dynamic management and secure credential provisioning that hides the complexity associated with network orchestration and focuses on improving the user experience. It’s a self-organizing platform that’s very easy to use and control which is a major benefit to an average customer who lacks the time and knowledge required for manual network administration.
Adaptive Devices: The Micronets framework also includes an intelligence layer that manages the connectivity between the individual trust domains, the Internet and third-party provider services. Because security threats continuously evolve, Micronets is built to evolve as well. State-of-the-art identity management and cloud-based intelligence technologies, like machine learning and neural networks, are leveraged to provide adaptive security that can evolve over the years, thereby providing a solution that will work for today’s as well as tomorrow’s needs.
Another benefit that Micronets can provide is enhanced security for highly sensitive devices or applications, through secure network extension via APIs. For example, Micronets can be used to establish a secure, end-to-end network connection between an Internet-connected medical device, like a glucose tester, and the cloud services of a healthcare provider. This enhanced capability provides confidentiality, integrity and availability of the medical device and the healthcare data to and from the device.
Micronets provides features, such as network isolation, similar to 5G network slicing but can operate across Wi-Fi and mobile networks. Micronets is focused on security of private networks (e.g., home networks and SMB networks) where 5G slicing is focused on different service segment performance levels of end to end networks. Since Micronets is an overlay technology, it’s compatible with existing networks, even 5G slicing, where 5G slicing is dependent on the broad deployment of the underlying 5G technologies.
Under the Hood: A Deeper Dive into How Micronets Works
Micronets has five major architectural components:
- Intelligent Services and Business Logic: This layer acts as the interface for the Micronets platform to interact with the rest of the world. It functions as a receiver of the user’s intent and business rules from the user’s services and combines them into operational decisions that are handed over to the Micronets Manager for execution.
- Micronets Manager: This critical element orchestrates all Micronets activities, especially flow switching rules between the home network, cable operator and third-party providers that allow the delivery of services. It also provides controls that allow the user to interact with the Micronets platform.
- Micronets Gateway: Micronets Gateway could be a cable modem, router, wireless access point, or LTE hub/femtocell. It’s a core networking component that uses Software Defined Networking (SDN) to define how Micronets services interact with the home network. It also oversees the entire device profile on the user network—both wired and wireless.
- The Home Network: All the devices on the customer’s home or SMB network are automatically organized into appropriate trust domains—or micronets—using the device identity and SDN based logic. However, the customer can always make manual changes through a user-friendly Micronets interface.
- Micronets API: Operator partners and third-party operators can interact with the Micronet manager via secure APIs. Micronets ensure that third-party devices and services are secured through mutual authenticated and encrypted communications channels.
The Rollout: Getting Micronets In Homes and Business
- White Paper: Our white paper lays out the vision and architecture of Micronets in greater detail.
- Industry Partnerships: We’re working with our industry partners and cable operator members to bring Micronets to consumers. We are also working on implementing an easy-onboarding framework that builds on top of features from the Wi-Fi Alliance (WFA), namely EasyConnect, WPA3 security and the Internet Engineering Task Force (IETF) Manufacturer Usage Description framework to enable the secure and seamless configuration and on-boarding of consumer devices. We are also leading the development of a secure interoperability specification for IoT devices in the Open Connectivity Foundation, and with Micronets, we’re making significant strides to simplifying and securing increasingly complex networks.
- Code: We are releasing the reference code, currently under development, to the open source community in the coming months.
- Government Collaboration: We’re participating in and supporting government efforts like NIST’s National Cybersecurity Center of Excellence project on mitigating botnets in home and small business networks.
- Our Members and Vendors: We are planning on developing and publishing specifications for standardized API’s for advanced security services based on machine learning and device fingerprinting in collaboration with our members and vendors.
CableLabs has long been a leader in the development of security technologies for the delivery of video and broadband Internet access services. With Micronets we are bringing our expertise to the growing world of connected devices, for which security is a shared responsibility across the Internet ecosystem. Micronets helps mitigate the risks associated with insecure IoT, but is not a substitute for or alternative to the ongoing efforts to drive increased device security, to prevent vulnerabilities at their source.
Download our white paper by clicking below or learn more here.
Interested in working with the CableLabs team or hearing more about Micronets? Contact Darshak Thakore (firstname.lastname@example.org).
Where is that Set-top Box?
As a technology developer in the cable industry, my friends often ask me questions like, "Why do I need all these boxes in front of my TV?", "Why do I need to use so many remotes?" , and "When will I be able to watch TV on my mobile/tablet?" My enthusiastic response has been, "Very soon!” And then I explain the Digital Living Network Alliance's CVP-2 Guidelines, and how this new technology leverages the latest HTML5 web standards to allow consumers to view their TV content on any device of their choice. The responses I receive range from the optimistic "Great! How Soon?" to the skeptical "I'll believe it when I see it", which is why I was really excited when DLNA launched the VidiPath Certification Program.
VidiPath enables TV services to be viewed on various devices like tablets, phones, Smart TVs, and game consoles within the consumer's home. More details about CVP-2 are available as a previous post to this blog. However, the relationship between CVP-2 and the VidiPath Certification deserves some explanation. CVP-2 was geek-speak for the technology guidelines while they were being developed in the industry. Now completed, the VidiPath™ brand has been born.
Ok, back to my excitement about the VidiPath Certification Program. The reasons are twofold. First and foremost, the certification launch means that the industry is just one final step from getting the CVP-2 technology into the market and in consumers’ homes. The other reason is that the CableLabs CVP-2 Server was qualified by DLNA as a CVP-2 Reference Server and selected for use in the VidiPath Certification Testbed.
Benefits of VidiPath to Consumers
VidiPath will allow a consumer to watch premium TV content on any VidiPath certified device within their home, and that is just the tip of the iceberg. Consumers will also be able to enjoy the following benefits with their VidiPath devices:
- Putting aside that extra remote to navigate and watch content.
- No longer needing multi-room set-top boxes.
- Watching TV on tablets or mobile phones while everyone else is watching something else on the big TV.
- Gaining a modern yet consistent user interface on all devices to navigate and bookmark content.
- Reclaiming entertainment center real estate by moving the set-top box to the basement or a closet.
CableLabs CVP-2 Reference Server (or How Has CableLabs Contributed?)
To support the success of VidiPath, CableLabs has been actively involved in the development of the CVP-2 guidelines and has also developed a CVP-2 Server utilizing a number of existing open source components to accelerate the development and adoption of VidiPath in the industry. To that effect, we had: a) good success right from the start with the Intel OTC team contributing code to Rygel, b) various companies utilizing our code base for their testing/development and providing us feedback, and c) our collaboration with Elliptic Technologies and utilizing their robust tVault for DTCP-IP solution in the CableLabs Reference Server to provide content protection and authentication. We are already shipping out the Reference Server to various DLNA members who are preparing to get their clients certified. Now we look forward to VidiPath clients getting certified and hitting the market.
In addition, CableLabs holds CVP-2 interoperability events (interops) about twice a year. During these interops, manufacturers and cable operators come together to evaluate how their client or server interacts with other CVP-2 clients and servers. We just finished up another successful interop, with sixteen different companies participating.
And finally, CableLabs has a VidiPath Interoperability Lab, where VidiPath client developers can develop and test against MSO VidiPath guides, as well as work with the CableLabs CVP-2 Reference Server and other DLNA CVP-2 test tools.
Contact info: Darshak Thakore is a Lead Architect in the Applications Technologies Group at CableLabs.