مقاله انگلیسی رایگان در مورد امنیت داده ها برای اینترنت اشیا مبتنی بر SDN – نشریه IEEE 2018

The exponential growth of devices connected to the network has resulted in the development of new Internet of Things (IoT) applications and on-line services, which may have diverse and dynamic requirements on received quality. Although, the emerging Software-Defined Networking (SDN) approach can be leveraged for the IoT environment, to dynamically achieve differentiated quality levels for different IoT tasks in very heterogeneous wireless networking scenarios, the open interfaces in SDN introduces new network attacks, which may make SDNbased IoT malfunctioned. The challenges lies in securely using SDN for IoT systems. To address this challenge, we design a SDN-based data transfer security model Middlebox-Guard (MG). M-G aims at reducing network latency, and properly manage dataflow to ensure the network run safely. First, according to different security policies, middleboxes related to the defined secure policies, are placed at the most appropriate locations, using dataflow abstraction and a heuristic algorithm. Next, to avoid any middlebox becoming a hot-spot, an offline Integer Linear Program (ILP) pruning algorithm is proposed in M-G, to tackle switch volume constraints. In addition, an online Linear Program (LP) formulation is come up to handle load balance. Finally, secure mechanisms are proposed to handle different attacks. And network routing is solved flexibly, through dataflow management protocol, which are formulated via combining tunnels and tags. Experimental results demonstrate that this model can improve security performance and manage dataflow effectively in SDNbased IoT system.

INTRODUCTION

T HE continued evolution of new services and the growth of the information circulating the Internet, has led to the origin of ideas, concepts and paradigms such as the Internet of Things (IoT)[1]. However, traditional network infrastructure, which need high-level network policies and configuring protocols, are inefficient and have significant limitations to support the high level of scalability, high amount of traffic and mobility. Software-Defined Networking(SDN)[2] decouples the traditional closed network into data plane, control plane and application plane, which enables logically centralized control and management of the whole network. With this new design principle, the network could behave more flexibly and can easily adapt to the needs of different organizations. Besides, the centralized architecture allows important information to be collected from the network and in turn used to improve and adapt their policies dynamically. Thus, as shown in Figure 1, a programmable, flexible, flow-centric SDN-based IoT architecture is favorable. Although, open interfaces in SDN have simplified the design of secure applications in large and complex IoT, they are vulnerable to new network attacks [3]- [4], and this vulnerability inevitably reduces security in SDNbased IoT architecture. In IoT, the dataflow has to go through several processes before all required tasks are finished. Thus, proper handling of data flows in each device, is important for stable and secure network operation. Recent studies about the use of middleboxe and SDN[5]-[9] fall into three categories, including software realized middlebox, service chaining problems and integrating traditional middlebox into SDN networks. The first challenge is the dynamic of dataflow in IoT.The number of users and dataflow volume in IoT vary over time. However, most existing dataflow control techniques assume a stable network. Therefore, such techniques can not actively consider network security. If a large number of data streams arrive simultaneously, the entire IoT network may become paralyzed. Thus, when developing dataflow control strategies, considering dataflow streams dynamics can improve the security and stability of the entire network.