Xinbin Zuo,Xue Pang,Pengping Zhang,Junsan Zhang,Tao Dong,Peiying Zhang

DOI: https://doi.org/10.1109/comcomap51192.2020.9398887

2020-01-01

Abstract:With the improvement of people’s living standards, more and more network users access the network, including a large number of infrastructure, these devices constitute the Internet of things(IoT). With the rapid expansion of devices in the IoT, the data transmission between the IoT has become more complex, and the security issues are facing greater challenges. SDN as a mature network architecture, its security has been affirmed by the industry, it separates the data layer from the control layer, thus greatly improving the security of the network. In this paper, we apply the SDN to the IoT, and propose a IoT network architecture based on SDN. In this architecture, we not only make use of the security features of SDN, but also deploy different security modules in each layer of SDN to integrate, analyze and plan various data through the IoT, which undoubtedly improves the security performance of the network. In the end, we give a comprehensive introduction to the system and verify its performance.

Qiumei Cheng,Chunming Wu,Haifeng Zhou,Yuhang Zhang,Rui Wang,Wei Ruan

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2018.00149

2018-01-01

Abstract:Guarding the perimeter of cloud-based enterprise networks is a challenge due to massive traffic with dynamic nature. Current firewalls of enterprise networks in cloud are largely based on static security rule configuration or simple rule matching, which makes them inflexible, error-prone and poorly effective, bringing about severe security risks. In this paper, we propose an artificial intelligence-based software-defined networks firewall (AI-SDNF) for solving the above problems. Compared with existing SDN firewalls, AI-SDNF is able to extract and analyze the payload of data packets based on machine learning technologies rather than simply match with flow tables according to several header fields (e.g., source and destination IP/MAC addresses). Considering deciding whether a packet is benign or malicious is able to be formulated as a typical binary classification problem, we employ logistic regression for training an intelligent SDN firewall under supervised machine learning. We implement a prototype of AI-SDNF on the OpenDaylight controller and the OpenStack platform. Based on the prototype, we evaluate its performance and overheads with real dataset. The experimental results indicate that AI-SDNF achieves a relatively high detection accuracy of 96.79% with an average of 0.2ms latency.

N Bhagyasree,Nischal M R,Pavan Kumar,K Surendra

DOI: https://doi.org/10.48175/ijarsct-2863

2022-03-19

Abstract:The IoT connects many of the home appliances in the world, from intelligent thermostats to intelligent vehicles. By the end of 2015, we had 9 billion connected stuff. The Gartner forecast shows that the number of devices in the network will exceed 50 billion by 2020. Most of the connected devices in the existing network are based on obsolete security infrastructure and encryption, while many do not have provisions for remote updating of these devices. Taking into account the number of IoT devices, from off-shelf motion monitoring to machine tools, it is not possible to check which functions end up with any specific service or product. In short, this is the problem: you can't trust the integrity of the security of the device and determine exactly where the data is processed and stored. The SDN architecture is designed to increase the routing and networking performance of the existing networks by isolating the control plane from the data plane. The basic concept of Software Defined Networking can be applied to IoT Multi networks; however, the standard SDN implementations for wired networks are not directly suitable for distributed and ad-hoc mesh networks, which are common in IoT systems. However, the SDN architecture changes the pattern of communication of the IoT network, leading to a new approach to the manifestation of the Securities IoT network. Centralized data layer control and control layer not only simplifies data package management, but also increases safety. As mentioned above, the amount of data that flows into these systems is significant. Proper management of traffic and load balancing will help to simplify the data flow in some ways. The total system's power consumption may be reduced by the central station, which requires less power than the distributed control. To sum up, introducing SDN into IoT will help IoT and stimulate IoT in people's regular lives.

Abdullah Al Hayajneh,Zakirul Alam Bhuiyan,Ian McAndrew,Md Zakirul Alam Bhuiyan

DOI: https://doi.org/10.3390/computers9010008

2020-02-07

Computers

Abstract:There has been an increase in the usage of Internet of Things (IoT), which has recently become a rising area of interest as it is being extensively used for numerous applications and devices such as wireless sensors, medical devices, sensitive home sensors, and other related IoT devices. Due to the demand to rapidly release new IoT products in the market, security aspects are often overlooked as it takes time to investigate all the possible vulnerabilities. Since IoT devices are internet-based and include sensitive and confidential information, security concerns have been raised and several researchers are exploring methods to improve the security among these types of devices. Software defined networking (SDN) is a promising computer network technology which introduces a central program named ‘SDN Controller’ that allows overall control of the network. Hence, using SDN is an obvious solution to improve IoT networking performance and overcome shortcomings that currently exist. In this paper, we (i) present a system model to effectively use SDN with IoT networks; (ii) present a solution for mitigating man-in-the-middle attacks against IoT that can only use HTTP, which is a critical attack that is hard to defend; and (iii) implement the proposed system model using Raspberry Pi, Kodi Media Center, and Openflow Protocol. Our system implementation and evaluations show that the proposed technique is more resilient to cyber-attacks.

Lei Liu,Wei Feng,Chen,Yuru Zhang,Dapeng Lan,Xiaoming Yuan,Sahil Vashisht

DOI: https://doi.org/10.1109/infocomwkshps50562.2020.9163070

2020-01-01

Abstract:Software Defined Networking (SDN) is a promising platform to secure and manage large-scale Internet of Things (IoT) due to its separated control and data plane functionality as well as programmability in the network. The original design of SDN faces single point of failure, and therefore several decentralized SDN architectures for IoT were proposed. However, practical SDN may be deployed by various networking operators, which incurs the conflict between data security of different networking operators and cooperative network management among them. Existing schemes cannot well support the cooperative network management among multiple controllers and meanwhile guarantee data security. To tackle this problem, we propose a blockchain based SDN framework for IoT called BS-IoT. BS-IoT introduces blockchain into SDN to support secure and cooperative network management. Besides, we leverage blockchain sharding for better efficiency and improve it with secure multi-party computation (SMPC) to make it suitable for decentralized SDN management with data security. The security analysis illustrate the security and effectiveness of our scheme.

Seema Begum,Nianmin Yao,Syed Bilal Hussain Shah,Thompson Stephan,Xingwang Li

DOI: https://doi.org/10.1504/ijahuc.2021.119099

2021-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:The massive spike in security threats is one of the greatest security problems facing the internet of things (IoT). Many IoT gadgets do not have any protection features, and even the ones they have are mostly primitive and can thus easily be subject to attacks. Compromising one or more infrastructure components will theoretically lead to the vulnerability of the IoT network's entire infrastructure. The software defined networking (SDN) poses many possibilities in this sense and offers the ability to address those difficulties. In this paper, the proposed solution may not resolve all the challenges; however, it overcomes a particular challenge concerning software defined networking (SDN) without any modification to the present network architecture. The proposed secure solution allows SDN to work as an integrated and programmable controller for smart cities. According to various studies, IoT and SDN's integration allows unlocking several routes that provide security and making smart cities a reality with SDN. The SDN-based IoT network is studied in this paper, and it further proposes an effective IoT-based security system with the help of SDN-IoT design.

Zhiyong Zhang,Rui Wang,Xiaojun Cai,Zhiping Jia

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2018.00162

2018-01-01

Abstract:The exponential growth of devices connected to the network has resulted in the development of new IoT applications and services. A large number of IoT devices are application-specific which makes the network difficult to manage and change. The Software Defined Networking (SDN) paradigm brings a new perspective of solving the network rigidity issue. By introducing the OpenFlow protocol to the IoT network, the routing decisions can be translated into matching rules and actions in a programmable way, thus simplifying the network configuration and management. However, different from the wired domain, which uses a separate dedicated network for OpenFlow channel, the IoT devices have to communicate with the Controller in a multi-hop way. Since some IoT nodes are unstable due to the limited energy, environment or other factors, the multi-hop way results in an unstable control channel, which degrades the network performance. To address this problem, in this paper, we present a practical SDN-based network architecture for Internet of things. We propose an Optimal Control Channel (OCC) policy to select minimum number of nodes to establish a stable OpenFlow channel to reduce the performance loss caused by unstable IoT nodes. OCC establishes a stable control channel to bridge the IoT nodes and the Controller. Meanwhile, OCC is responsible for the control messages aggregation to further decrease the SDN-inherent control overheads. The experimental results show our architecture outperforms the original SDN-based scheme in terms of control overheads.

Tong Xu,Deyun Gao,Ping Dong,Hongke Zhang,Chuan Heng Foh,Han-Chieh Chao

DOI: https://doi.org/10.1109/access.2017.2666270

IF: 3.9

2017-01-01

IEEE Access

Abstract:Recently, the Internet of Things (IoT) is attracting significant attention from both academia and industry. To connect the huge amount of IoT devices effectively, software-defined networking (SDN) is considered as a promising way because of its centralized network management and programmable routing logic. However, due to the limited resources in both the data plane and the control plane, SDN is vulnerable to the new-flow attack, which can disable the SDN-based IoT by exhausting the switches or the controller. Therefore, in this paper, we propose a smart security mechanism (SSM) to defend against the new-flow attack. The SSM uses the standard southbound and northbound interfaces of SDN, and it includes a low-cost method that monitors the new-flow attack by reusing the asynchronous messages on the control link. The monitor method can differentiate the new-flow attack from the normal flow burst by checking the hit rate of the flow entries. Based on the monitoring result, the SSM uses a dynamic access control method to mitigate the new-flow attack by perceiving the behavior of the security middleware in the IoT. The dynamic access control method can intercept the attack flows at their access switch. Extensive simulations and testbed-based experiments are conducted and the corresponding results verify the feasibility of our claims.

Wajid Rafique,Maqbool Khan,Nadeem Sarwar,Wanchun Dou

DOI: https://doi.org/10.1007/978-3-030-30146-0_6

2019-01-01

Abstract:Managing the huge IoT infrastructure poses a vital challenge to the network community. Software Defined Networking (SDN), due to its characteristics of centralized network management has been considered as an optimal choice to manage IoT. Edge computing brings cloud recourses near the IoT to localize the cloud demands. Consequently, SDN, IoT, and edge computing can be combined into a framework to create a resourceful SDIoT-Edge architecture to efficiently orchestrate cloud services and utilize resource-limited IoT devices in a flexible way. Besides a wide adoption of IoT, the vulnerabilities present in this less secure infrastructure can be exploited by the adversaries to attack the OpenFlow channel using Distributed Denial of Service (DDoS) attacks. DDoS on OpenFlow channel have the ability to disrupt the whole network hence, providing security for the OpenFlow channel is a key challenge in SDIoT-Edge. We propose a security framework called SDIoT-Edge Security (SIESec) against the security vulnerabilities present in this architecture. SIESec prototype employs machine learning-based classification strategy, blacklist integration, and contextual network flow filtering to efficiently defend against the DDoS attacks. We perform extensive simulations using Floodlight controller and Mininet network emulator. Our results proclaim that SIESec provides extensive security against OpenFlow channel DDoS attacks and pose a very less overhead on the network.

Garegin Grigoryan,Yaoqing Liu,Laurent Njilla,Charles Kamhoua,Kevin Kwiat

DOI: https://doi.org/10.1109/ICC.2018.8423017

2018-06-06

Abstract:Internet of Things (IoT) is becoming an increasingly attractive target for cybercriminals. We observe that many attacks to IoTs are launched in a collusive way, such as brute-force hacking usernames and passwords, to target at a particular victim. However, most of the time our defending mechanisms to such kind of attacks are carried out individually and independently, which leads to ineffective and weak defense. To this end, we propose to leverage Software Defined Networks (SDN) to enable cooperative security for legacy IP-based IoT devices. SDN decouples control plane and data plane, and can help bridge the knowledge divided between the application and network layers. In this paper, we discuss the IoT security problems and challenges, and present an SDN-based architecture to enable IoT security in a cooperative manner. Furthermore, we implemented a platform that can quickly share the attacking information with peer controllers and block the attacks. We carried out our experiments in both virtual and physical SDN environments with OpenFlow switches. Our evaluation results show that both environments can scale well to handle attacks, but hardware implementation is much more efficient than a virtual one.

Networking and Internet Architecture

Shalli Rani,Himanshi Babbar,Gautam Srivastava,Thippa Reddy Gadekallu,Gaurav Dhiman

DOI: https://doi.org/10.1109/jiot.2022.3223576

IF: 10.6

2023-03-25

IEEE Internet of Things Journal

Abstract:Presently, trillions of Internet of Things (IoT) devices are in use, with many more projected to join IoT networks in the future. These IoT devices create a massive volume of data, which cannot be transmitted over the network without proper security and privacy. Furthermore, as the amount of information and variety of interconnected devices grows, problems, including excessive response time, bandwidth constraints, and scalability, emerge in proper network design. To solve the constraints of today's smart cities for next-generation networks, an effective, secure, and scalable distributed framework must be designed bringing computing and storage resources nearer to endpoints. In this article, combining the strengths of software-defined networks (SDNs) and blockchain technology, an innovative adaptable network infrastructure for smart cities is developed. The network is divided into different domains in which SDN will detect potential attacks and transmit the secured data to the blockchain. Our in-depth experimental analysis on performance evaluation show that the proposed framework achieves 12.75% improvement over baseline methodologies.

computer science, information systems,telecommunications,engineering, electrical & electronic

Abdelouadoud Stambouli,Luigi Logrippo

DOI: https://doi.org/10.3390/jcp4030023

2024-07-20

Journal of Cybersecurity and Privacy

Abstract:Data security on the Internet of Things (IoT) is usually implemented through encryption. This paper presents a solution based on routing, in which data are forwarded only to entities that are intended to receive them according to security requirements of secrecy (also called confidentiality), integrity, and conflicts. Our solution is generic in the sense that it can be used in any network, together with encryption as appropriate. We use the fact that, in any network, security requirements generate a partial order of equivalence classes of entities, and each entity can be labeled according to the position of its equivalence class in the partial order. Routing tables among entities can be compiled using the labels. The method is demonstrated in this paper for software-defined networking (SDN) routers and controllers. We propose a centralized IoT architecture with a cloud structure using SDN as networking infrastructure, where storage entities (i.e., cloud servers) are associated with application entities. A small ‘hospital’ example is shown for illustration. Procedures for network reconfigurations are presented. We also demonstrate the method for the normal case where different partial orders, representing distinct but concurrent security requirements, coexist among a set of entities. The method proposed does not impose an overhead on the normal functioning of SDN networks since it requires calculations only when the network must be reconfigured because of administrative intervention or policies. These occasional updates can be done efficiently and offline.

computer science, information systems, interdisciplinary applications, software engineering

Bin Yuan,Chen Lin,Huan Zhao,Deqing Zou,Laurence Tianruo Yang,Hai Jin,Chunming Rong

DOI: https://doi.org/10.1109/jiot.2020.2993587

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) has become a critical infrastructure in smart city services. Unlike traditional network nodes, most of the current IoT devices are constrained with limited capabilities. Moreover, frequent changes in the network status (e.g., nodes turns into the sleep mode to save battery) make it even more difficult to set up a stable, secure transmission among smart city IoT devices. On the one hand, these weaknesses make the IoT more vulnerable to attacks, such as data eavesdropping, which can monitor, tamper, and obtain the transporting data. On the other hand, the high-confidence smart city service strongly relies on the security of data transporting among the IoT devices, e.g., data being tempered would reduce the reliability of smart city services and data being monitored or stolen would infringe the privacy of smart city services. Toward high-confidence smart city IoT services, we proposed an approach to secure the data transportation among the smart city IoT devices, which combines a k-n secret-sharing mechanism and software-defined networking (SDN) technique to securely transport IoT data. Specifically, the data are transported by multiple routes calculated by the SDN controller adaptively. Data safety is guaranteed by the all-or-nothing feature of the k-n secret-sharing mechanism. Two SDN-based transmission strategies, which leverage the SDN's advantages on network management, and scheduling, are applied to overcome the challenges of the unstable network state in IoT. Extensive experiments conducted from many aspects show that the proposed approach can remarkably reduce the attack success rate with reasonable and acceptable overhead.

Mahmood A. Al-Shareeda,Abeer Abdullah Alsadhan,Hamzah H. Qasim,Selvakumar Manickam

DOI: https://doi.org/10.11591/eei.v13i1.6386

2024-02-01

Bulletin of Electrical Engineering and Informatics

Abstract:Security networks as one of the biggest issue for network managers with the exponential growth of devices connected to the internet. Keeping a big and diverse network running smoothly and securely is no easy feat. With this in mind, emerging technologies like software defined networking (SDN) and internet of things (IoT) hold considerable promise for information service innovation in the cloud and big data era. Therefore, this paper describes the model of SDN and the architecture of IoT. Then this review does not only review the research studies in SDN-IoT but also provides an explanation of the SDN-IoT solution in terms of architecture, main consideration, model, and the implementation of SDN controllers for IoT. Finally, this review discusses the challenges and future directions. This paper can be used as a starting point for thinking about how to improve SDN-IoT security and privacy.

Qiang Li,Hao Zhu,Xiang-Yang Li,Haohua Du,Xing Guo,Yanyong Zhang

DOI: https://doi.org/10.1109/bigcom53800.2021.00013

2021-01-01

Abstract:Recently, the frequent occurrence of security issues in the Internet of Things (IoT) systems has become serious concerns. In this article, we propose an identifier-based IoT security architecture IIAS that is well suited for resource-constrained IoT nodes. The architecture involves five layers: the sensing layer, the network layer, the storage layer, the computing layer, the service layer. Firstly, at the sensing layer, we propose automatic IoT device discovery and identification. Secondly, at the network layer, we propose an interconnection and interoperability security system. Thirdly, at the storage layer and computing layer, we provide secure data storage and access. Finally, at the data service layer, we propose secure smart service and cross domain service. Our proposed IoT security architecture with excellent compatibility and scalability is green and aware of the heterogeneous resource constraints of the devices, smart and able to adapt to diverse IoT application demands, as well as open and able to support a wide range of applications.

Tao Li,Christoph Hofmann,Elke Franz

DOI: https://doi.org/10.1109/lcn48667.2020.9314854

2020-01-01

Abstract:Software Defined Networking (SDN) is established as a widely used concept in networks and has been introduced into the network architecture of Industrial Internet of Things (IIoT). Adversaries targeting on disrupting the operation of an IIoT system can launch a simple yet effective attack - malicious packet-modification attack (MPA) - that was previously identified in IoT based on wireless sensor networks. To mitigate MPAs, we introduce an approach for secure and reliable data transmission in the presence of such active attackers by utilizing the programmability and flexibility offered by SDN. Our approach ensures that modifications are recognized by IIoT devices. The effectiveness and performance of the proposed solution was evaluated in comprehensive tests by means of a prototypical implementation. The results confirm that malicious forwarding devices can be reliably and quickly identified and, hence, bypassed even if they modify only a portion of the data.

Kunkun Rui,Hongzhi Pan,Sheng Shu

DOI: https://doi.org/10.1038/s41598-023-44764-6

2023-10-21

Abstract:Routing and security are the two main prerequisites for ensuring the correct operation of wireless networks. The importance of these cases doubles in wide networks such as IoT. This paper presents an algorithm to improve Secure Routing in IoT called SRAIOT. This algorithm uses a hierarchical structure to determine the connections between network components and data transfer routing. In SRAIOT, the network structure is managed hierarchically and through SDN. For this purpose, the IoT network is first divided into a set of subnets using the SDN solution, communication control and authentication are managed using the controller nodes of each subnet. The communication between two objects (located in different subnets) will be possible if their identity is confirmed through the controller nodes related to them. On the other hand, in order to identify the sources of attacks and network security threats, the controller nodes in each subnet monitor the network traffic pattern using an ensemble learning model and identify possible attacks in their subnet. The performance of SRAIOT was tested in the simulation, and the results were compared with previous methods. The results of these tests show that SRAIOT improves network performance regarding routing and detecting attacks.

David Barrera,Ian Molloy,Heqing Huang

DOI: https://doi.org/10.48550/arXiv.1712.03623

2017-12-11

Abstract:Over 20 billion Internet of Things devices are set to come online by 2020. Protecting such a large number of underpowered, UI-less, network-connected devices will require a new security paradigm. We argue that solutions dependent on vendor cooperation such as secure coding and platform changes are unlikely to provide adequate defenses for the majority of devices. Similarly, regulation approaches face a number implementation challenges which limit their effectiveness. As part of the new paradigm, we propose IDIoT, a network security policy enforcement framework for IoT devices. IDIoT prevents widespread network attacks by restricting IoT devices to only their necessary network behavior. IDIoT is simple and effective, building on decades of tried-and-true network security principles without requiring changes to the devices or cloud infrastructure.

Cryptography and Security

Liwei Kuang,Laurence T. Yang,Kai Qiu

DOI: https://doi.org/10.1109/mwc.2016.7721746

IF: 12.777

2016-01-01

IEEE Wireless Communications

Abstract:IoT exhibits characteristics of the presence of diverse physical sensing and actuating devices, complex wireless communication and networking technologies, as well as large-scale heterogeneous data generated in the physical and cyber worlds. The exponentially increasing volume of data places an unprecedent burden on the network infrastructure of IoT systems, where there are two key challenges: how to represent the heterogeneous IoT data as a concise and unified model, and extract the essential core data that are smaller for transmission but consist of the most valuable information; and how to globally and flexibly control the network devices, and dynamically reallocate the bandwidth to improve the communication link utilization ratio. To address the mentioned challenges, this article first transforms structured, semi-structured, and unstructured IoT data to a unified tensor model, and employs the HO-SVD approach for extraction of the high-quality core data. Then this article applies SDN technology to IoT for device management, and develops a transition tensor model for routing path recommendation. Finally, a smart home case study is investigated, which reveals that the proposed tensor-based software defined model is feasible and promising. It is strongly suggested that further study on combination of IoT with SDN technology and tensor algebra should be performed.

Zhipeng Yu,Hui Zhu,Rui Xiao,Chao Song,Jian Dong,Hui Li

DOI: https://doi.org/10.1002/ett.3895

IF: 3.6

2020-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:With the development and pervasiveness of Internet of Things (IoT) devices, Software‐Defined Networks (SDN) technology has been deployed to bring great convenience to network transmission. However, SDN over IoT network still faces many challenges on devices data security. Our work demonstrates a novel attack of SDN networks, named Network Harvesting (NH). In NH, an attacker has the ability to steal the users' network privileges without the awareness of victims and the switchers. Furthermore, to solve the above attack, we construct a detection scheme and a defense scheme, named RSDetector and SpoofDefender. RSDetector detects the presence of rogue switches in the network by leveraging the prediction power of machine learning. At the same time, SpoofDefender prevents a number of spoofing attacks including NH by the global control of the SDN networks. In addition, RSDetector and SpoofDefender are also evaluated on ONOS 1.10.4 and Mininet. A good deal of simulation results demonstrate that our proposed schemes have great optimization in reducing communication and computation costs.