IoT itself is a heterogeneous network, in which hundreds of various networking technologies and applications are supposed to involve. Due to this diversity, there are enormous challenges to address the security attacks in a general case, i.e., the vulnerabilities and exploitation techniques are supposed to be much different for each network layer or only available in specific devices. Fig. 1.4.1 illustrates such a general network model. From the communication perspective, this model also reveals a common scheme: IoT devices are supposed to connect to the Internet through a cellular infrastructure and MEC. To address two typical attacks in this network model, we first propose a general defense architecture. Specific implementations of the architecture for each IoT application will be presented separately in later chapters. In principle, the problems and challenges of designing the defense framework and its detection/verification components to address each attack type can be grouped into a general problem and two specific issues as below.
Figure 1.4.1: The general network model and the security attacks. From the communication perspective, this model also reveals a common scheme: IoT devices are supposed to connect to the Internet through a cellular infrastructure.
General problem (Security defense architecture). From the design perspective, there are many approaches to detect/prevent cybsecurity attacks. Host-based, network-based or hybrid frameworks are already common in legacy networks and supposed to still play an important role in IoT [17], [20], [21]. However, due to the diversity of devices, protocols, and stakeholders 6 accessing the networks in IoT, these models still require significant changes. For example, in the large networks like IoT, the methods relying on modifying the core functions of routers or well-established protocols [10], [22], [23] are not likely the first options, if not impossible, to deploy or maintain in practice due to the cost (capital expenditures). The appearance of new technologies such as network slicing at Radio Access Network (RAN) and MEC also promises to make the moving of detection to the near the source feasible than ever. Unfortunately, so far, designing a robust and implementable security platform on such enabling technologies still poses various challenges. For example, the new system must deal well with not only detecting the attacks on the devices itself but also support to extend the features, maintain the updates and handle the remote control over many local/regional detectors located at distributed geographical areas. The other challenges can be:
(a) The time of communication among network nodes in several IoT applications such as autonomous driving is potentially very short 7. This short connection can create huge troubles for the conventional detection mechanisms, e.g., the accuracy or even data collection.
6including service providers, tenants, and end-users
(b) The system must deal with possibly explosive traffic situations, e.g., DDoS or from hundreds of V2V connections in real-time. This challenge increases the pressure for the scalability requirement of any solution.
(c) Data come from multiple sources with various reliability and availability for usage.
A wrong data source selection can accidentally disable the effectiveness of a powerful protection system since the attacker can intentionally infect the false data in such sources.
(d) Stringent requirement of a fast response to the attacks; otherwise, loss of life may cause seriously, e.g., in autonomous driving.
As the key part of the research, we detail our conceptual defense architecture for IoT, main modules, workflow model, and our clarification on the difference between our approach with the legacy work in Chapter 3. Note that the involvement of MEC in major of components of our architecture is one of the promising features to bring up the feasibility of our solution in satisfying high-performance and low-latency applications such as V2X App. Our published papers contributing to this part include [6], [8], [25].
Besides the conceptual architecture, implementing it for the specific environment to address the relevant attacks is also a critical task and our major efforts in this work.
Specifically, the issues about the implementation of the proposal defense architecture for two typical attacks can be organized into two specific problems as follows.
Specific problem 1(Detecting Distributed denial-of-service (DDoS) attack in IoT mobile networks): In this problem, the IoT devices are assumed to connect to the cellular network and a botnet of hundred thousands of IoT devices is supposed to create a volume attack (flooding the redundant traffic) against a victim, e.g., a website or critical server. The target of these attack types is to consume all resources of the victim servers or bandwidth of the network near the victim. For DDoS defense, a lot of studies have been done over the decades. However, to this research, we focus on dealing with the attackers on the mobile networks, even that they are moving. The goal is to filter as many redundant traffic as possible, particularly near the source. The challenges for solving this problem include:
(a) The system must deal with high mobility UEs and the issues of the hand-over process in cellular networks.
(b) The spoofing traffic must be filtered before they pour to the core network.
(c) The system must be able to handle the attacks of hundred thousands of IoT devices
without degrading the network performance or significantly requiring more resources.
Addressing this problem in Chapter 4, we provide a detailed overview of the state-of-the-art DDoS defense and techniques and then clarify the difference in our approach along with inherent concepts. Besides, we also detail the structure, main module and workflow model of the DDoS defense mechanism. Our published papers contributing to this part include [6], [25].
Specific Problem 2 (Misbehavior detection in 5G V2X (IoT connected vehicle) ): After DDOS defense, for several applications, e.g., vehicular communication, the passing traffic requires more treatment. Specifically, that is to verify the truthfulness of the received messages, whether the location in Basic-safety messages (BSM) is correct as claimed. The truthfulness of sharing data is the key factor 8 for promoting the reliability and safety in the cooperative driving model of autonomous vehicles. For the sake of safety driving, sharing information is inevitable in many cases, e.g., the vehicles are moving in a blind crossing area where their camera or active radar system may not be useful. In such cases, V2X-supported vehicles are usually required to exchange beacon messages periodically that incorporate user-specific information such as location and speed to maintain cooperative awareness, e.g., the safe inter-vehicle spacing. However, leveraging the anonymity9, a compromised vehicle may intentionally disseminate false location data to fool the receivers in adjusting the position wrongly, which can lead to dangerous situations such as rear-end collision accidents. During the cooperative driving mode, since a connected vehicle’s decision-making process depends highly on the incoming V2X messages, it is crucial that the vehicle can detect and filter the false data. The challenges for solving this problem include:
(a) The system must address the reliable source information for misbehavior analysis.
(b) A detection mechanism should not rely on the honest majority rule, i.e., the detection of the nearby/neighbor vehicles, since the attacker can be any of them.
(c) A misbehavior detection mechanism must work for both Light-of-Sight (LOS) and non-Light-of-Sight (NLOS) area efficiently.
The clarification of our proposal for data exchange treatment presents in Chapter 5.
8Message integrity and authentication are protected by the PKI infrastructure and specified by the standards such as SAE J1939. https://en.wikipedia.org/wiki/SAE_J1939
9We assume that the network providers will enforce the pseudonyms systems such as SCMS [26] to
Through the research, we conclude that the information exploiting from physical signals can give a good reference to verify the truthfulness of data in V2X message. Further, our approach is getting closer to a potential deployment due to the promise of 5G beamforming technology and multi-array antennas. Our work in the papers [27], [28] cover this part.
Besides the location verification approach above, we also extend the work towards a broader view: the false data can be any, instead of only the location, and the source can be from the attacker or even damaged sensors. The second issue is cooperation among multiple detectors. Normally, the vehicles should only trust the mechanisms running locally, i.e., trust itself. However, to increase the effectiveness of the system, besides the improvements on the detection mechanism itself, a potential approach is to ask the help of reliable Road-side Unit (RSU) or engines at MEC servers, which can be trusted (since they are handled by authorized agency/providers). The paper contributing to address this problem is [29].
Finally, we note that the number of detectors and verifiers in a gigantic network like IoT can be hundreds and much more. A non-trivial question is how to update such detectors without interrupting the protection. Also, we need to remotely install detectors for the on-demand devices, e.g., when the clients request. We address this issue by using the SDN-based control application and distribution mechanism based on delivering compiled filters to programmable devices. The update mechanism and evaluation are performed on the DDoS defense architecture which is presented at the end of Chapter 4 and in our published paper [25].