SDN-Enabled Secure IoT Architecture

Abstract

The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT-based applications. In this article, we present a security architecture for IoT networks by leveraging the underlying features supported by software-defined networks (SDNs). Our security architecture not only restricts network access to authenticated IoT devices but also enforces fine granular policies to secure the flows in the IoT network infrastructure. The authentication is achieved using a lightweight protocol to authenticate IoT devices. Authorization is achieved using a dynamic policy driven approach. Such an integrated security approach involving authentication of IoT devices and enables authorized flows to protect IoT networks from malicious IoT devices and attacks. We have implemented and validated our architecture using ONOS SDN Controller and Raspbian Virtual Machines, and demonstrated how the proposed security mechanisms can counteract malware packet injection, DDoS attacks using Mirai, spoofing/masquerading, and man-in-the-middle attacks. An analysis of the security and performance of the proposed security mechanisms and their applications is presented in this article.