Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Lotto, Alessandro, Sciancalepore, Savio, Brighente, Alessandro, Conti, Mauro
Format: Preprint
Veröffentlicht: 2026
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2605.29654
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866917543330971648
author Lotto, Alessandro
Sciancalepore, Savio
Brighente, Alessandro
Conti, Mauro
author_facet Lotto, Alessandro
Sciancalepore, Savio
Brighente, Alessandro
Conti, Mauro
contents The Manufacturer Usage Description (MUD) standard enables enforcement of network restrictions for IoT devices based on their expected network traffic, as specified by manufacturers in an online MUD file. Devices advertise a URL pointing to this file, yet the standard does not define how to securely bind the issuing device to its profile. As a result, malicious devices can manipulate network policy enforcement by advertising valid URLs referencing genuine MUD profiles, but not intended for that device. Although MUD defines a certificate-based secure issuance method, current deployments rely on the insecure DHCP-based extension due to simpler integration. Existing solutions either depend on Public Key Infrastructure (PKI), break standard compliance, require excessive active manufacturer involvement, or overlook secure profile updates. In this paper, we present FIDEM, a standard-compliant framework for securing DHCP-based MUD URL issuance. FIDEM provides cryptographic binding between IoT devices and their MUD profiles by leveraging Zero-Knowledge-Proof authentication, eliminating PKI reliance, minimizing manufacturers' involvement, and supporting secure profile updates. Formal analysis shows that FIDEM withstands stronger adversaries than in prior work, including supply-chain compromise and attacks using legitimate devices as cryptographic oracles. Our real-world evaluation on two reference constrained devices (ESP32-S3 and ESP32-C6) demonstrates minimal overhead compared to standard DHCP (approximately 5ms and 20mJ) and significant improvements over certificate-based benchmarks (approximately x20 faster, and 35% less energy).
format Preprint
id arxiv_https___arxiv_org_abs_2605_29654
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle FIDEM: A Standard-Compliant Framework for Secure Binding of MUD Profiles to IoT Devices
Lotto, Alessandro
Sciancalepore, Savio
Brighente, Alessandro
Conti, Mauro
Cryptography and Security
The Manufacturer Usage Description (MUD) standard enables enforcement of network restrictions for IoT devices based on their expected network traffic, as specified by manufacturers in an online MUD file. Devices advertise a URL pointing to this file, yet the standard does not define how to securely bind the issuing device to its profile. As a result, malicious devices can manipulate network policy enforcement by advertising valid URLs referencing genuine MUD profiles, but not intended for that device. Although MUD defines a certificate-based secure issuance method, current deployments rely on the insecure DHCP-based extension due to simpler integration. Existing solutions either depend on Public Key Infrastructure (PKI), break standard compliance, require excessive active manufacturer involvement, or overlook secure profile updates. In this paper, we present FIDEM, a standard-compliant framework for securing DHCP-based MUD URL issuance. FIDEM provides cryptographic binding between IoT devices and their MUD profiles by leveraging Zero-Knowledge-Proof authentication, eliminating PKI reliance, minimizing manufacturers' involvement, and supporting secure profile updates. Formal analysis shows that FIDEM withstands stronger adversaries than in prior work, including supply-chain compromise and attacks using legitimate devices as cryptographic oracles. Our real-world evaluation on two reference constrained devices (ESP32-S3 and ESP32-C6) demonstrates minimal overhead compared to standard DHCP (approximately 5ms and 20mJ) and significant improvements over certificate-based benchmarks (approximately x20 faster, and 35% less energy).
title FIDEM: A Standard-Compliant Framework for Secure Binding of MUD Profiles to IoT Devices
topic Cryptography and Security
url https://arxiv.org/abs/2605.29654