Software Engineering Institute

Internet of Things (IoT) security remains a challenge due to device vulnerabilities and untrusted supply chains, often limiting the benefits that organizations can obtain from integrating novel IoT devices to support business goals and enhance user experience. To that effect we developed KalKi: an IoT security platform that uses software-defined networking (SDN) concepts and constructs to create per-device defenses that enable integration of untrusted, off-the-shelf IoT devices. However, KalKi had limitations related to performance, scalability, and usability. This paper presents KalKi++, an evolution of KalKi that improves the performance, scalability and usability of the platform by orders of magnitude, with the added benefit of now being able to run on resource-limited hardware and support a larger number of use cases. We present the new architecture, enhanced threat model, and evaluation results for the new platform.