SDN-Based Data Transfer Security for Internet of Things

The exponential growth of devices connected to the network has resulted in the development of new Internet of Things (IoT) applications and online services, which may have diverse and dynamic requirements on received quality. Although, the emerging software-defined networking (SDN) approach can be l...

Full description

Saved in:
Bibliographic Details
Published inIEEE internet of things journal Vol. 5; no. 1; pp. 257 - 268
Main Authors Liu, Yanbing, Kuang, Yao, Xiao, Yunpeng, Xu, Guangxia
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 01.02.2018
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Computer architecture
Cybersecurity
Data transfer
Data transfer (computers)
Dataflow management
Electronic devices
Heuristic methods
Internet of Things
Internet of Things (IoT)
IP (Internet Protocol)
Linear programming
middlebox
Middleboxes
Network latency
Policies
Protocols
Pruning
Security
Software-defined networking
software-defined networking (SDN)
Switches
Wireless networks
Online AccessGet full text

Cover

More Information
Summary:The exponential growth of devices connected to the network has resulted in the development of new Internet of Things (IoT) applications and online services, which may have diverse and dynamic requirements on received quality. Although, the emerging software-defined networking (SDN) approach can be leveraged for the IoT environment, to dynamically achieve differentiated quality levels for different IoT tasks in very heterogeneous wireless networking scenarios, the open interfaces in SDN introduces new network attacks, which may make SDN-based IoT malfunctioned. The challenges lies in securely using SDN for IoT systems. To address this challenge, we design a SDN-based data transfer security model middlebox-guard (M-G). M-G aims at reducing network latency, and properly manage dataflow to ensure the network run safely. First, according to different security policies, middleboxes related to the defined secure policies, are placed at the most appropriate locations, using dataflow abstraction and a heuristic algorithm. Next, to avoid any middlebox becoming a hotspot, an offline integer linear program (ILP) pruning algorithm is proposed in M-G, to tackle switch volume constraints. In addition, an online linear program (LP) formulation is come up to handle load balance. Finally, secure mechanisms are proposed to handle different attacks. And network routing is solved flexibly, through dataflow management protocol, which are formulated via combining tunnels and tags. Experimental results demonstrate that this model can improve security performance and manage dataflow effectively in SDN-based IoT system.
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2017.2779180