Show simple item record

dc.contributor.authorFebro, Aldo
dc.contributor.authorXiao, Hannan
dc.contributor.authorSpring, William Joseph
dc.contributor.authorChristianson, Bruce
dc.date.accessioned2021-12-23T11:30:02Z
dc.date.available2021-12-23T11:30:02Z
dc.date.issued2022-02-11
dc.identifier.citationFebro , A , Xiao , H , Spring , W J & Christianson , B 2022 , ' Edge Security for SIP-enabled IoT Devices with P4 ' , Computer Networks , vol. 203 , 108698 . https://doi.org/10.1016/j.comnet.2021.108698
dc.identifier.issn1389-1286
dc.identifier.otherPURE: 26464146
dc.identifier.otherPURE UUID: 380df788-cc9b-45a5-b632-0e3e507fd8a9
dc.identifier.otherORCID: /0000-0002-2251-2838/work/105287303
dc.identifier.otherScopus: 85121325094
dc.identifier.urihttp://hdl.handle.net/2299/25276
dc.description© 2021 Elsevier B.V. All rights reserved. This is the accepted manuscript version of an article which has been published in final form at https://doi.org/10.1016/j.comnet.2021.108698
dc.description.abstractThe exponential growth of IoT devices poses security concerns, in part because they provide a fertile breeding ground for botnets. For example, the Mirai botnet infected almost 65,000 devices in its first 20 hours. With the prevalence of Session Initiation Protocol (SIP) phones and devices on the networks today, the attacker could easily target and recruit these IoT devices as bots. Conventional network security measures do not provide adequate attack prevention, detection, and mitigation for these widely distributed IoT devices. This paper presents microVNF, a Virtualized Network Function (VNF) that leverages the programmable data plane feature on the edge switch. Based on knowledge gained from the Mirai botnet incident and following the defense-in-depth principle, microVNF protects IoT devices against SIP DDoS attacks in two stages: before and after infection. Prior to infection, it protects against SIP scanning, enumeration, and dictionary attacks. After infection, microVNF blocks botnet registration attempts to the command-and-control (CNC) server, thereby preventing the botnet from receiving commands sent from the CNC server, and detects and mitigates botnet SIP DDoS attacks. We conducted six experiments that involved using popular attack tools against microVNF, and it successfully performed deep-packet inspection of unencrypted SIP packets so as to track anomalies from a typical SIP state-machine. In this use case, besides providing physical connectivity to the IoT devices, the edge switch containing microVNF also provides the first line of defense in stopping malicious packets from propagating upstream to the core network. In addition to securing SIP, the microVNF approach can be adapted to other text-based, application-layer protocols such as HTTP and SMTP. MicroVNF leverages the native capability of programmable data planes without depending on external devices, thereby making this approach practical for securing edge-computing environments against application-layer attacks.en
dc.format.extent25
dc.language.isoeng
dc.relation.ispartofComputer Networks
dc.subjectSIP, DDoS, Dictionary attack, IoT, P4, VNF, SIPVicious, Edge Computing
dc.titleEdge Security for SIP-enabled IoT Devices with P4en
dc.contributor.institutionDepartment of Computer Science
dc.contributor.institutionSchool of Physics, Engineering & Computer Science
dc.contributor.institutionCentre for Computer Science and Informatics Research
dc.description.statusPeer reviewed
dc.date.embargoedUntil2023-12-14
dc.relation.schoolSchool of Physics, Engineering & Computer Science
dcterms.dateAccepted2021-12-14
rioxxterms.versionAM
rioxxterms.versionofrecordhttps://doi.org/10.1016/j.comnet.2021.108698
rioxxterms.typeJournal Article/Review
herts.preservation.rarelyaccessedtrue


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record