What was once merely a digital means for connecting people around the world, the World Wide Web has evolved to now also connect “things”. The IoT is essentially a network of physical objects, such as gadgets and cars, embedded with electronic sensors and software, as well as networking components that enable these objects to exchange data over the Internet. Some popular IoT devices include Wi-Fi video cameras (e.g., the Dropcam) and temperature sensors. While these devices generally enhance user experiences, they can pose security risks to the networks (whether home or enterprise) to which they are connected. IoT devices are typically configured to remain continuously connected to the Internet (i.e., to associated cloud application servers) regardless of whether the devices are in actual use. If a device is hacked (such as by exploiting a bug in its software), this can subject the network to unauthorized access. For some devices, a continuous Internet connection is justified and even required to achieve their intended purposes. For example, temperature sensors must be allowed to continuously stream data to the cloud to update users on the conditions of their homes. Most devices, however, such as Wi-Fi video cameras, have no need for such access—in these cases, more devices on a network generally translates to higher exposure to attacks; when these devices are not in use, their live Internet connections serve no purpose other than as pathways for malicious agents to enter the network.
Conventionally, networks (both in the home and enterprises) have been secured via rules-based firewalls or Virtual Private Networks (VPNs) that block unauthorized access to client and IoT devices on the networks. These solutions, however, are not designed to actively communicate with remote client users and to control device access to the Internet based on usage of the devices. If a network is only accessible through a VPN, for example, then the user is required to utilize a VPN client to communicate to the network. Conventional routers/gateways are also unable to identify whether an IoT device is merely communicating with an authorized external server or has been compromised by a malicious user. To date, IoT device and network security has rested mainly on device manufacturers, many of whom implement client/device communication schemes with little emphasis on device security.