Shumian Yang,Lianhai Wang,Dawei Zhao,Xiaohui Han,Shuhui Zhang

DOI: https://doi.org/10.22323/1.300.0033

2018-01-01

Abstract:Software definition networking is a revolutionary network architecture, which realizes the separation of the control plane and data plane of a network. While providing the centralized controllability and the software programmability, the network itself is encountering many security problems. In order to solve the problem of security threats in SDN networks, there are different layers of unique security challenges and the relevant research on SDN security problems. This paper introduces the depth learning technology into the field of security threat detection in SDN, and propose a security threat detection framework based on depth learning.The framework is based on the research on model establishment, abnormal behavior recognition and decision algorithm design. The software system based on physical memory analysis is under development in SDN. The system verifies the feasibility of this framework, and to finally generate the work plan on SDN infrastructure.

Qiumei Cheng,Chunming Wu,Haifeng Zhou,Yuhang Zhang,Rui Wang,Wei Ruan

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2018.00149

2018-01-01

Abstract:Guarding the perimeter of cloud-based enterprise networks is a challenge due to massive traffic with dynamic nature. Current firewalls of enterprise networks in cloud are largely based on static security rule configuration or simple rule matching, which makes them inflexible, error-prone and poorly effective, bringing about severe security risks. In this paper, we propose an artificial intelligence-based software-defined networks firewall (AI-SDNF) for solving the above problems. Compared with existing SDN firewalls, AI-SDNF is able to extract and analyze the payload of data packets based on machine learning technologies rather than simply match with flow tables according to several header fields (e.g., source and destination IP/MAC addresses). Considering deciding whether a packet is benign or malicious is able to be formulated as a typical binary classification problem, we employ logistic regression for training an intelligent SDN firewall under supervised machine learning. We implement a prototype of AI-SDNF on the OpenDaylight controller and the OpenStack platform. Based on the prototype, we evaluate its performance and overheads with real dataset. The experimental results indicate that AI-SDNF achieves a relatively high detection accuracy of 96.79% with an average of 0.2ms latency.

Qiang Wu,Ran Wang,Xincheng Yan,Chunming Wu,Rongxing Lu

DOI: https://doi.org/10.1109/MWC.001.2100251

IF: 12.777

2022-01-01

IEEE Wireless Communications

Abstract:Opening-up sharing has prompted the multi-tenancy architecture, whereby different vendors (including outsourcees) work together with network operators to form a vibrant service ecosystem, resulting in several advantages as well as risks. In particular, the static nature of existing architectures in network functions virtualization-based (NFV-based) clouds facilitate hacking. Thus, much attention has been focused on determining how to avoid the uncontrollable cloud security induced by complex production relations and non-trustworthy software/hardware sources when the two sets of security risks intersect. In this article, we investigate latent persistent threats against cloud environments and determine a high degree of complementarity and consistency between the NFV-based cloud environment and the dynamic defense concept. More specifically, new NFV-based cloud features provide an effective implementation for dynamic defense, while the generalized robustness of dynamic defense theory allows for high security gains. Intrinsic cloud security (iCS) is then proposed to align NFV-based clouds, mimicking defense and the moving target defense (MTD) paradigm to implement a seamless integration and symbiosis evolution between security and NFV-based clouds. We quantify the impact on system overhead to account for efficiency and cost issues. The simulation analysis demonstrates that the enhanced mode is able to consistently obtain a more beneficial and stable defense compared with the counterparts.

Igor Ivkić,Dominik Thiede,Nicholas Race,Matthew Broadbent,Antonios Gouglidis

DOI: https://doi.org/10.1007/978-3-031-68165-3_4

2024-08-21

Abstract:Cloud computing has grown in importance in recent years which has led to a significant increase in Data Centre (DC) network requirements. A major driver of this change is virtualisation, which allows computing resources to be deployed on a large scale. However, traditional DCs, with their network topology and proliferation of network endpoints, are struggling to meet the flexible, centrally managed requirements of cloud computing applications. Software-Defined Networks (SDN) promise to offer a solution to these growing networking requirements by separating control functions from data routing. This shift adds more flexibility to networks but also introduces new security issues. This article presents a framework for evaluating security of SDN architectures. In addition, through an experimental study, we demonstrate how this framework can identify the threats and vulnerabilities, calculate their risks and severity, and provide the necessary measures to mitigate them. The proposed framework helps administrators to evaluate SDN security, address identified threats and meet network security requirements.

Cryptography and Security,Networking and Internet Architecture

Mirador G. Labrador,Abegail Bordios,Weiyan Hou

DOI: https://doi.org/10.11591/ijeecs.v24.i2.pp780-788

2021-11-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:The convergence of microelectronics and micromechanical system within a sensing device, the proliferation of wireless communication, and the use of software-driven equipment are already changing the landscape of the manufacturing industries. This situation compels the industries to adopt industrial internet of things (IIoT) systems and processes with the main objective-to improve the processes and increase production. However, it is undeniable that despite IIoT advantages, it posed significant issues on the security and privacy on industry automation especially along data generation and control system. Hence, this paper proposes a cloud based 3-tier data security framework that performs two-level security verification processes. The framework has been tested and validated using an experimental industry automation system and has been found to be functionally effective with an acceptable handoff delay.

Hezam Akram Abdulghani,Anastasija Collen,Niels Alexander Nijdam

DOI: https://doi.org/10.3390/s23084174

2023-04-21

Abstract:Internet of Things (IoT) faces security concerns different from existing challenges in conventional information systems connected through the Internet because of their limited resources and heterogeneous network setups. This work proposes a novel framework for securing IoT objects, the key objective of which is to assign different Security Level Certificates (SLC) for IoT objects according to their hardware capabilities and protection measures implemented. Objects with SLCs, therefore, will be able to communicate with each other or with the Internet in a secure manner. The proposed framework is composed of five phases, namely: classification, mitigation guidelines, SLC assignment, communication plan, and legacy integration. The groundwork relies on the identification of a set of security attributes, termed security goals. By performing an analysis on common IoT attacks, we identify which of these security goals are violated for specific types of IoT. The feasibility and application of the proposed framework is illustrated at each phase using the smart home as a case study. We also provide qualitative arguments to demonstrate how the deployment of our framework solves IoT specific security challenges.

Wajid Rafique,Maqbool Khan,Nadeem Sarwar,Wanchun Dou

DOI: https://doi.org/10.1007/978-3-030-30146-0_6

2019-01-01

Abstract:Managing the huge IoT infrastructure poses a vital challenge to the network community. Software Defined Networking (SDN), due to its characteristics of centralized network management has been considered as an optimal choice to manage IoT. Edge computing brings cloud recourses near the IoT to localize the cloud demands. Consequently, SDN, IoT, and edge computing can be combined into a framework to create a resourceful SDIoT-Edge architecture to efficiently orchestrate cloud services and utilize resource-limited IoT devices in a flexible way. Besides a wide adoption of IoT, the vulnerabilities present in this less secure infrastructure can be exploited by the adversaries to attack the OpenFlow channel using Distributed Denial of Service (DDoS) attacks. DDoS on OpenFlow channel have the ability to disrupt the whole network hence, providing security for the OpenFlow channel is a key challenge in SDIoT-Edge. We propose a security framework called SDIoT-Edge Security (SIESec) against the security vulnerabilities present in this architecture. SIESec prototype employs machine learning-based classification strategy, blacklist integration, and contextual network flow filtering to efficiently defend against the DDoS attacks. We perform extensive simulations using Floodlight controller and Mininet network emulator. Our results proclaim that SIESec provides extensive security against OpenFlow channel DDoS attacks and pose a very less overhead on the network.

Xuanyu Duan,Mengmeng Ge,Triet Huynh Minh Le,Faheem Ullah,Shang Gao,Xuequan Lu,M. Ali Babar

DOI: https://doi.org/10.1109/prdc53464.2021.00016

2021-12-01

Abstract:Internet of Things (IoT) based applications face an increasing number of potential security risks, which need to be systematically assessed and addressed. Expert-based manual assessment of IoT security is a predominant approach, which is usually inefficient. To address this problem, we propose an automated security assessment framework for IoT networks. Our framework first leverages machine learning and natural language processing to analyze vulnerability descriptions for predicting vulnerability metrics. The predicted metrics are then input into a two-layered graphical security model, which consists of an attack graph at the upper layer to present the network connectivity and an attack tree for each node in the network at the bottom layer to depict the vulnerability information. This security model automatically assesses the security of the IoT network by capturing potential attack paths. We evaluate the viability of our approach using a proof-of-concept smart building system model which contains a variety of real-world IoT devices and poten-tial vulnerabilities. Our evaluation of the proposed framework demonstrates its effectiveness in terms of automatically predicting the vulnerability metrics of new vulnerabilities with more than 90% accuracy, on average, and identifying the most vulnerable attack paths within an IoT network. The produced assessment results can serve as a guideline for cybersecurity professionals to take further actions and mitigate risks in a timely manner.

Xiaoliang Wang,Ke Xu,Wenlong Chen,Qi Li,Meng Shen,Bo Wu

DOI: https://doi.org/10.1109/mnet.011.1900380

IF: 10.294

2020-01-01

IEEE Network

Abstract:The rapid development of the Internet of Things (IoT) has made impressive achievements, raising a heated discussion about IoT big data, in which data security and privacy issues are key concerns. Due to the ubiquity of IoT, IoT big data has not only brought convenience to people's daily lives, but also increased the potential attack surfaces for cybercriminals. At the same time, considering the characteristics of resource constraints and heterogeneity, with traditional network security solutions it can be difficult to achieve ideal results in the IoT environment, which further exacerbates the challenges faced by IoT big data security. In this case, the advantages introduced by software defined networking (SDN) have the potential to meet the challenges of IoT security risks. To this aim, we propose an ID-based SDN secure network architecture called IBSDN. Different from the traditional SDN solution, IBSDN is committed to providing IoT with endogenous trusted services on the network side by embedding unforgeable terminal identities in the data stream. This network-level trusted service can prevent IoT terminals from consuming restricted resources for the sake of security, providing greater scalability and manageability for network security monitoring.

Xiang Li,Xin Jin,Qixu Wang,Mingsheng Cao,Xingshu Chen

DOI: https://doi.org/10.1155/2018/3078272

2018-01-01

Wireless Communications and Mobile Computing

Abstract:The Internet of Things (IoT) offers a wide variety of benefits to our daily lives in many ways, ranging from smart wearable devices to industrial systems. However, it also brings well-known security and compliance concerns, especially in the physical layer. In addition, due to numerous IoT architectures which have been developed and deployed based on the cloud, the security and compliance of IoT depend on the cloud thoroughly. In this paper, a secure and compliant continuous assessment framework (SCCAF) is proposed to evaluate the security and compliance levels of cloud services in life-cycle. The SCCAF facilitates cloud service to customers to select an optimal cloud service provider (CSP) which satisfies their desired security requirements. Moreover, it also enables cloud service customers to evaluate the compliance of the selected CSP in the process of using cloud services. To evaluate the performance and availability of SCCAF, we carry out a series of experiments with case study and real-world scenario datasets. Experimental results show that SCCAF can assess the security and compliance of CSPs efficiently and effectively.

Shalli Rani,Himanshi Babbar,Gautam Srivastava,Thippa Reddy Gadekallu,Gaurav Dhiman

DOI: https://doi.org/10.1109/jiot.2022.3223576

IF: 10.6

2023-03-25

IEEE Internet of Things Journal

Abstract:Presently, trillions of Internet of Things (IoT) devices are in use, with many more projected to join IoT networks in the future. These IoT devices create a massive volume of data, which cannot be transmitted over the network without proper security and privacy. Furthermore, as the amount of information and variety of interconnected devices grows, problems, including excessive response time, bandwidth constraints, and scalability, emerge in proper network design. To solve the constraints of today's smart cities for next-generation networks, an effective, secure, and scalable distributed framework must be designed bringing computing and storage resources nearer to endpoints. In this article, combining the strengths of software-defined networks (SDNs) and blockchain technology, an innovative adaptable network infrastructure for smart cities is developed. The network is divided into different domains in which SDN will detect potential attacks and transmit the secured data to the blockchain. Our in-depth experimental analysis on performance evaluation show that the proposed framework achieves 12.75% improvement over baseline methodologies.

computer science, information systems,telecommunications,engineering, electrical & electronic

Behrouz Zolfaghari,Abbas Yazdinejad,Ali Dehghantanha,Jacob Krzciok,Khodakhast Bibak

DOI: https://doi.org/10.48550/arXiv.2207.01590

2022-10-25

Abstract:In recent years, the existence of a significant cross-impact between Cloud computing and Internet of Things (IoT) has lead to a dichotomy that gives raise to Cloud-Assisted IoT (CAIoT) and IoT-Based Cloud (IoTBC). Although it is pertinent to study both technologies, this paper focuses on CAIoT, and especially its security issues, which are inherited from both Cloud computing and IoT. This study starts with reviewing existing relevant surveys, noting their shortcomings, which motivate a comprehensive survey in this area. We proceed to highlight existing approaches towards the design of Secure CAIoT (SCAIoT) along with related security challenges and controls. We develop a layered architecture for SCAIoT. Furthermore, we take a look at what the future may hold for SCAIoT with a focus on the role of Artificial Intelligence(AI).

Cryptography and Security

Abdullah Al Hayajneh,Zakirul Alam Bhuiyan,Ian McAndrew,Md Zakirul Alam Bhuiyan

DOI: https://doi.org/10.3390/computers9010008

2020-02-07

Computers

Abstract:There has been an increase in the usage of Internet of Things (IoT), which has recently become a rising area of interest as it is being extensively used for numerous applications and devices such as wireless sensors, medical devices, sensitive home sensors, and other related IoT devices. Due to the demand to rapidly release new IoT products in the market, security aspects are often overlooked as it takes time to investigate all the possible vulnerabilities. Since IoT devices are internet-based and include sensitive and confidential information, security concerns have been raised and several researchers are exploring methods to improve the security among these types of devices. Software defined networking (SDN) is a promising computer network technology which introduces a central program named ‘SDN Controller’ that allows overall control of the network. Hence, using SDN is an obvious solution to improve IoT networking performance and overcome shortcomings that currently exist. In this paper, we (i) present a system model to effectively use SDN with IoT networks; (ii) present a solution for mitigating man-in-the-middle attacks against IoT that can only use HTTP, which is a critical attack that is hard to defend; and (iii) implement the proposed system model using Raspberry Pi, Kodi Media Center, and Openflow Protocol. Our system implementation and evaluations show that the proposed technique is more resilient to cyber-attacks.

Jiawei Zhang,Teng Li,Zuobin Ying,Jianfeng Ma

DOI: https://doi.org/10.1109/tcc.2022.3147226

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Cloud-Fog-Assisted Internet-of-Things (IoT) is a convincing paradigm to provide users with on-demand and low-latency services through Fog nodes in the edge of multiple clouds (Multi-Cloud). Multi-Cloud is a scalable multi-domain service-oriented net-centric system and can respond to complicated user requirements leveraging Multi-Cloud Service Composition (MCSC). However, in MCSC, user security can be easily compromised by untrusted and curious cloud service providers that may collect and violate the privacy and other essential assets of cloud users. Although many trust-based MCSC solutions have been proposed to seek a trustworthy composite service with highest trust level, most of them are vulnerable to malicious users intending to break through the clouds and inflict serious data leakage or asset damage. Considering these security concerns on both malicious users and untrusted service providers, in this article, we present a trust-based secure multi-cloud collaboration framework for Cloud-Fog-Assisted IoT systems. Specifically, to guarantee the security of users, we develop a role-based trust evaluation method to enhance the trustworthiness of MCSC. To preserve the security of services, we design an efficient user authentication scheme and a secure collaboration scheme to provide collaborative user authentication and access control mechanism for MCSC. We develop a proof of concept implementation for our framework and demonstrate its practicability by performance evaluation with extensive experiments.

computer science, information systems, theory & methods

N Bhagyasree,Nischal M R,Pavan Kumar,K Surendra

DOI: https://doi.org/10.48175/ijarsct-2863

2022-03-19

Abstract:The IoT connects many of the home appliances in the world, from intelligent thermostats to intelligent vehicles. By the end of 2015, we had 9 billion connected stuff. The Gartner forecast shows that the number of devices in the network will exceed 50 billion by 2020. Most of the connected devices in the existing network are based on obsolete security infrastructure and encryption, while many do not have provisions for remote updating of these devices. Taking into account the number of IoT devices, from off-shelf motion monitoring to machine tools, it is not possible to check which functions end up with any specific service or product. In short, this is the problem: you can't trust the integrity of the security of the device and determine exactly where the data is processed and stored. The SDN architecture is designed to increase the routing and networking performance of the existing networks by isolating the control plane from the data plane. The basic concept of Software Defined Networking can be applied to IoT Multi networks; however, the standard SDN implementations for wired networks are not directly suitable for distributed and ad-hoc mesh networks, which are common in IoT systems. However, the SDN architecture changes the pattern of communication of the IoT network, leading to a new approach to the manifestation of the Securities IoT network. Centralized data layer control and control layer not only simplifies data package management, but also increases safety. As mentioned above, the amount of data that flows into these systems is significant. Proper management of traffic and load balancing will help to simplify the data flow in some ways. The total system's power consumption may be reduced by the central station, which requires less power than the distributed control. To sum up, introducing SDN into IoT will help IoT and stimulate IoT in people's regular lives.

Xin Huang,Paul Craig,Hangyu Lin,Zheng Yan

DOI: https://doi.org/10.1002/sec.1259

IF: 1.968

2015-05-11

Security and Communication Networks

Abstract:The 5th generation wireless system (5G) will support Internet of Things (IoT) by increasing the interconnectivity of electronic devices to support a variety of new and promising networked applications such as the home of the future, environmental monitoring networks, and infrastructure management systems. The potential benefits of the IoT are as profound as they are diverse. However, the benefits of the IoT come with some significant challenges. Not the least of these is that the increased interconnectivity integral to an IoT network increases its vulnerability to malevolent attacks. There is still no proven methodology for the design of security frameworks with device authentication and access control. This paper attempts to address this problem through the development of a prototype security framework with robust and transparent security protection. This includes an investigation into the security requirements of three different characteristic IoT scenarios (concretely, body IoT, home IoT, and hotel IoT), a design of new authentication mechanisms, and an access control subsystem with fine‐grained roles and risk indicators. Our prototype security framework gives us an insight into some of the major difficulties of IoT security as well as providing some feasible solutions. Copyright © 2015 John Wiley & Sons, Ltd. This paper includes an investigation into the security requirements of three different characteristic Internet of Things (IoT) scenarios (concretely, body IoT, home IoT, and hotel IoT), a design of new authentication mechanisms, and an access control subsystem with fine‐grained roles and risk indicators. Our prototype security framework gives us an insight into some of the major difficulties of IoT security and provides some feasible solutions.

computer science, information systems,telecommunications

Xiruo Liu,Meiyuan Zhao,Sugang Li,Feixiong Zhang,Wade Trappe

DOI: https://doi.org/10.3390/fi9030027

2017-06-28

Future Internet

Abstract:The Internet of Things (IoT) is a recent trend that extends the boundary of the Internet to include a wide variety of computing devices. Connecting many stand-alone IoT systems through the Internet introduces many challenges, with security being front-and-center since much of the collected information will be exposed to a wide and often unknown audience. Unfortunately, due to the intrinsic capability limits of low-end IoT devices, which account for a majority of the IoT end hosts, many traditional security methods cannot be applied to secure IoT systems, which open a door for attacks and exploits directed both against IoT services and the broader Internet. This paper addresses this issue by introducing a unified IoT framework based on the MobilityFirst future Internet architecture that explicitly focuses on supporting security for the IoT. Our design integrates local IoT systems into the global Internet without losing usability, interoperability and security protection. Specifically, we introduced an IoT middleware layer that connects heterogeneous hardware in local IoT systems to the global MobilityFirst network. We propose an IoT name resolution service (IoT-NRS) as a core component of the middleware layer, and develop a lightweight keying protocol that establishes trust between an IoT device and the IoT-NRS.

Victor Chang,Yen-Hung Kuo,Muthu Ramachandran

DOI: https://doi.org/10.1016/j.future.2015.09.031

IF: 7.307

2016-04-01

Future Generation Computer Systems

Abstract:This article presents a cloud computing adoption framework (CCAF) security suitable for business clouds. CCAF multilayered security is based on the development and integration of three major security technologies: firewall, identity management, and encryption based on the development of enterprise file sync and share technologies. This article presents the vision, related works, and views on security framework. Core technologies have been explained in detail, and experiments were designed to demonstrate the robustness of the CCAF multilayered security. In penetration testing, CCAF multilayered security could detect and block 99.95% viruses and trojans, and could achieve ≥85% of blocking for 100 h of continuous attack. Detection and blocking took <0.012s/trojan or virus. A full CCAF multilayered security protection could block all SQL (structured query language) injection, providing real protection to data. CCAF multilayered security did not report any false alarm. All F-measures for CCAF test results were ≥99.75%. The mechanism of blending of CCAF multilayered security with policy, real services, and business activities has been illustrated. Research contributions have been justified and CCAF multilayered security can be beneficial for volume, velocity, and veracity of big data services operated in the cloud.

Hsiao-Ling Wu,Chin-Chen Chang,Yao-Zhu Zheng,Long-Sheng Chen,Chih-Cheng Chen

DOI: https://doi.org/10.3390/s20195604

IF: 3.9

2020-09-30

Sensors

Abstract:The Internet of Things (IoT) is currently the most popular field in communication and information techniques. However, designing a secure and reliable authentication scheme for IoT-based architectures is still a challenge. In 2019, Zhou et al. showed that schemes pro-posed by Amin et al. and Maitra et al. are vulnerable to off-line guessing attacks, user tracking attacks, etc. On this basis, a lightweight authentication scheme based on IoT is proposed, and an authentication scheme based on IoT is proposed, which can resist various types of attacks and realize key security features such as user audit, mutual authentication, and session security. However, we found weaknesses in the scheme upon evaluation. Hence, we proposed an enhanced scheme based on their mechanism, thus achieving the security requirements and resisting well-known attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xian Guo,Hongbo Xian,Tao Feng,Yongbo Jiang,Di Zhang,Junli Fang

DOI: https://doi.org/10.7717/peerj-cs.1674

2023-11-17

Abstract:Software-defined networking (SDN) faces many of the same security threats as traditional networks. The separation of the SDN control plane and data plane makes the controller more vulnerable to cyber attacks. The conventional "perimeter defense" network security model cannot prevent lateral movement attacks caused by malicious insider users or hardware and software vulnerabilities. The "zero trust architecture" has become a new security network model to protect enterprise network security. In this article, we propose an intelligent zero-trust security framework IZTSDN for the software-defined networking by integrating deep learning and zero-trust architecture, which adopts zero-trust architecture to protect every resource and network connection in the network. IZTSDN uses a traffic anomaly detection mode CALSeq2Seql based on a deep learning algorithm to analyze users' network behavior in real-time and achieve continuous tracking and analysis of users, restrict malicious users from accessing network resources, and realize the dynamic authorization process. Finally, the Mininet simulation platform is extended to build the simulation platform MiniIZTA supporting zero-trust architecture and the proposed security framework IZTSDN is experimentally analyzed. The experimental results show that the IZTSDN security framework can provide about 80.5% of throughput when the network is attacked. The accuracy of abnormal traffic detection reaches 99.56% on the SDN dataset, which verifies that the reliability and availability of the IZTSDN security framework are verified.