Software-Defined Security-by-Contract for Blockchain-Enabled MUD-Aware Industrial IoT Edge Networks

Abstract

To ensure the proper functioning and performance of Industrial grade Internet of Things devices (IIoT) in Industry 4.0 networks, it is critical to identify the capabilities and malfunctions of their component devices (e.g., sensors, actuators, and controllers) and detect potential misbehavior arising due to cyber-attacks, and misconfiguration. We envision future IoT devices embed behavioral profiles through <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Security-by-Contract</i> (S×C) that are easy to validate and verify against network security policies; manufacturers to provide manufacturer usage description (MUD) profiles as a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">manifest</i> for the devices to signal to the network what sort of access and network functionality they require to properly function. We design authentication in the IoT onboarding process, employ blockchains to a verifiable and immutable repository to store this network manifests, that is signed and verifiable with S×C based <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">smart contracts</i> by the device manufacturer, or industry authority. The integrated framework combines blockchains and S×C security contracts, MUD-based behavioral fingerprinting, and software-defined-networking for managing the security of IIoT ecosystems. Finally, the proposed scheme is validated in a simulated IoT environment on various performance parameters.