SFaaS: Keeping an eye on IoT fusion environment with security fusion as a service

Abstract Currently, Internet of Things (IoT) applications are being fused with multiple technologies. Software-defined networking (SDN) is a core component of IoT fusion environments because of its concept of programmable networking in which a network manager can process each network flow using software programs. SDN is a powerful and flexible solution for the IoT communication infrastructure offering a centralized control architecture. However, the infrastructure is based on the hypothesis that all switches are trusted and follow programmed commands to handle packets. This means that if the switches are compromised by an attacker and do not follow the order of the network manager, a huge network disaster will occur. In this study, we propose a concept of Security Fusion as a Service (SFaaS) for addressing this issue. Based on this concept, we design two detection mechanisms fused on a softwarized switch topology measurement architecture environment to detect the attack models. We evaluate, analyze, and simulate our mechanisms and the softwarized measurement architecture service and demonstrate the high performance of detection and damage reduction to prove the validity of the SFaaS concept.

[1]  Syed Ali Khayam,et al.  Revisiting Traffic Anomaly Detection Using Software Defined Networking , 2011, RAID.

[2]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[3]  Paul Barford,et al.  Controller-agnostic SDN Debugging , 2014, CoNEXT.

[4]  Victor I. Chang,et al.  The efficient framework and algorithm for provisioning evolving VDC in federated data centers , 2017, Future Gener. Comput. Syst..

[5]  Colin Scott,et al.  Troubleshooting blackbox SDN control software with minimal causal sequences , 2015, SIGCOMM.

[6]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[7]  Ross J. Anderson,et al.  Authentication for Resilience: The Case of SDN , 2013, Security Protocols Workshop.

[8]  Xiaoning Zhang,et al.  Power-Efficient Provisioning for Online Virtual Network Requests in Cloud-Based Data Centers , 2015, IEEE Systems Journal.

[9]  Yao Zheng,et al.  DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[10]  Marco Canini,et al.  A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[11]  Lemin Li,et al.  A cost efficient framework and algorithm for embedding dynamic virtual network requests , 2013, Future Gener. Comput. Syst..

[12]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[13]  Ejaz Ahmed,et al.  Securing software defined networks: taxonomy, requirements, and open issues , 2015, IEEE Communications Magazine.

[14]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[15]  Gang Sun,et al.  L2P2: A location-label based approach for privacy preserving in LBS , 2017, Future Gener. Comput. Syst..

[16]  Muthu Ramachandran,et al.  Efficient location privacy algorithm for Internet of Things (IoT) services and applications , 2017, J. Netw. Comput. Appl..

[17]  Victor I. Chang,et al.  User-defined privacy location-sharing system in mobile online social networks , 2017, J. Netw. Comput. Appl..

[18]  Adrian Perrig,et al.  Fleet: defending SDNs from malicious administrators , 2014, HotSDN.

[19]  Jan Vykopal,et al.  Future of DDoS Attacks Mitigation in Software Defined Networks , 2014, AIMS.

[20]  Gang Sun,et al.  The framework and algorithm for preserving user trajectory while using location-based services in IoT-cloud systems , 2017, Cluster Computing.