Elsevier

Computer Networks

Volume 163, 9 November 2019, 106889
Computer Networks

SODA: A software-defined security framework for IoT environments

https://doi.org/10.1016/j.comnet.2019.106889Get rights and content

Abstract

The Internet of Things (IoT), based on interconnected devices, enables a variety of elegant new services that could not be realized in a traditional environment, and many of these services harvest the information of a potentially sensitive and private nature belonging to individual users. Unfortunately, existing security functions used to protect such information are difficult to implement in an IoT environment due to the widely varying capacities, functionalities, and security requirements of IoT devices. In this work, to protect against unrestricted accesses to other devices and information extortion from these devices, we propose SODA, a secure IoT gateway that enables a device-side dynamic access control and is capable of deploying various security services to protect sensitive and private information. To show its effectiveness and practicality, we assume that a large number of IoT devices are crowded around an IoT gateway, and we implement a prototype of SODA for such an environment based on software-defined-networking (SDN) and integrate virtual network functions (VNFs) over network function virtualization (NFV) on top of a real IoT device. From our evaluation, we demonstrate how SODA mitigates real-world attacks through its security functions, and presents how it satisfies the performance requirements of a real environment.

Introduction

The Internet of Things (IoT) is an ecosystem in which devices (i.e., Things) are connected to a network (i.e., the Internet) such that these devices can communicate and share data with each other through the connected network. As this ecosystem provides powerful network connectivity of diverse IoT devices, it is rapidly increasing in popularity; this trend can be easily observed across industry and academia [7], [16], [18], [23], [34], [45]. For instance, smart watches are available today and already selling well [5]. Some IoT services have already been provided by commercial vendors (e.g., Apple Homekit [4] or Samsung SmartThings [35]).

However, an IoT environment that is composed of highly connected IoT devices also introduces critical security problems. For example, a compromised or malicious device can easily access other connected devices through an IoT network due to the lack of authentication and access control, and then be used to conduct various attacks on nearby devices, such as stealing private information from the devices. Thus, for those IoT devices that handle sensitive data (e.g., health information), the security problems of the IoT environment could be even more critical.

Security challenges in an IoT environment are often regarded as more complicated than those of legacy networks due to the diversity of IoT devices. In terms of security policies, IoT users have different security requirements for IoT devices; thus, each IoT device should maintain multiple security policies to satisfy their requirements. Unfortunately, those policies can cause unexpected policy and intent conflicts with each other. In addition, those policies can cause some other conflicts when multiple IoT devices access and control the same resources. With regard to security functionalities, when deploying security functions for IoT devices, we need to allocate resources to operate those functions efficiently. However, an IoT device is, in general, a lightweight, single-board computer with low computation power, which means that its functionality is restricted. Hence, we need to carefully consider how to operate necessary security functions with restricted resources as well. Although some pioneering researchers have proposed solutions for securing IoT environments [6], [17], [31], [34], [47], [48], none of them have addressed the combination of these security challenges.

Today’s network architecture for an IoT environment is broadly classified into two types: (i) peer-to-peer and (ii) centralized. In the former case, each IoT device directly connects to another device to share information; the AllJoyN project [23] is a good example for this case. In the case of the centralized type, IoT devices are connected to a centralized point (i.e., a gateway) for network services. While the peer-to-peer type is often used in these days, most vendors have adopted the centralized type because it can easily manage large-scale IoT devices through a centralized gateway that handles all network flows among the devices [7], [18]. Following today’s trend, we focus on a centralized IoT network to address security challenges in an IoT environment.

In this paper, we present a novel security framework, called SODA, to realize centralized security policy and service management for IoT environments (specifically, for the IoT environment where a large number of IoT devices are crowded around a centralized IoT gateway). In our proposal, all IoT devices are connected to SODA, and all security policies (e.g., who can communicate with whom) are controlled by SODA. In addition, SODA provides the capability of deploying various security services, such as intrusion prevention system and botnet mitigation, and each user (or IoT device) can dynamically take some of security services on request. Security services supported by SODA can be classified into two types: (i) network access control and (ii) network security functions. First, SODA controls (either blocks or allows) network accesses among IoT users and devices according to dynamically defined security policies. Second, SODA provides more complex security capabilities. For example, let us assume that a malicious device (perhaps infected by an attacker) tries to compromise other linked devices. To prevent this, a network intrusion detection system should be activated and be available to target devices in the IoT network. SODA identifies this kind of a requirement and provides relevant security services using virtual network functions realized in SODA.

To implement a prototype of SODA, we leverage software defined networking (SDN) to control network flows among IoT devices [24], and network function virtualization (NFV) [10] to realize security functions inside of a centralized gateway. Then, we demonstrate how SODA can effectively and efficiently protect an IoT network through the prototype of SODA, and our evaluation results show that SODA can successfully enforce user-defined security policies while minimizing conflicts among policies and operating diverse network security functions with reasonable performance.

This paper is organized as follows. Section 2 discusses IoT security issues with an example of commercial IoT devices, and Section 3 presents a new security framework that addresses those issues while its core functionality is elaborated in Section 4. Section 5 describes its prototypical implementation, and Sections 6 and 7 demonstrate its effectiveness and practicality. Section 8 reviews the previous studies related to IoT security. Sections 9 and 10 conclude the paper while providing some leads for future works.

Section snippets

Motivation

This section introduces four security issues in an IoT environment with real-world attack scenarios against Philips Hue smart lamp [9], [26]. For these, as shown in Fig. 1 (left), we have constructed a simple IoT network to control Hue smart lamps. In this network, two IoT devices (a laptop and a smartphone) are connected to a Hue bridge through an access point (AP), and two Hue smart lamps (denoted as LA and LB) are linked to the bridge. In terms of authority, the lamps LA and LB are

SODA design

In this section, we introduce a new security framework, called SODA, for an IoT environment, and describe how SODA manages IoT users and devices while realizing the advanced security for these elements with a low cost. The design of SODA focuses on achieving a user-defined security scheme, which is specialized for an IoT network where each element has different security policies, and a software-based security scheme, which is implemented on a flexible and programmable device. Fig. 2 illustrates

Core module

In this section, we particularly elaborate the core module of SODA that plays a pivotal role in SODA. The core module of SODA is, as depicted in Fig. 4, internally composed of three submodules: policy manager, session manager, and NFV manager.

Implementation

Here, we describe how the design of SODA is developed on top of a real device. As shown in Fig. 5, a prototype of SODA is mainly composed of three components: i) a control plane, ii) a function plane, and iii) a data plane.

For the control plane of SODA, we have first devised a new lightweight SDN controller from scratch in C (referred from [20], [21]), and the data plane of SODA has been implemented by modifying Open vSwitch (OVS) 2.9.1 [15], which is the most popular software switch in these

Microbenchmark

In this section, we evaluate the performance overhead caused by our system by measuring the computation times of our policy management scheme with different number of policies, and the performance (i.e., throughput and latency) of our system with different number of IoT devices.

Real-World evaluation

Now, we evaluate the effectiveness and practicality of SODA by demonstrating network attacks discussed in Section 2, and describe how SODA can mitigate these attacks through security applications running on our system.

Related work

IoT framework: In the IoT field, there have been some research works that have designed frameworks for IoT security. For example, Roesner et al. have focused on privacy issues caused by untrusted IoT entities and proposed a framework for the access control of IoT data with certificate-based policy authenticity [33]. Sicari et al. have proposed a risk assessment framework that evaluates a risk in an IoT system according to the life cycle of IoT data [41]. While these studies have addressed some

Limitations and future work

As do other research proposals, SODA also has some limitations. As previously noted, SODA has not considered some security features (e.g., lightweight encryption and DoS attacks against a centralized IoT gateway) for an IoT environment in this prototype implementation, as they have already been presented by several previous studies [29], [42]. However, we believe that such security features can be easily integrated into SODA as additional security services using our flexible and extensible NFV

Conclusion

The security of the Internet of Things (IoT) has been challenged due to the insufficient capabilities of IoT devices and security policies enforced from multiple sources to the devices. As a result, while IoT devices unwillingly provide limited security functionalities, security policies could be conflicted with each other due to different intents among IoT users. To solve those challenges, we have introduced SODA, which leverages SDN and NFV techniques to offer a centralized security

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgement

This work was supported by Institute for Information & communications Technology Promotion(IITP)) grant funded by the Korea government(MSIT) (No.2018-0-00254, SDN security technology development).

Yeonkeun Kim is a Ph.D. student in Graduate School of Information Security at KAIST. He received his B.S. degree in Computer Science Engineering at Ulsan National Institute of Science and Technology (UNIST) in Korea. He received his M.S. degree in Information Security from KAIST. His research interests include network security issues of IoT and embedding systems.

References (49)

  • S. Babar et al.

    Proposed security model and threat taxonomy for the Internet of Things (IoT)

    Proceedings of International Conference on Network Security and Applications (ICNSA ‘10)

    (2010)
  • Cisco Systems Inc., Cisco 910 industrial router, 2019,...
  • L. Deri et al.

    nDPI: open-source high-speed deep packet inspection

    Proceedings of International Wireless Communications and Mobile Computing Conference (IWCMC ‘14)

    (2014)
  • N. Dhanjani

    Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts

    (2015)
  • ETSI, Network functions virtualisation (NFV), 2012, (White...
  • E. Fernandes et al.

    Security analysis of emerging smart home applications

    Proceedings of IEEE Symposium on Security and Privacy (SP ‘16)

    (2016)
  • N. Gude et al.

    NOX: Towards an operating system for networks

    Proc. ACM SIGCOMM Comput. Commun.Rev. (CCR ‘08)

    (2008)
  • HardKernel, Odroid XU3, 2019, https://www.hardkernel.com/ko/shop/odroid-xu3; Last accessed:...
  • B. Lantz et al.

    A network in a laptop: rapid prototyping for software-defined networks

    Proceedings of the ACM SIGCOMM Workshop on Hot Topics in Networks (HotNets ‘10)

    (2010)
  • Linux Foundation, Open vSwitch, 2016, http://openvswitch.org/; Last accessed:...
  • Linux Foundation, IoTivity project, 2019, https://www.iotivity.org; Last accessed:...
  • C. Lorenz et al.

    An SDN/NFV-enabled enterprise network architecture offering fine-grained security policy enforcement

    IEEE Commun. Mag.

    (2017)
  • J. Maguire, Internet of Things (IoT) Service Delivery using NFV/SDN, 2014, (Freescale Technology Forum)....
  • H. Mekky et al.

    Application-aware Data Plane Processing in SDN

    Proceedings of the Workshop on Hot topics in Software Defined Networking (HotSDN ‘14)

    (2014)

    • Cited by (0)

    Yeonkeun Kim is a Ph.D. student in Graduate School of Information Security at KAIST. He received his B.S. degree in Computer Science Engineering at Ulsan National Institute of Science and Technology (UNIST) in Korea. He received his M.S. degree in Information Security from KAIST. His research interests include network security issues of IoT and embedding systems.

    Jaehyun Nam is a Ph.D. student in Graduate School of Information Security at KAIST. He received his B.S. degree in Computer Science and Engineering from Sogang University in Korea. He received his M.S. degree in Information Security from KAIST. His research interests focus on networked and distributed computing systems. He is especially interested in performance and security issues from software-defined networking (SDN) and network function virtualization (NFV).

    Taejune Park is currently pursuing his Ph.D. degree in School of Computing at KAIST, Republic of Korea, from September 2015. He received his B.S. degree in Computer Engineering at Korea Maritime and Ocean University, Republic of Korea, in August 2013, and his M.S. degree in Information Security at KAIST, Republic of Korea, in August 2015. His research interests focus on the security issues on SDN/NFV environments and data-planes.

    Dr. Sandra Scott-Hayward, CEng CISSP CEH, is a Lecturer (Assistant Professor) in Network Security at QueenâĂŹs University Belfast. In the Centre for Secure Information Technologies at QUB, Sandra leads research and development of network security architectures and security functions for SDN and NFV. She has presented her research globally and received Outstanding Technical Contributor and Outstanding Leadership awards from the Open Networking Foundation (ONF) in 2015 and 2016, respectively.

    Seungwon Shin is an associate professor in the School of Electrical Engineering at KAIST. He received his Ph.D. degree in Computer Engineering from the Electrical and Computer Engineering Department, Texas A&M University, and his M.S degree and B.S degree from KAIST, both in Electrical and Computer Engineering. He is currently a Research Associate of Open Networking Foundation (ONF), and a member of security working group at ONF. His research interests span the areas of SDN security, IoT security, and Botnet analysis/detection.

    1

    The first two authors contributed equally to this work.

    View full text
    © 2019 Elsevier B.V. All rights reserved.