This project investigates how to securely onboard IoT devices in smart warehouse environments using the Manufacturer Usage Description (MUD) standard. It aims to automate network segmentation and firewall rule generation by combining real-time traffic monitoring with a conversational assistant powered by a large language model (LLM). The goal is to ensure that each device only communicates with the services it truly needs, minimizing attack surfaces and supporting secure operations in logistics industries.
Thesis Type:
- Master Thesis / Bachelor Thesis
Goal and Tasks:
- Device Detection: Develop a Raspberry Pi-based service that monitors router traffic and identifies new IoT devices by MAC address, IP, vendor string, and MUD URL.
- Conversational Assistant: Integrate a web-based assistant backed by an LLM to guide technicians in classifying devices and suggest appropriate network segments.
- Policy Generation: Automatically generate MUD profiles, VLAN tags, and firewall rules based on LLM recommendations, and apply them to the router via API or SSH.
- Validation: Monitor device traffic post-deployment to verify that only allowed communications occur and generate a pass/fail report.
Recommended Prior Knowledge:
- Basic networking knowledge (IP, MAC, VLAN, firewall rules)
- Experience with Raspberry Pi or similar embedded platforms
- Programming skills (Python)
- Interest in IoT protocols and standards
Start:
- Flexible – ideally within the next 1–2 months / 6 months
Contact: