A DDoS Attack Detection and Mitigation with Software-Defined Internet of Things Framework

With the spread of Internet of Things' (IoT) applications, security has become extremely important. A recent distributed denial-of-service (DDoS) attack revealed the ubiquity of vulnerabilities in IoT, and many IoT devices unwittingly contributed to the DDoS attack. The emerging software-defined anything (SDx) paradigm provides a way to safely manage IoT devices. In this paper, we first present a general framework for software-defined Internet of Things (SD-IoT) based on the SDx paradigm. The proposed framework consists of a controller pool containing SD-IoT controllers, SD-IoT switches integrated with an IoT gateway, and IoT devices. We then propose an algorithm for detecting and mitigating DDoS attacks using the proposed SD-IoT framework, and in the proposed algorithm, the cosine similarity of the vectors of the packet-in message rate at boundary SD-IoT switch ports is used to determine whether DDoS attacks occur in the IoT. Finally, experimental results show that the proposed algorithm has good performance, and the proposed framework adapts to strengthen the security of the IoT with heterogeneous and vulnerable devices

Improving Security in Internet of Things with Software Defined Networking

Future Internet of Things (IoT) will connect to the Internet billions of heterogeneous smart devices with the capacity of interacting with the environment. Therefore, the proposed solutions from an IoT networking perspective must take into account the scalability of IoT nodes as well as the operational cost of deploying the networking infrastructure. This will generate a huge volume of data, which poses a tremendous challenge both from the transport, and processing of information point of view. Moreover, security issues appear, due to the fact that untrusted IoT devices are interconnected towards the aggregation networks. In this paper, we propose the usage of a Software- Defined Networking (SDN) framework for introducing security in IoT gateways. An experimental validation of the framework is proposed, resulting in the enforcement of network security at the network edge

P4SINC – An Execution Policy Framework for IoT Services in the Edge

Internet of Things (IoT) services are increasingly deployed at the edge to access and control Things. The execution of such services needs to be monitored to provide information for security, service contract, and system operation management. Although different techniques have been proposed for deploying and executing IoT services in IoT gateways and edge servers, there is a lack of generic policy frameworks for instrumentation and assurance of various types of execution policies for IoT services. In this paper, we present P4SINC as an execution policy framework that covers various functionalities for IoT services deployed in software-defined machines in IoT infrastructures. P4SINC supports the instrumentation and enforcement of IoT services during their deployment and execution, thus being leveraged for other purposes such as security and service contract management. We illustrate our prototype with realistic examples

SDIoT: A Software Defined based Internet of Things framework

The internet of things (IoT) represent the current and future state of the Internet. The large number of things (objects), which are connected to the Internet, produce a huge amount of data that needs a lot of effort and processing operations to transfer it to useful information. Moreover, the organization and control of this large volume of data requires novel ideas in the design and management of the IoT network to accelerate and enhance its performance. The software defined systems is a new paradigm that appeared recently to hide all complexity in traditional system architecture by abstracting all the controls and management operations from the underling devices (things in the IoT) and setting them inside a middleware layer, a software layer. In this work, a comprehensive software defined based framework model is proposed to simplify the IoT management process and provide a vital solution for the challenges in the traditional IoT architecture to forward, store, and secure the produced data from the IoT objects by integrating the software defined network, software defined storage, and software defined security into one software defined based control model

A secured framework for SDN-based edge computing in IoT-enabled healthcare system

The Internet of Things (IoT) consists of resource-constrained smart devices capable to sense and process data. It connects a huge number of smart sensing devices, i.e., things, and heterogeneous networks. The IoT is incorporated into different applications, such as smart health, smart home, smart grid, etc. The concept of smart healthcare has emerged in different countries, where pilot projects of healthcare facilities are analyzed. In IoT-enabled healthcare systems, the security of IoT devices and associated data is very important, whereas Edge computing is a promising architecture that solves their computational and processing problems. Edge computing is economical and has the potential to provide low latency data services by improving the communication and computation speed of IoT devices in a healthcare system. In Edge-based IoT-enabled healthcare systems, load balancing, network optimization, and efficient resource utilization are accurately performed using artificial intelligence (AI), i.e., intelligent software-defined network (SDN) controller. SDN-based Edge computing is helpful in the efficient utilization of limited resources of IoT devices. However, these low powered devices and associated data (private sensitive data of patients) are prone to various security threats. Therefore, in this paper, we design a secure framework for SDN-based Edge computing in IoT-enabled healthcare system. In the proposed framework, the IoT devices are authenticated by the Edge servers using a lightweight authentication scheme. After authentication, these devices collect data from the patients and send them to the Edge servers for storage, processing, and analyses. The Edge servers are connected with an SDN controller, which performs load balancing, network optimization, and efficient resource utilization in the healthcare system. The proposed framework is evaluated using computer-based simulations. The results demonstrate that the proposed framework provides better solutions for IoT-enabled healthcare systems. © 2013 IEEE. **Please note that there are multiple authors for this article therefore only the name of the first 5 including Federation University Australia affiliate “Venki Balasubramaniam” is provided in this record*

Towards a Security, Privacy, Dependability, Interoperability Framework for the Internet of Things

A popular application of ambient intelligence systems constitutes of assisting living services on smart buildings. As intelligence is imported in embedded equipment, the system becomes able to provide smart services (e.g. control lights, airconditioning, provide energy management services etc.). IoT is the main enabler of such environments. However, the interconnection of these cyber-physical systems and the processing of personal data raise serious security and privacy issues. In this paper we present a framework that can guarantee Security, Privacy, Dependability and Interoperability (SPDI) in IoT. Taking advantage of the underlying IoT deployment, the proposed framework not only implements the requested smart functionality but also provide modelling and administration that can guarantee those SPDI properties. Moreover, we provide an application example of the framework in a smart building scenario

A Practical Wireless Exploitation Framework for Z-Wave Networks

Wireless Sensor Networks (WSN) are a growing subset of the emerging Internet of Things (IoT). WSNs reduce the cost of deployment over wired alternatives; consequently, use is increasing in home automation, critical infrastructure, smart metering, and security solutions. Few published works evaluate the security of proprietary WSN protocols due to the lack of low-cost and effective research tools. One such protocol is ITU-T G.9959-based Z-Wave, which maintains wide acceptance within the IoT market. This research utilizes an open source toolset, presented herein, called EZ-Wave to identify methods for exploiting Z-Wave devices and networks using Software-Defined Radios (SDR). Herein, techniques enabling active network reconnaissance, including network enumeration and device interrogation, are presented. Furthermore, a fuzzing framework is presented and utilized to identify three packet malformations resulting in anomalous device behavior. Finally, a method for classifying the three most common Z-Wave transceivers with \u3e99% accuracy using preamble manipulation is identified and tested