Securing Iot-Based Smart Systems using SDSEC

Abstract

Smart home technology, also known as home automation system allows the homeowner and residents to control and monitor the smart devices like HVAC, fridge, doors, cameras etc. These features offer peace of mind to users by providing a safe and well-suited environment. However, at the same time the connected devices are exploited by the cybercriminals for carrying out various sophisticated attacks due to no or minimal security functionalities in the currently produced smart devices. Due to no/default authentication and plain text data transmission, intruders can get user profiles, learn user behavior, and can even inject malwares in the un-authenticated devices. Therefore, authentication and privacy preserving user queries remain the key issues in wide adaptation of such technologies. Unauthorized access and leakage of unsecured data can have devastating effects. Current smart home solutions like Samsung Smart Things, Alexa, and Google Home provide smart functionalities via the open network i.e., Internet. If any user/customer wants security and privacy of smart devices functionalities and data, he/she must pay to subscribing for security services. Furthermore, either new gadgets need to be installed along with existing infrastructure or cloud security services must be purchased with the above-mentioned smart systems to augment security causing communication overhead, configuration, management, programmability, and financial issues. Traditional enforcement mechanisms are unlikely to be effective in IoT deployments for several reasons. First, there are no host-based defenses (e.g., antivirus) solutions due to resource constraints on these devices and the lack of a common programming environment or operating systems. Second, unlike traditional IT devices, IoT devices lack effective automated software updates. The current process of patching IoT vulnerabilities is via manual firmware updates, and that too per device/vendor. Unfortunately, due to the longevity of IoT devices, software updates will likely be unavailable (e.g., vendor may not support updates or no longer exist) or be too late to prevent early exploits. Third, due to vendor specific security devices (closed source) the management, configuration, patch, and programmability issues remain the biggest hurdles in traditional security systems. Therefore, the traditional security solutions like antiviruses, IDS, and IPS systems cannot be deployed in the smart systems and low processing devices. Apropos, to overcome the security issues of smart devices, a network level, lightweight cryptographic security mechanism is necessitated where the processing is done at the centralized network level middle box to provide flexible network view and ease programmability, and management issues. Solutions like cloud and fog technologies works with traditional security solutions. In this aspect, the evolving networking paradigm Software Defined Networking (SDN) offers properties like programmability, agility, centralized management, and vendor neutrality, that overcome the conventional networking control, management, and security problems. The SDN controller at the control layer manages all the computation and complexities of the network. Any network and security service can be orchestrated at the controller with the flexibility of dynamic change/configuration management. For this purpose, to offer security services to smart homes, Software Defined Security (SDSec), a sub domain of Software defined Systems (SDSys) is utilized that abstracts the security functionalities logic from underlying hardware and place them at controller just like SDN. In this research we present an anonymous lightweight authentication and privacy preserving communication module for SDN enabled smart homes, which aims at provisioning authentication to users and smart devices, privacy of data (rest/transit), and user service queries. It thwarts the learning and modification of data by any intruder during the transmission of data and also features mutual authentication of user, controller and smart device. The proposed scheme, also offer privacy preserving user queries for the smart homes. This is achieved by proposing a symmetric key based lightweight authentication and searchable encrypted queries protocol module hosted at controller. It is highlighted through the experimental results that efficacy and usefulness of the proposed scheme is much better, when compared with existing secure smart home/system protocols.