A Network-Aware Internet-Wide Scan for Security Maximization of IPv6-Enabled WLAN IoT Devices

Abstract

Despite unprecedented advancements, wireless local area network (WLAN) technologies for the Internet of Things (IoT), such as IEEE 802.11ah (i.e., WiFi-HaLow), are prone to serious security threats, owing to their constrained computational and memory resources, which limit the use of heavyweight intrusion protection and security protocols. To address this problem, security administrators (sec-admins) must perform regular and comprehensive vulnerability assessments of IoT devices. An Internet-wide port scan (IWPS) is the initial step. However, the medium access control mechanism of IEEE 802.11ah, designed specifically for heterogeneous IoT traffic and low-power operations, can degrade network performance in the case of traditional port-scan traffic. Moreover, Internet-security (IPSec) protocol support is mandatory for IPv6-enabled IoT devices to ensure data confidentiality, integrity, and availability. Although the objective of a port scan is to improve IoT security, the resultant network performance can adversely affect IPSec services. Therefore, in this study, we optimize the IWPS to maximize the IoT security over IEEE 802.11ah WLAN. To this end, we propose novel mathematical models to evaluate IoT security based on port-scan network performance and IPsec services, which derives an optimal scan rate for sec-admins. The effectiveness of the proposed framework is verified by comprehensive numerical analysis, which shows that our approach minimizes the risk to IoT devices while probing them at an optimal scan rate.