SODA: A software-defined security framework for IoT environments

Abstract The Internet of Things (IoT), based on interconnected devices, enables a variety of elegant new services that could not be realized in a traditional environment, and many of these services harvest the information of a potentially sensitive and private nature belonging to individual users. Unfortunately, existing security functions used to protect such information are difficult to implement in an IoT environment due to the widely varying capacities, functionalities, and security requirements of IoT devices. In this work, to protect against unrestricted accesses to other devices and information extortion from these devices, we propose SODA , a secure IoT gateway that enables a device-side dynamic access control and is capable of deploying various security services to protect sensitive and private information. To show its effectiveness and practicality, we assume that a large number of IoT devices are crowded around an IoT gateway, and we implement a prototype of SODA for such an environment based on software-defined-networking (SDN) and integrate virtual network functions (VNFs) over network function virtualization (NFV) on top of a real IoT device. From our evaluation, we demonstrate how SODA mitigates real-world attacks through its security functions, and presents how it satisfies the performance requirements of a real environment.

[1]  Maurizio Martinelli,et al.  nDPI: Open-source high-speed deep packet inspection , 2014, 2014 International Wireless Communications and Mobile Computing Conference (IWCMC).

[2]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[3]  Daniele Miorandi,et al.  A secure and quality-aware prototypical architecture for the Internet of Things , 2016, Inf. Syst..

[4]  Daniele Miorandi,et al.  A risk assessment methodology for the Internet of Things , 2018, Comput. Commun..

[5]  Yacine Challal,et al.  A Systemic Approach for IoT Security , 2013, 2013 IEEE International Conference on Distributed Computing in Sensor Systems.

[6]  Vinod Yegneswaran,et al.  Securing the Software Defined Network Control Layer , 2015, NDSS.

[7]  Daniele Miorandi,et al.  Dynamic Policies in Internet of Things: Enforcement and Synchronization , 2017, IEEE Internet of Things Journal.

[8]  Helen J. Wang,et al.  World-Driven Access Control for Continuous Sensing , 2014, CCS.

[9]  Daniele Miorandi,et al.  Security policy enforcement for networked smart objects , 2016, Comput. Networks.

[10]  Kai Zhao,et al.  A Survey on the Internet of Things Security , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[11]  Denny Darlis,et al.  An implementation of data encryption for Internet of Things using blowfish algorithm on FPGA , 2014, 2014 2nd International Conference on Information and Communication Technology (ICoICT).

[12]  Wolfgang Kellerer,et al.  An SDN/NFV-Enabled Enterprise Network Architecture Offering Fine-Grained Security Policy Enforcement , 2017, IEEE Communications Magazine.

[13]  Fang Hao,et al.  Application-aware data plane processing in SDN , 2014, HotSDN.

[14]  Vinod Yegneswaran,et al.  Barista: An Event-centric NOS Composition Framework for Software-Defined Networks , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[15]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[16]  Qian Zhu,et al.  IOT Gateway: BridgingWireless Sensor Networks into Internet of Things , 2010, 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[17]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[18]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[19]  Daniele Miorandi,et al.  REATO: REActing TO Denial of Service attacks in the Internet of Things , 2018, Comput. Networks.

[20]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[21]  Srinivasan Seshan,et al.  Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things , 2015, HotNets.

[22]  Seungwon Shin,et al.  UNISAFE: A Union of Security Actions for Software Switches , 2016, SDN-NFV@CODASPY.

[23]  Ramjee Prasad,et al.  Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT) , 2010, CNSA.

[24]  Nick McKeown,et al.  A network in a laptop: rapid prototyping for software-defined networks , 2010, Hotnets-IX.

[25]  Vinod Yegneswaran,et al.  Operator-Defined Reconfigurable Network OS for Software-Defined Networks , 2019, IEEE/ACM Transactions on Networking.

[26]  Daniele Miorandi,et al.  AUPS: An Open Source AUthenticated Publish/Subscribe system for the Internet of Things , 2016, Inf. Syst..

[27]  Vyas Sekar,et al.  Design and Implementation of a Consolidated Middlebox Architecture , 2012, NSDI.

[28]  Martín Abadi Access Control in a Core Calculus of Dependency , 2007, Electron. Notes Theor. Comput. Sci..