Proactive defense mechanisms for the software-defined Internet of Things with non-patchable vulnerabilities

The Internet of Things (IoT) contains a large number of heterogeneous devices with a variety of vulnerabilities. As the vulnerabilities can be exploited by the attackers to break into the system, it is of vital importance to patch all vulnerabilities. However, some vulnerabilities are impossible to patch (e.g., forever-day vulnerabilities). In order to deal with non-patchable vulnerabilities, we propose to change the attack surface of the IoT network to increase the attack effort. With the support of software-defined networking (SDN), we develop two proactive defense mechanisms that reconfigure the IoT network topology. We analyze how the security and performance change when the proposed solutions are deployed by using a graphical security model and various metrics in simulations. The results show our proactive defense mechanisms in the SD-IoT effectively increase the attack effort, while maintaining the average shortest path length.

[1]  Antonio de la Oliva,et al.  An architecture for software defined wireless networking , 2014, IEEE Wireless Communications.

[2]  Song Guo,et al.  A software defined wireless sensor network , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[3]  Luis Muñoz,et al.  Large-Scale Mobile Sensing Enabled Internet-of-Things Testbed for Smart City Services , 2015, Int. J. Distributed Sens. Networks.

[4]  Sakir Sezer,et al.  Queen ' s University Belfast-Research Portal Are We Ready for SDN ? Implementation Challenges for Software-Defined Networks , 2016 .

[5]  Zhendong Su,et al.  On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits , 2005, CCS '05.

[6]  Jin B. Hong,et al.  A framework for automating security analysis of the internet of things , 2017, J. Netw. Comput. Appl..

[7]  Vamsi Paruchuri,et al.  Threat modeling using attack trees , 2008 .

[8]  Ashraf Matrawy,et al.  Smart wireless sensor network management based on software-defined networking , 2014, 2014 27th Biennial Symposium on Communications (QBSC).

[9]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[10]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[11]  Daniel W. Engels,et al.  Black SDN for the Internet of Things , 2015, 2015 IEEE 12th International Conference on Mobile Ad Hoc and Sensor Systems.

[12]  Xing Zhao,et al.  SWAN: An SDN based campus WLAN framework , 2014, 2014 4th International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems (VITAE).

[13]  Julie A. McCann,et al.  UbiFlow: Mobility management in urban-scale software defined IoT , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[14]  Robert Green,et al.  Communication security in internet of thing: preventive measure and avoid DDoS attack over IoT network , 2015, SpringSim.

[15]  Krzysztof Pawlikowski,et al.  AKAROA2: A Controller Of Discrete-Event Simulation Which Exploits The Distributed Computing Resources Of Networks. , 2009 .

[16]  Min Chen,et al.  Software-defined internet of things for smart urban sensing , 2015, IEEE Communications Magazine.

[17]  Aniruddha S. Gokhale,et al.  Publish/subscribe-enabled software defined networking for efficient and scalable IoT communications , 2015, IEEE Communications Magazine.

[18]  Dong Seong Kim,et al.  A Framework for Modeling and Assessing Security of the Internet of Things , 2015, 2015 IEEE 21st International Conference on Parallel and Distributed Systems (ICPADS).

[19]  Jin B. Hong,et al.  Towards scalable security analysis using multi-layered security models , 2016, J. Netw. Comput. Appl..

[20]  Béla Genge,et al.  Resilience in the Internet of Things: The Software Defined Networking approach , 2015, 2015 IEEE International Conference on Intelligent Computer Communication and Processing (ICCP).

[21]  Qi Hao,et al.  A Survey on Software-Defined Network and OpenFlow: From Concept to Implementation , 2014, IEEE Communications Surveys & Tutorials.

[22]  Yan Wang,et al.  Mobileflow: Toward software-defined mobile networks , 2013, IEEE Communications Magazine.

[23]  Arif Mahmud,et al.  Exploitation of OpenFlow in wireless sensor networks , 2011, Proceedings of 2011 International Conference on Computer Science and Network Technology.

[24]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[25]  Evangelos Theodoridis,et al.  SmartSantander: IoT experimentation over a smart city testbed , 2014, Comput. Networks.

[26]  Laura Galluccio,et al.  SDN-WISE: Design, prototyping and experimentation of a stateful SDN solution for WIreless SEnsor networks , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[27]  Jin B. Hong,et al.  Security Modelling and Analysis of Dynamic Enterprise Networks , 2016, 2016 IEEE International Conference on Computer and Information Technology (CIT).

[28]  R.N. Murty,et al.  CitySense: An Urban-Scale Wireless Sensor Network and Testbed , 2008, 2008 IEEE Conference on Technologies for Homeland Security.

[29]  Hwee Pink Tan,et al.  Sensor OpenFlow: Enabling Software-Defined Wireless Sensor Networks , 2012, IEEE Communications Letters.

[30]  Bruno Trevizan de Oliveira,et al.  TinySDN: Enabling Multiple Controllers for Software-Defined Wireless Sensor Networks , 2014, IEEE Latin America Transactions.

[31]  Mohamed Ibnkahla,et al.  Software-defined wireless network architectures for the Internet-of-Things , 2015, 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops).

[32]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[33]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.

[34]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[35]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.