Autopolicy: Automated Traffic Policing for Improved IoT Network Security

TytułAutopolicy: Automated Traffic Policing for Improved IoT Network Security
Publication TypeJournal Article
Rok publikacji2020
AutorzyForemski P, Nowak S, Fröhlich P, Hernández-Ramos JLuis, Baldini G
JournalSensors
Volume20(15), 4265
Date Published 30 July 2020
Type of ArticleJournal article
Other Numbershttps://doi.org/10.3390/s20154265
Słowa kluczoweInternet of Things; Security; Sensor Networks; Traffic Policing; Distributed Denial of Service; Packet Filtering; Firewall; Software-Defined Networking
Abstract

A 2.3Tbps DDoS attack was recently mitigated by Amazon, which is a new record after the 2018 GitHub attack, or the famous 2016 Dyn DNS attack launched from hundreds of thousands of hijacked IoT devices. These attacks may disrupt the lives of billions of people worldwide, as we increasingly rely on the Internet. In this paper, we tackle the problem that hijacked IoT devices are often the origin of these attacks. With the goal of protecting the Internet and local networks, we propose Autopolicy: a system that automatically limits the IP traffic bandwidth - and other network resources - available to IoT devices in a particular network. We make use of the fact that devices such as sensors, cameras, and smart home appliances rarely need their high-speed network interfaces for normal operation. We present a simple yet flexible architecture for Autopolicy, specifying its functional blocks, message sequences, and general operation in a Software Defined Network. We present experimental validation results, and release a prototype open source implementation.

DOI10.3390/s20154265