A Review of Moving Target Defense Mechanisms for Internet of Things Applications

The chapter presents a review of proactive Moving Target Defense (MTD) paradigm and investigates the feasibility and potential of specific MTD approaches for the resource‐constrained Internet of Things (IoT) applications. The aim is not only to provide taxonomy of various MTD approaches but also to advocate MTD techniques in the dynamic network domain in conjunction with the emerging Software Defined Networking (SDN) for more effective proactive IoT defense. The Internet of Battlefield Things (IoBT) and Industrial IoT (IIoT), which subject to more attacks, are identified as two critical IoT domains that can reap from the SDN‐based MTD approaches. Finally, the chapter also discusses potential future research challenges of the MTD approaches in the IoT domain.

[1]  Arun Kumar Sangaiah,et al.  A Survey on software-defined networking in vehicular ad hoc networks: Challenges, applications and use cases , 2017 .

[2]  Imran A. Zualkernan,et al.  Internet of things (IoT) security: Current status, challenges and prospective measures , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[3]  Amin Hassanzadeh,et al.  Towards effective security control assignment in the Industrial Internet of Things , 2015, 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT).

[4]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[5]  Geoff Mulligan,et al.  The 6LoWPAN architecture , 2007, EmNets '07.

[6]  Kemal Akkaya,et al.  Efficient Privacy-Preserving Data Collection Scheme for Smart Grid AMI Networks , 2016, 2016 IEEE Global Communications Conference (GLOBECOM).

[7]  Tanner Preiss,et al.  Implementing dynamic address changes in ContikiOS , 2014, International Conference on Information Society (i-Society 2014).

[8]  Mohamed Eltoweissy,et al.  Diversity-Based Moving-Target Defense for Secure Wireless Vehicular Communications , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[9]  Ashraf Matrawy,et al.  Smart wireless sensor network management based on software-defined networking , 2014, 2014 27th Biennial Symposium on Communications (QBSC).

[10]  Hwee Pink Tan,et al.  Sensor OpenFlow: Enabling Software-Defined Wireless Sensor Networks , 2012, IEEE Communications Letters.

[11]  Ananthram Swami,et al.  The Internet of Battle Things , 2016, Computer.

[12]  J.A. Gutierrez,et al.  IEEE 802.15.4: a developing standard for low-power low-cost wireless personal area networks , 2001, IEEE Network.

[13]  Kemal Akkaya,et al.  Mitigating Selective Jamming Attacks in Smart Meter Data Collection using Moving Target Defense , 2017, Q2SWinet@MSWiM.

[14]  Joseph G. Tront,et al.  Designing a Micro-moving Target IPv6 Defense for the Internet of Things , 2017, 2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI).

[15]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[16]  Jon Postel,et al.  Internet Protocol , 1981, RFC.

[17]  Kemal Akkaya,et al.  Privacy-preserving protocols for secure and reliable data aggregation in IoT-enabled Smart Metering systems , 2018, Future Gener. Comput. Syst..

[18]  Craig A. Shue,et al.  The SDN Shuffle: Creating a Moving-Target Defense using Host-based Software-Defined Networking , 2015, MTD@CCS.

[19]  Fabrizio Granelli,et al.  Software defined and virtualized wireless access in future wireless networks: scenarios and standards , 2015, IEEE Communications Magazine.

[20]  Sushil Jajodia,et al.  A moving target defense approach to mitigate DDoS attacks against proxy-based architectures , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[21]  Robert Simon,et al.  The design and implementation of a multicast address moving target defensive system for internet-of-things applications , 2017, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM).

[22]  Johannes Winter,et al.  Hardware-security technologies for industrial IoT: TrustZone and security controller , 2015, IECON 2015 - 41st Annual Conference of the IEEE Industrial Electronics Society.

[23]  Chen Zhang,et al.  Area-Dividing Route Mutation in Moving Target Defense Based on SDN , 2017, NSS.

[24]  Ehab Al-Shaer,et al.  Efficient Random Route Mutation considering flow and network constraints , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[25]  Ehab Al-Shaer,et al.  Formal Approach for Resilient Reachability based on End-System Route Agility , 2016, MTD@CCS.

[26]  Joseph G. Tront,et al.  Using an IPv6 moving target defense to protect the Smart Grid , 2012, 2012 IEEE PES Innovative Smart Grid Technologies (ISGT).

[27]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[28]  Adam Dunkels,et al.  Low-power wireless IPv6 routing with ContikiRPL , 2010, IPSN '10.

[29]  Srihari Nelakuditi,et al.  CSMA/CN: carrier sense multiple access with collision notification , 2012, TNET.

[30]  Mario Gerla,et al.  Towards software-defined VANET: Architecture and services , 2014, 2014 13th Annual Mediterranean Ad Hoc Networking Workshop (MED-HOC-NET).

[31]  Rainer Matischek,et al.  Bring your own key for the industrial Internet of Things , 2017, 2017 IEEE International Conference on Industrial Technology (ICIT).

[32]  Prasad Calyam,et al.  Frequency-minimal moving target defense using software-defined networking , 2016, 2016 International Conference on Computing, Networking and Communications (ICNC).

[33]  Nick Feamster,et al.  The road to SDN: an intellectual history of programmable networks , 2014, CCRV.

[34]  Kevin Ashton,et al.  That ‘Internet of Things’ Thing , 1999 .

[35]  Thomas Watteyne,et al.  Understanding the Limits of LoRaWAN , 2016, IEEE Communications Magazine.

[36]  Dijiang Huang,et al.  SDN based Scalable MTD solution in Cloud Network , 2016, MTD@CCS.

[37]  Kaleel Mahmood,et al.  Moving target defense for Internet of Things using context aware code partitioning and code diversification , 2016, 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT).

[38]  Edgar R. Weippl,et al.  A Performance Assessment of Network Address Shuffling in IoT Systems , 2017, EUROCAST.

[39]  Ismail Güvenç,et al.  Secure Data Obfuscation Scheme to Enable Privacy-Preserving State Estimation in Smart Grid AMI Networks , 2016, IEEE Internet of Things Journal.

[40]  Fei Li,et al.  A moving target DDoS defense mechanism , 2014, Comput. Commun..

[41]  Eric C. Rosen,et al.  Multiprotocol Label Switching Architecture , 2001, RFC.

[42]  Eric Rescorla,et al.  HTTP Over TLS , 2000, RFC.

[43]  Frank T. Johnsen,et al.  Application of IoT in military operations in a smart city , 2018, 2018 International Conference on Military Communications and Information Systems (ICMCIS).

[44]  William W. Streilein,et al.  Finding Focus in the Blur of Moving-Target Techniques , 2014, IEEE Security & Privacy.

[45]  David E. Culler,et al.  Transmission of IPv6 Packets over IEEE 802.15.4 Networks , 2007, RFC.

[46]  Tommy Chin,et al.  MPBSD: A Moving Target Defense Approach for Base Station Security in Wireless Sensor Networks , 2016, WASA.

[47]  Nalini Venkatasubramanian,et al.  A Software Defined Networking architecture for the Internet-of-Things , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[48]  Dirk Schaefer,et al.  Industry 4.0: An Overview of Key Benefits, Technologies, and Challenges , 2017 .

[49]  Yasir Zaki Long Term Evolution (LTE) , 2013 .

[50]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[51]  SK Hafizul Islam,et al.  Provably Secure and Lightweight Certificateless Signature Scheme for IIoT Environments , 2018, IEEE Transactions on Industrial Informatics.

[52]  Jin B. Hong,et al.  Optimal Network Reconfiguration for Software Defined Networks Using Shuffle-Based Online MTD , 2017, 2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS).

[53]  Vishwapathi Rao Tadinada Software Defined Networking: Redefining the Future of Internet in IoT and Cloud Era , 2014, 2014 International Conference on Future Internet of Things and Cloud.

[54]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[55]  Wen Gao,et al.  Evolving defense mechanism for future network security , 2015, IEEE Communications Magazine.

[56]  Xiaofeng Wang,et al.  TPAH: a universal and multi-platform deployable port and address hopping mechanism , 2015 .

[57]  Jon Postel,et al.  User Datagram Protocol , 1980, RFC.

[58]  Holger Bock,et al.  Hardware-secured and transparent multi-stakeholder data exchange for industrial IoT , 2016, 2016 IEEE 14th International Conference on Industrial Informatics (INDIN).

[59]  Indra Widjaja,et al.  IEEE 802.11 Wireless Local Area Networks , 1997, IEEE Commun. Mag..

[60]  Niraj K. Jha,et al.  A Comprehensive Study of Security of Internet-of-Things , 2017, IEEE Transactions on Emerging Topics in Computing.

[61]  Ehab Al-Shaer,et al.  Randomizing AMI configuration for proactive defense in smart grid , 2013, 2013 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[62]  Peter Saint-Andre Extensible Messaging and Presence Protocol (XMPP): Core , 2011, RFC.

[63]  Sushil Jajodia,et al.  A moving target defense mechanism for MANETs based on identity virtualization , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[64]  Christopher N. Gutierrez,et al.  Denial of Service Elusion (DoSE): Keeping Clients Connected for Less , 2015, 2015 IEEE 34th Symposium on Reliable Distributed Systems (SRDS).

[65]  Thomas Kunz,et al.  Contiki-based IEEE 802.15.4 node's throughput and wireless channel utilization analysis , 2012, 2012 IFIP Wireless Days.

[66]  Adam Dunkels,et al.  Contiki - a lightweight and flexible operating system for tiny networked sensors , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[67]  Gerardo Pardo-Castellote,et al.  OMG Data-Distribution Service: architectural overview , 2003, 23rd International Conference on Distributed Computing Systems Workshops, 2003. Proceedings..

[68]  Qiang Wei,et al.  Path hopping based SDN network defense technology , 2016, 2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD).

[69]  Glenn Ergeerts,et al.  DASH7 alliance protocol 1.0: Low-power, mid-range sensor and actuator communication , 2015, 2015 IEEE Conference on Standards for Communications and Networking (CSCN).

[70]  Mohamed Ibnkahla,et al.  Software-defined wireless network architectures for the Internet-of-Things , 2015, 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops).

[71]  Philippe Jacquet,et al.  Optimized Link State Routing Protocol (OLSR) , 2003, RFC.

[72]  Ehab Al-Shaer,et al.  Adversary-aware IP address randomization for proactive agility against sophisticated attackers , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[73]  Sean Turner,et al.  Transport Layer Security , 2014, IEEE Internet Computing.

[74]  Junjie Li,et al.  Software Defined Networking Based On-Demand Routing Protocol in Vehicle Ad Hoc Networks , 2016, 2016 12th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN).

[75]  Fenlin Liu,et al.  SDN-Based Double Hopping Communication against Sniffer Attack , 2016 .

[76]  Kemal Akkaya,et al.  EPIC: Efficient Privacy-Preserving Scheme With EtoE Data Integrity and Authenticity for AMI Networks , 2018, IEEE Internet of Things Journal.

[77]  Joseph G. Tront,et al.  The Blind Man's Bluff Approach to Security Using IPv6 , 2012, IEEE Security & Privacy.

[78]  Sherali Zeadally,et al.  Integration challenges of intelligent transportation systems with connected vehicle, cloud computing, and internet of things technologies , 2015, IEEE Wireless Communications.

[79]  Kemal Akkaya,et al.  Mitigating Crossfire Attacks Using SDN-Based Moving Target Defense , 2016, 2016 IEEE 41st Conference on Local Computer Networks (LCN).

[80]  Kimberly Zeitz,et al.  Changing the Game: A Micro Moving Target IPv6 Defense for the Internet of Things , 2018, IEEE Wireless Communications Letters.

[81]  Kevin S. Bauer,et al.  Have No PHEAR: Networks Without Identifiers , 2016, MTD@CCS.

[82]  Peter Saint-Andre Interoperability Report for the Extensible Messaging and Presence Protocol (XMPP) , 2006 .

[83]  Roy Want,et al.  Near field communication , 2011, IEEE Pervasive Computing.

[84]  Michele Zorzi,et al.  The internet of energy: a web-enabled smart grid system , 2012, IEEE Network.

[85]  Steve Vinoski,et al.  Advanced Message Queuing Protocol , 2006, IEEE Internet Computing.

[86]  Simon S. Lam,et al.  A Carrier Sense Multiple Access Protocol for Local Networks , 1979, Comput. Networks.

[87]  David E. Culler,et al.  Telos: enabling ultra-low power wireless research , 2005, IPSN 2005. Fourth International Symposium on Information Processing in Sensor Networks, 2005..

[88]  Jon Postel,et al.  Transmission Control Protocol , 1981, RFC.

[89]  Yicheng Xu,et al.  A RESTful framework for Internet of things based on software defined network in modern manufacturing , 2015, The International Journal of Advanced Manufacturing Technology.

[90]  Antonino Mazzeo,et al.  SIREN: a feasible moving target defence framework for securing resource-constrained embedded nodes , 2013, Int. J. Crit. Comput. Based Syst..

[91]  Igor Radusinovic,et al.  Software-Defined Fog Network Architecture for IoT , 2016, Wireless Personal Communications.

[92]  Charles E. Perkins,et al.  Highly dynamic Destination-Sequenced Distance-Vector routing (DSDV) for mobile computers , 1994, SIGCOMM.

[93]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[94]  Dhananjay Singh,et al.  A survey of Internet-of-Things: Future vision, architecture, challenges and services , 2014, 2014 IEEE World Forum on Internet of Things (WF-IoT).

[95]  Joseph G. Tront,et al.  Implementing moving target IPv6 defense to secure 6LoWPAN in the internet of things and smart grid , 2014, CISR '14.

[96]  Dijiang Huang,et al.  MTD Analysis and evaluation framework in Software Defined Network (MASON) , 2018, SDN-NFV@CODASPY.

[97]  Simon Haykin,et al.  Smart Home: Cognitive Interactive People-Centric Internet of Things , 2017, IEEE Communications Magazine.

[98]  Shen Yan,et al.  A Novel Efficient Address Mutation Scheme for IPv6 Networks , 2017, IEEE Access.

[99]  J. Feld,et al.  PROFINET - scalable factory communication for all applications , 2004, IEEE International Workshop on Factory Communication Systems, 2004. Proceedings..

[100]  Carles Gomez,et al.  Overview and Evaluation of Bluetooth Low Energy: An Emerging Low-Power Wireless Technology , 2012, Sensors.

[101]  Cesare Stefanelli,et al.  Analyzing the applicability of Internet of Things to the battlefield environment , 2016, 2016 International Conference on Military Communications and Information Systems (ICMCIS).

[102]  Carlos Eduardo Pereira,et al.  WirelessHART field devices , 2011, IEEE Instrumentation & Measurement Magazine.

[103]  Shahid Mumtaz,et al.  Massive Internet of Things for Industrial Applications: Addressing Wireless IIoT Connectivity Challenges and Ecosystem Fragmentation , 2017, IEEE Industrial Electronics Magazine.

[104]  David K. Y. Yau,et al.  Exploiting Power Grid for Accurate and Secure Clock Synchronization in Industrial IoT , 2016, 2016 IEEE Real-Time Systems Symposium (RTSS).

[105]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[106]  Fouad A. Tobagi,et al.  Performance Analysis of Carrier Sense Multiple Access with Collision Detection , 1980, Comput. Networks.

[107]  Thiemo Voigt,et al.  Routing Attacks and Countermeasures in the RPL-Based Internet of Things , 2013, Int. J. Distributed Sens. Networks.

[108]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[109]  David A. Maltz,et al.  DSR: the dynamic source routing protocol for multihop wireless ad hoc networks , 2001 .

[110]  Baosheng Wang,et al.  RPAH: Random Port and Address Hopping for Thwarting Internal and External Adversaries , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[111]  Dhananjay Singh,et al.  Semantic edge computing and IoT architecture for military health services in battlefield , 2017, 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[112]  Younghee Park,et al.  Fast address hopping at the switches: Securing access for packet forwarding in SDN , 2016, NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.

[113]  Jeffrey G. Andrews,et al.  Broadband wireless access with WiMax/802.16: current performance benchmarks and future potential , 2005, IEEE Communications Magazine.