Distributed Address Table (DAT): A Decentralized Model for End-to-End Communication in IoT

To achieve a fully connected network in Internet of Things (IoT) there are number of challenges that have to be overcome. Among those, a big challenge is how to keep all of the devices accessible everywhere and every time. In the IoT network, the assumption is that each IoT device can be reached by any client at any given time. In practice, this is not always possible and without a proper mechanism the nodes behind a NAT are unable to communicate with each other directly, and their addresses have to be shared through a trusted third party. This challenge becomes harder by taking into consideration that most NAT traversal approaches have been developed prior to rising of the IoT, without taking into account the constrained nature of the participating devices and mostly depend on a centralized entity. In this paper we proposed the Distributed Address Table (DAT), a decentralized, secure and lightweight address distribution model that allows any two nodes to get the addresses of the other end without relying on a trusted third party. Structured Peer-to-Peer (P2P) overlay by utilizing Distributed Hash Table (DHT) technique is generated as its underlying communication scheme to ensure that all participating devices are accessible at any given time. This is achieved through simple, yet secure and efficient decentralized model. The DAT adopts the edge/fog computing paradigms to ensure a decentralized address distribution. The results showed that the proposed model is efficient. In addition, the security properties of the proposed model have been defined and proved.

Beware: NAT Traversal is a Simple and Efficient Approach to Open Firewall Holes

NAT traversal techniques allow processes with private, non-routable IP addresses to communicate with other processes outside the network secured limits. Techniques such as UDP Hole Punching have been standardized by the IETF, and using tunnels based on those techniques it is easy to allow application processes on top of any transport protocol, including TCP, to both start and receive packets from the Internet across NAT devices. However, as a side effect those techniques also freely proceed through firewalls. In this work we describe how it is possible to configure any server running on any port (no firewall configuration required) to establish connections initiated at arbitrary Internet clients, making unauthorized services easily available. We also show that the process is lightweight, in particular after the initial setup is concluded, thus virtually supporting any type of unauthorized applications.