Software Defined Networks based Security Architecture for IoT Infrastructures
University of Newcastle
Internet of Things (IoT) are increasingly being used in a range of applications from precision agriculture to critical national infrastructure by deploying a large number of resource constrained devices, which can often be located in unfriendly or hostile environments. Gartner, Inc. estimates that 25 Billion IoT devices will be deployed by 2020.
Like other disruptive technologies, such as smartphones and cloud computing, IoT holds the potential for societal scale impact by transforming many industries as well as our daily lives. However, currently the priorities (from most vendors) have been mainly on developing functionality, and security and privacy risks have not received as much attention. The heterogeneity of the IoT devices, the underlying communication infrastructure and the different types of protocols used by these devices make the IoT infrastructures complex and vulnerable to different types of cyberattacks.
For instance, IoT devices are susceptible to exploitation and can be used to launch attacks such as Distributed/Permanent Denial of Service (DDoS/PDoS) attacks. Recently in 2016, we witnessed some such attacks such as the attack against Dyn DNS service provider to major Internet platforms and services thereby making them unavailable to large number of users in Europe and North America. Mirai malware was used in these attacks which turns networked devices running out of date software into remotely controlled "bots" that can be used as part of a botnet in large-scale network DDoS attacks. It primarily targeted consumer IoT devices such as IP cameras and home routers. In 2017 IoT devices became the victim of a new type of attack called BrickerBot, where they are corrupted completely (PDoS). This bot also uses the same process to infect the IoT devices.
The main goal of the proposed project is to develop a secure IoT architecture by leveraging the underlying features supported by Software Defined Networks (SDN). The project will develop fine granular security policies and a lightweight security protocol to authenticate IoT devices and secure IoT infrastructure. It will investigate the use of OAuth (Open Authorization) protocol to specify credentials and security policies for an IoT device to access other devices and services in the network. The OAuth service is envisaged to be part of the design of secure SDN controller. Then the project will validate the proposed security architecture and techniques using ONOS SDN Controllers and Raspbian/Busy Box virtual machines and demonstrate how the proposed architecture can defend against Mirai type DDoS attacks.
We believe the significance of the proposed project is that the combination of fine granular security policy driven architecture together with lightweight authentication protocol can help to defend the IoT network infrastructure against botnet based DDoS attacks. It will help to achieve dynamic detection of attacks and update security policies thereby helping to enhance the security and resilience of IoT infrastructure. The proposed project will be particularly relevant for sectors such as agariculture, environment and healthcare, where increasing IoT devices and applications are being used to monitor and collect data and use them in decision making.