Improving Internet of Things (IoT) Security with Software-Defined Networking (SDN)

There has been an increase in the usage of Internet of Things (IoT), which has recently become a rising area of interest as it is being extensively used for numerous applications and devices such as wireless sensors, medical devices, sensitive home sensors, and other related IoT devices. Due to the demand to rapidly release new IoT products in the market, security aspects are often overlooked as it takes time to investigate all the possible vulnerabilities. Since IoT devices are internet-based and include sensitive and confidential information, security concerns have been raised and several researchers are exploring methods to improve the security among these types of devices. Software defined networking (SDN) is a promising computer network technology which introduces a central program named ‘SDN Controller’ that allows overall control of the network. Hence, using SDN is an obvious solution to improve IoT networking performance and overcome shortcomings that currently exist. In this paper, we (i) present a system model to effectively use SDN with IoT networks; (ii) present a solution for mitigating man-in-the-middle attacks against IoT that can only use HTTP, which is a critical attack that is hard to defend; and (iii) implement the proposed system model using Raspberry Pi, Kodi Media Center, and Openflow Protocol. Our system implementation and evaluations show that the proposed technique is more resilient to cyber-attacks.

Download Full-text

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Sensors ◽

10.3390/s21051598 ◽

2021 ◽

Vol 21 (5) ◽

pp. 1598

Author(s):

Sigurd Frej Joel Jørgensen Ankergård ◽

Edlira Dushku ◽

Nicola Dragoni

Keyword(s):

Internet Of Things ◽

Smart Cities ◽

Cyber Attacks ◽

Resource Constrained ◽

Remote Attestation ◽

Comprehensive Overview ◽

Research Issues ◽

Advantages And Disadvantages ◽

Iot Devices ◽

Specialized Hardware

The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an enormous attack surface for potential sophisticated cyber attacks. In this context, Remote Attestation (RA) has gained wide interest as an important security technique to remotely detect adversarial presence and assure the legitimate state of an IoT device. While many RA approaches proposed in the literature make different assumptions regarding the architecture of IoT devices and adversary capabilities, most typical RA schemes rely on minimal Root of Trust by leveraging hardware that guarantees code and memory isolation. However, the presence of a specialized hardware is not always a realistic assumption, for instance, in the context of legacy IoT devices and resource-constrained IoT devices. In this paper, we survey and analyze existing software-based RA schemes (i.e., RA schemes not relying on specialized hardware components) through the lens of IoT. In particular, we provide a comprehensive overview of their design characteristics and security capabilities, analyzing their advantages and disadvantages. Finally, we discuss the opportunities that these RA schemes bring in attesting legacy and resource-constrained IoT devices, along with open research issues.

Download Full-text

Towards a Lightweight Detection System for Cyber Attacks in the IoT Environment Using Corresponding Features

Electronics ◽

10.3390/electronics9010144 ◽

2020 ◽

Vol 9 (1) ◽

pp. 144 ◽

Cited By ~ 6

Author(s):

Yan Naung Soe ◽

Yaokai Feng ◽

Paulus Insap Santosa ◽

Rudy Hartanto ◽

Kouichi Sakurai

Keyword(s):

Machine Learning ◽

Feature Selection ◽

Detection System ◽

Detection Performance ◽

Cyber Attacks ◽

Raspberry Pi ◽

Selection Algorithm ◽

Feature Selection Algorithm ◽

New Feature ◽

Iot Devices

The application of a large number of Internet of Things (IoT) devices makes our life more convenient and industries more efficient. However, it also makes cyber-attacks much easier to occur because so many IoT devices are deployed and most of them do not have enough resources (i.e., computation and storage capacity) to carry out ordinary intrusion detection systems (IDSs). In this study, a lightweight machine learning-based IDS using a new feature selection algorithm is designed and implemented on Raspberry Pi, and its performance is verified using a public dataset collected from an IoT environment. To make the system lightweight, we propose a new algorithm for feature selection, called the correlated-set thresholding on gain-ratio (CST-GR) algorithm, to select really necessary features. Because the feature selection is conducted on three specific kinds of cyber-attacks, the number of selected features can be significantly reduced, which makes the classifiers very small and fast. Thus, our detection system is lightweight enough to be implemented and carried out in a Raspberry Pi system. More importantly, as the really necessary features corresponding to each kind of attack are exploited, good detection performance can be expected. The performance of our proposal is examined in detail with different machine learning algorithms, in order to learn which of them is the best option for our system. The experiment results indicate that the new feature selection algorithm can select only very few features for each kind of attack. Thus, the detection system is lightweight enough to be implemented in the Raspberry Pi environment with almost no sacrifice on detection performance.

Download Full-text

Effectiveness of the NIZKP Protocol for Authentication in IoT Environment

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.6.10775 ◽

2018 ◽

Vol 7 (2.6) ◽

pp. 231

Author(s):

Teyi Yann Cedric Lawson ◽

Senthilnathan T

Keyword(s):

Performance Evaluation ◽

Internet Of Things ◽

Power Consumption ◽

Elliptic Curve ◽

Elliptic Curves ◽

Credit Card ◽

Raspberry Pi ◽

Zero Knowledge ◽

Iot Devices ◽

A Performance

Elliptic Curves when compared to other encryptions scheme such as RSA etc., provides an equivalent security, smaller key sizes, less power consumption, faster calculations, less bandwidth used and is more suitable for Internet of Things devices. In addition of encrypting the data, the devices in the network should also be able to authenticate themselves, which can be achieved with the implementation of “Non-Interactive Zero Knowledge protocol” (NIZKP). This protocol involves two parties: The prover and the Verifier. Prover party should prove to the Verifier that they have the knowledge of something, without revealing what is it. In this paper, a study of Schnorr protocol or ∑- protocol over Elliptic Curves is done and the protocol is implemented in Python using the Python Cryptography Toolkit PyCrypto which is a collection of cryptographic modules implementing various algorithms and protocols. Finally, the results were compared with Elliptic Curve Diffie-Hellmann(ECDH) and present a performance evaluation of the protocols on the Raspberry Pi 3B model, a credit-card sized computer used for the development of IoT devices hence the perfect platforms to test the protocol.

Download Full-text

Analysis of WebAssembly as a Strategy to Improve JavaScript Performance on IoT Environments

10.5753/sbesc_estendido.2020.13102 ◽

2020 ◽

Author(s):

Fernando Oliveira ◽

Júlio Mattos

Keyword(s):

Internet Of Things ◽

Mobile Applications ◽

Raspberry Pi ◽

The Internet ◽

Memory Usage ◽

C Language ◽

Server Side ◽

Benchmark Suite ◽

Iot Devices ◽

The Internet Of Things

JavaScript language (JS) has been widely used in recent years applied to browsers-context. Yet JS is being applied to other backgrounds such as server-side programming, mobile applications, games, robotics, and the Internet of Things (IoT). JavaScript is suitable for programming IoT devices due to eventdriven oriented architecture. However, it is an interpreted language, so it has a lower performance than a compiled language. This paper assesses the use of WebAssembly as a strategy to improve the performance of JavaScript applications in the IoT environment. The experiments were performed on a Raspberry Pi using the Ostrich Benchmark Suite. We run the algorithms in JavaScript, WebAssembly, and C language while collecting data about device resource consumption. Our results showed that JavaScript performance could be improved by 39.81% in terms of execution time, a tiny gain in memory usage, and reduced battery consumption by 39.86% when using WebAssembly.

Download Full-text

RESEARCH OF THE SYSTEM FOR VULNERABILITY TO MITM – ATTACKS USING THE CREATION OF FAKE AP

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2021.13.2938 ◽

2021 ◽

Vol 1 (13) ◽

pp. 29-38

Author(s):

Serhii Krivenko ◽

Natalya Rotaniova ◽

Yulianna Lazarevska ◽

Ulyana Karpenko

Keyword(s):

Computer Network ◽

Personal Data ◽

Cyber Attacks ◽

Distributed Information ◽

Internet Users ◽

Man In The Middle ◽

Computer Network Security ◽

The Subject ◽

High Level ◽

Gain Access

The problems of the cybersecurity are becoming a daily threat to the business sphere and the Internet users. The field of the cybersecurity is constantly changing, but it is obviously that the cyber threats are becoming more serious and occur more often. The statistics on the number of cyber attacks in 2020 showed a sharp surge in the cybercrime. In the field of the information security, the majority of incidents has been related to attacks on the various distributed information systems recently. At the same time, a significant amount number of the successful attacks are those that carried out using such attacks as "Man in the middle" (MITM). MITM - attacks are dangerous because with their help attackers gain access to the confidential information, not only the companies but also the ordinary users. Therefore, the purpose of this article is to study the types of MITM - attacks, as well as to develop the recommendations for combating such types of attacks. The study was conducted using methods of analysis and description. The object of the study is MITM attacks. The subject of the study is to determine ways to counter attacks such as MITM. As a result of the conducted research the basic types and the technique of carrying out MITM - attacks are considered. The result of the study was the development of the recommendations for the countering MITM attacks. The proposed methods of preventing "Man in the middle" attacks can ensure a certain high level of the computer network security. This study will be useful in ways suggested to prevent MITM attacks, not only for security administrators, but also for Wi-Fi users trying to protect their personal data. The results of the study can also be used to develop better software that can increase the security of any computer network

Download Full-text

A Novel Fog-IoT based Framework for Improving Performance of Cloud Computing

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.l1198.10812s19 ◽

2019 ◽

Vol 8 (12S) ◽

pp. 889-895

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Secure Communication ◽

Fog Computing ◽

Cloud Service ◽

Raspberry Pi ◽

New Paradigm ◽

Privacy And Security ◽

Security Issues ◽

Iot Devices

Internet-of-Things (IoT) has been considered as a fundamental part of our day by day existence with billions of IoT devices gathering information remotely and can interoperate within the current Internet framework. Fog computing is nothing but cloud computing to the extreme of network security. It provides computation and storage services via CSP (Cloud Service Provider) to end devices in the Internet of Things (IoT). Fog computing allows the data storing and processing any nearby network devices or nearby cloud endpoint continuum. Using fog computing, the designer can reduce the computation architecture of the IoT devices. Unfortunitily, this new paradigm IoT-Fog faces numerous new privacy and security issues, like authentication and authorization, secure communication, information confidentiality. Despite the fact that the customary cloud-based platform can even utilize heavyweight cryptosystem to upgrade security, it can't be performed on fog devices drectly due to reseource constraints. Additionally, a huge number of smart fog devices are fiercely disseminated and situated in various zones, which expands the danger of being undermined by some pernicious gatherings. Trait Based Encryption (ABE) is an open key encryption conspire that enables clients to scramble and unscramble messages dependent on client qualities, which ensures information classification and hearty information get to control. Be that as it may, its computational expense for encryption and unscrambling stage is straightforwardly corresponding to the multifaceted nature of the arrangements utilized. The points is to assess the planning, CPU burden, and memory burden, and system estimations all through each phase of the cloud-to-things continuum amid an analysis for deciding highlights from a finger tapping exercise for Parkinson's Disease patients. It will be appeared there are confinements to the proposed testbeds when endeavoring to deal with upwards of 35 customers at the same time. These discoveries lead us to a proper conveyance of handling the leaves the Intel NUC as the most suitable fog gadget. While the Intel Edison and Raspberry Pi locate a superior balance at in the edge layer, crossing over correspondence conventions and keeping up a self-mending network topology for "thing" devices in the individual territory organize.

Download Full-text

Analysis of P4 and XDP for IoT Programmability in 6G and Beyond

IoT ◽

10.3390/iot1020031 ◽

2020 ◽

Vol 1 (2) ◽

pp. 605-622

Author(s):

David Carrascal ◽

Elisa Rojas ◽

Joaquin Alvarez-Horcajo ◽

Diego Lopez-Pajares ◽

Isaías Martínez-Yelmo

Keyword(s):

Internet Of Things ◽

Software Defined Networking ◽

Use Cases ◽

Future Research ◽

The Internet ◽

Cpu Usage ◽

Iot Devices ◽

The Internet Of Things

Recently, two technologies have emerged to provide advanced programmability in Software-Defined Networking (SDN) environments, namely P4 and XDP. At the same time, the Internet of Things (IoT) represents a pillar of future 6G networks, which will be also sustained by SDN. In this regard, there is a need to analyze the suitability of P4 and XDP for IoT. In this article, we aim to compare both technologies to help future research efforts in the field. For this purpose, we evaluate both technologies by implementing diverse use cases, assessing their performance and providing a quick qualitative overview. All tests and design scenarios are publicly available in GitHub to guarantee replication and serve as initial steps for researchers that want to initiate in the field. Results illustrate that currently XDP is the best option for constrained IoT devices, showing lower latency times, half the CPU usage, and reduced memory in comparison with P4. However, development of P4 programs is more straightforward and the amount of code lines is more similar regardless of the scenario. Additionally, P4 has a lot of potential in IoT if a special effort is made to improve the most common software target, BMv2.

Download Full-text

COSMOS: Collaborative, Seamless and Adaptive Sentinel for the Internet of Things

Sensors ◽

10.3390/s19071492 ◽

2019 ◽

Vol 19 (7) ◽

pp. 1492 ◽

Cited By ~ 6

Author(s):

Pantaleone Nespoli ◽

David Useche Pelaez ◽

Daniel Díaz López ◽

Félix Gómez Mármol

Keyword(s):

Internet Of Things ◽

Real World ◽

Smart Devices ◽

Raspberry Pi ◽

The Internet ◽

Security Issues ◽

Dynamic Scenario ◽

Computer Based ◽

Iot Devices ◽

The Internet Of Things

The Internet of Things (IoT) became established during the last decade as an emerging technology with considerable potentialities and applicability. Its paradigm of everything connected together penetrated the real world, with smart devices located in several daily appliances. Such intelligent objects are able to communicate autonomously through already existing network infrastructures, thus generating a more concrete integration between real world and computer-based systems. On the downside, the great benefit carried by the IoT paradigm in our life brings simultaneously severe security issues, since the information exchanged among the objects frequently remains unprotected from malicious attackers. The paper at hand proposes COSMOS (Collaborative, Seamless and Adaptive Sentinel for the Internet of Things), a novel sentinel to protect smart environments from cyber threats. Our sentinel shields the IoT devices using multiple defensive rings, resulting in a more accurate and robust protection. Additionally, we discuss the current deployment of the sentinel on a commodity device (i.e., Raspberry Pi). Exhaustive experiments are conducted on the sentinel, demonstrating that it performs meticulously even in heavily stressing conditions. Each defensive layer is tested, reaching a remarkable performance, thus proving the applicability of COSMOS in a distributed and dynamic scenario such as IoT. With the aim of easing the enjoyment of the proposed sentinel, we further developed a friendly and ease-to-use COSMOS App, so that end-users can manage sentinel(s) directly using their own devices (e.g., smartphone).

Download Full-text

Botnet and Internet of Things (IoTs)

Security, Privacy, and Forensics Issues in Big Data - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-9742-1.ch013 ◽

2020 ◽

pp. 304-316

Author(s):

Kamal Alieyan ◽

Ammar Almomani ◽

Rosni Abdullah ◽

Badr Almutairi ◽

Mohammad Alauthman

Keyword(s):

Internet Of Things ◽

Cyber Attacks ◽

The Internet ◽

Ddos Attacks ◽

Botnet Detection ◽

The Public ◽

Detection Techniques ◽

Channel Information ◽

Iot Devices ◽

The Internet Of Things

In today's internet world the internet of things (IoT) is becoming the most significant and developing technology. The primary goal behind the IoT is enabling more secure existence along with the improvement of risks at various life levels. With the arrival of IoT botnets, the perspective towards IoT products has transformed from enhanced living enabler into the internet of vulnerabilities for cybercriminals. Of all the several types of malware, botnet is considered as really a serious risk that often happens in cybercrimes and cyber-attacks. Botnet performs some predefined jobs and that too in some automated fashion. These attacks mostly occur in situations like phishing against any critical targets. Files sharing channel information are moved to DDoS attacks. IoT botnets have subjected two distinct problems, firstly, on the public internet. Most of the IoT devices are easily accessible. Secondly, in the architecture of most of the IoT units, security is usually a reconsideration. This particular chapter discusses IoT, botnet in IoT, and various botnet detection techniques available in IoT.

Download Full-text