About the SPIN project

The risks of the IoT

The ‘Internet of Things’ (IoT) can make our lives easier in many ways, but unfortunately involves risks and threats as well. This certainly also applies to home networks. Security of products by manufacturers often leaves much to be desired. And adequate management by users is often a challenge due to insufficient knowledge and resources.

As a result, security and privacy of the home network are at stake. Vulnerable IoT devices pose two major types of threat:

  • They’re a threat to the internet as a global communications infrastructure, because insecure IoT devices can become part of massive DDoS attacks.

  • They jeopardise the security, privacy, and perhaps even safety of end-users.

More about this can be found on the SIDN Labs site.

The SPIN project

To address these two threats, we started the SPIN (Security and Privacy for In-home Networks) project.

In this project, we research and prototype methods to make the home network safer, both in terms of protecting it from dangers of the Internet, and protecting the Internet from misbehaving IoT-devices.

The core of the SPIN project is the SPIN software: an open source toolkit to visualise, analyze, and block local network traffic. In its most basic setup, it shows users the devices on their networks, and their network activity, in what we call the ‘bubble app’; a live representation of network traffic. More importantly, SPIN can be used as a basis for prototyping new safety measures, and as a tool to more easily perform traffic analysis and IoT security research.

For instance, we use the SPIN software ourselved as a basis for prototyping DOTS Signal Call Home, as a measurmenet platform for examing smart lights, and for research into anomaly detection and machine learning.

Table of Contents

How does SPIN relate to the ValiBox?

ValiBox is a previous project of SIDN Labs. It is a small home router, with a DNSSEC-validating resolver as the most important distinguishing feature. We have taken the ValiBox as a platform to add SPIN functionality to it. Together they form a working whole. But another device can also function as a basis of SPIN. For instance we got SPIN working on a Turris Omnia router from NIC.CZ as an experiment. The ValiBox component has thus been replaced by a Turris.

Does SPIN do deep packet inspection?

No, but we are researching ways of doing anomaly detection on traffic metadata in order to detect malicious behaviour. The only packets SPIN inspects in details are DNS packets, to provide information about the DNS queries devices send.

What about my privacy?

SPIN does all processing locally. Not personal data ever leaves the box. It is important to understand though, that the GUI might reveal surf behaviour of everyone on the network. This can be circumvented by excluding certain devices from the view.

Resources on the internet which might be helpful to get started with SPIN.



Title Author(s) Occasion Date Language
SPIN: A User-centric Security Extension for In-home Networks C. Hesselman / J. Jansen / M. Davids / R. de O. Schmidt SIDN Labs Technical Report SIDN-TR-2017-002 June 2017 EN
Towards automated DDoS abuse protection C. Schutijser Master thesis August 2018 EN


Presentation slides


Third-party resources


About SIDN Labs

SIDN Labs is the R&D department of SIDN, the domainname registry for the .nl ccTLD. We develop and evaluate new technologies and systems with a goal of further enhancing the stability and security of .nl, the DNS and the infrastructure of the wider internet. The results of our work include prototypes, performance analyses, standards, articles and reports.

Further information can be found on our website