IoT-NetSec: Policy-Based IoT Network Security Using OpenFlow

2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops) Pub Date : 2019-03-11 DOI:10.1109/PERCOMW.2019.8730724

Mehdi Nobakht, Craig Russell, Wen Hu, A. Seneviratne

{"title":"IoT-NetSec: Policy-Based IoT Network Security Using OpenFlow","authors":"Mehdi Nobakht, Craig Russell, Wen Hu, A. Seneviratne","doi":"10.1109/PERCOMW.2019.8730724","DOIUrl":null,"url":null,"abstract":"The increasingly widespread adoption of the Internet of Things (IoT) has resulted in concerns about IoT security. Recently, there have been proposals to leverage software-defined networking (SDN) to augment IoT device security with network-level measurements. We argue that existing general-purpose security solutions using SDN are impractical for supporting today's home and corporate networks due to the high volume and rates of network traffic, differences in characteristics of IoT systems and computer networks, and limited resources in underlying network switches. To this end we propose IoT-NetSec, a framework that enables policy-based and fine-grained traffic monitoring of the network segments that include only IoT devices. We describe a prototype implementation and its integration with an SDN controller. The prototype implementation and simulations with three network service attacks (port scanning, SYN DoS Flooding and smurf DDoS) demonstrate IoT-NetSec feasibility in a network of real IoT devices.","PeriodicalId":437017,"journal":{"name":"2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PERCOMW.2019.8730724","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

The increasingly widespread adoption of the Internet of Things (IoT) has resulted in concerns about IoT security. Recently, there have been proposals to leverage software-defined networking (SDN) to augment IoT device security with network-level measurements. We argue that existing general-purpose security solutions using SDN are impractical for supporting today's home and corporate networks due to the high volume and rates of network traffic, differences in characteristics of IoT systems and computer networks, and limited resources in underlying network switches. To this end we propose IoT-NetSec, a framework that enables policy-based and fine-grained traffic monitoring of the network segments that include only IoT devices. We describe a prototype implementation and its integration with an SDN controller. The prototype implementation and simulations with three network service attacks (port scanning, SYN DoS Flooding and smurf DDoS) demonstrate IoT-NetSec feasibility in a network of real IoT devices.

查看原文本刊更多论文

IoT- netsec:使用OpenFlow的基于策略的IoT网络安全

物联网(IoT)的日益广泛采用引发了对物联网安全的担忧。最近，有人建议利用软件定义网络(SDN)通过网络级测量来增强物联网设备的安全性。我们认为，由于网络流量的高容量和速率、物联网系统和计算机网络的特征差异以及底层网络交换机的资源有限，使用SDN的现有通用安全解决方案对于支持当今的家庭和企业网络是不切实际的。为此，我们提出了IoT- netsec，这是一个框架，可以对仅包含物联网设备的网段进行基于策略和细粒度的流量监控。我们描述了一个原型实现及其与SDN控制器的集成。通过三种网络服务攻击(端口扫描、SYN DoS泛洪和smurf DDoS)的原型实现和模拟，证明了IoT- netsec在真实物联网设备网络中的可行性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops)

自引率

0.00%

发文量