Hestia: simple least privilege network policies for smart homes

The long-awaited smart home revolution has arrived, and with it comes the challenge of managing dozens of potentially vulnerable network devices by average users. While research has developed techniques to fingerprint these devices, and even provide for sophisticated network access control models, such techniques are too complex for end users to manage, require sophisticated systems or unavailable public device descriptions, and proposed network policies have not been tested against real device behaviors. As a result, none of these solutions are available to users today. In this paper, we present Hestia, a mechanism to enforce simple-but-effective network isolation policies. Hestia segments the network into just two device categories: controllers (e.g., Smart Hubs) and non-controllers (e.g., motion sensors and smart lightbulbs). The key insight (validated with a large IoT dataset) is that noncontrollers only connect to cloud endpoints and controller devices, and practically never to each other over IP networks. This means that non-controllers can be isolated from each other without preventing functionality. Perhaps more importantly, smart home owners need only specify which devices are controllers. We develop a prototype and show negligible performance overhead resulting from the increased isolation. Hestia drastically improves smart home security without complex, unwieldy policies or lengthy learning of device behaviors.