Repositorio UVigo

Quarantining malicious IoT devices in intelligent sliced mobile networks

Investigo Repository

Quarantining malicious IoT devices in intelligent sliced mobile networks

Candal Ventureira, David; Fondo Ferreiro, Pablo; Gil Castiñeira, Felipe Jose; Gonzalez Castaño, Francisco Javier
 
DATE : 2020-09-05
UNIVERSAL IDENTIFIER : http://hdl.handle.net/11093/1591
UNESCO SUBJECT : 3325 Tecnología de las Telecomunicaciones ; 1203.04 Inteligencia Artificial ; 1203.17 Informática
DOCUMENT TYPE : article

ABSTRACT :

The unstoppable adoption of the Internet of Things (IoT) is driven by the deployment of new services that require continuous capture of information from huge populations of sensors, or actuating over a myriad of “smart” objects. Accordingly, next generation networks are being designed to support such massive numbers of devices and connections. For example, the 3rd Generation Partnership Project (3GPP) is designing the different 5G releases specifically with IoT in mind. Nevertheless, from a security perspective this scenario is a potential nightmare: the attack surface becomes wider and many IoT nodes do not have enough resources to support advanced security protocols. In fact, security is rarely a priority in their design. Thus, including network-level mechanisms for preventing attacks from malware-infected IoT devices is mandatory to avert further damage. In this paper, we propose a novel Software-Defined Networking (SDN)-based architecture to identify suspicious nodes in 4G or 5G networks and redirect their traffic to a secondary network slice where traffic is analyzed in depth ... [+]
The unstoppable adoption of the Internet of Things (IoT) is driven by the deployment of new services that require continuous capture of information from huge populations of sensors, or actuating over a myriad of “smart” objects. Accordingly, next generation networks are being designed to support such massive numbers of devices and connections. For example, the 3rd Generation Partnership Project (3GPP) is designing the different 5G releases specifically with IoT in mind. Nevertheless, from a security perspective this scenario is a potential nightmare: the attack surface becomes wider and many IoT nodes do not have enough resources to support advanced security protocols. In fact, security is rarely a priority in their design. Thus, including network-level mechanisms for preventing attacks from malware-infected IoT devices is mandatory to avert further damage. In this paper, we propose a novel Software-Defined Networking (SDN)-based architecture to identify suspicious nodes in 4G or 5G networks and redirect their traffic to a secondary network slice where traffic is analyzed in depth before allowing it reaching its destination. The architecture can be easily integrated in any existing deployment due to its interoperability. By following this approach, we can detect potential threats at an early stage and limit the damage by Distributed Denial of Service (DDoS) attacks originated in IoT devices. [-]

Show full item record



Files in this item

Creative Commons Attribution
(CC BY) license Except where otherwise noted, this item's license is described as Creative Commons Attribution (CC BY) license
2013 Universidade de Vigo, Todos los derechos reservados
Calidad So9001