Report available! Software Defined Networks based Security Architecture for IoT Infrastructures

Prof. Vijay Varadharajan from the Faculty of Engineering and Built Environment at The University of Newcastle has completed the report for one of the grants that was allocated for implementation in 2018, titled “Software Defined Networks based Security Architecture for IoT Infrastructures”.

The project developed fine granular security policies and a lightweight security protocol to authenticate IoT devices and authorise them to access services in network infrastructure in a secure manner. The project involved three stages:

  • In the first stage, the project team conducted a detailed study of security attacks on IoT infrastructures and the different security solutions that currently exist to counteract the various types of attacks. Then, analysed the pros and cons of the existing solutions, and developed security requirements that need to be addressed in designing security architecture for IoT Applications.
  • As part of second stage, the team developed a lightweight authentication protocol based on a novel public key encryption scheme. The proposed protocol achieved a balance between the efficiency and communication cost without sacrificing security.
  • In the third stage, the team proposed a SDN based security architecture for IoT systems. Their security architecture allowed specification of fine granular access policy constraints on communications between end users, devices and services in a distributed environment. A novel feature of the proposed architecture is its ability to specify path based security policies, which is a distinct advantage in SDNs.

The report is publicly available here:

https://isif.asia/software-defined-networks-based-security-architecture-for-iot-infrastructures/

Two tools available for network operators for rapid detection of BGP anomalies

Evaluating BGP Replay Tool (BRT) using generated BGP updates and past BGP events

The Centre for Advanced Internet Architectures (CAIA) from the Swinburne University of Technology, explored a new technique that quickly detects different BGP anomalies as part of their Internet Operations Research Grant they received from ISIF Asia during 2016 and implemented during 2017.

The Internet’s default inter-domain routing protocol, the Border Gateway Protocol (BGP) is vulnerable to different types of anomalies such as hijacking, misconfiguration, and Denial of Service (DoS) attacks. Although considerable research has been carried out into BGP anomalies, existing approaches were not able to mitigate or identify BGP misconfiguration and lack of ground truth time stamps for BGP events.

In this project, CAIA’s team introduced two new tools, real-time BGP Anomaly Detection Tool (RTBADT) and BGP Replay Tool (BRT), to detect BGP anomalies in real-time. Specifically, RTBADT can be used by ISP operators to monitor and detect BGP anomalies through peering it with the intended peer AS, while BRT is able to replay past BGP updates with time-stamps. These tools enable network operators to protect their network from the worst consequence and mitigate the threats of Internet stability.

Read their technical report to find more about the outcomes of this research project and its contribution to support network operators https://application.isif.asia/theme/default/files/ISIFAsia_2016_Grants_TechReport_SwinburneUni_AU_BGPResearch.pdf

Building Realistic Simulator to Enhance Internet Satellite Links in the Pacific Islands

Remote locations such as many Pacific Islands face a significant challenge to access reliable and fast Internet connectivity. Shared narrowband Internet satellite links are a staple in many islands of the South Pacific. They often underperform due to the difficulties that the dominant Internet transport protocol TCP faces in estimating the available capacity across the link.

ISIF Asia 2016 Grant recipient, The University of Auckland, has built a simulator capable of replicating the demand profile and other conditions encountered on such links in order to be able to study potential solutions to the problem, such as network coding or performance enhancing proxies.

UoA satellite simulator
UoA satellite simulator

Thanks to the funds from the ISIF Asia grant, the project team developed tools to automate the experimentation process, including scripts that configure the link emulator, the “island clients” and the “world servers” (a combined total of over 100 machines), any encoders, decoders, and performance enhancing proxies.

Read their technical report to have more details of this research project at https://application.isif.asia/theme/default/files/ISIFAsia_2016_Grants_TechReport_UoA_SimulationSatPAC.pdf