Secure and Scalable IoT: An IoT Network Platform Based on Network Overlay and MAC Security

Junwon Lee; Heejo Lee

doi:10.1007/978-3-030-78120-0_19

Secure and Scalable IoT: An IoT Network Platform Based on Network Overlay and MAC Security

Junwon Lee, Heejo Lee

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

IoT, which is closely connected with our daily life, shows high growth in the automotive, healthcare, and retail fields. IoT security threats can cause severe problems in our lives. However, the security of the IoT network is insufficient to cope with security threats. Therefore, an attacker can use man-in-the-middle-attacks (MITM), DNS manipulation, and route tampering for eavesdropping, privacy breach, service outages and delay, power consumption, and system manipulation. Currently, VPN and data encryption is applied to protect the IoT network from these security threats. However, due to the limited resources of IoT device, the TCP/IP-based VPN and encryption are also limited. Although a lightweight IoT communication protocol such as LoWPAN is used, TCP/IP-based VPN such as IPsec, OpenVPN, and Wireguard require bandwidth, CPU/memory, and electric power at the level of general endpoint devices. In this paper, we propose a secure and scalable IoT (SSI) network platform that can prevent security threats while minimizing use of computing resources of an IoT device. SSI, which has a lower load than TCP/IP-based VPN, is a layer 2 VPN and supply data link frame encryption. L2TP and VXLAN are provided for a scalable layer 2 VPN, and the MACsec algorithm encrypts layer 2 frames. SSI shows 30% network speed improvement and 31.6% CPU usage reduction compared to IoT network applied OpenVPN.

Original language	English
Title of host publication	ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings
Editors	Audun Jøsang, Lynn Futcher, Janne Hagen
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	287-301
Number of pages	15
ISBN (Print)	9783030781194
DOIs	https://doi.org/10.1007/978-3-030-78120-0_19
Publication status	Published - 2021
Event	36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021 - Virtual, Online Duration: 2021 Jun 22 → 2021 Jun 24

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	625
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021
City	Virtual, Online
Period	21/6/22 → 21/6/24

Bibliographical note

Publisher Copyright:
© 2021, IFIP International Federation for Information Processing.

Keywords

IoT platform
L2TP
MACsec
Network overlay
Network separation
VXLAN

ASJC Scopus subject areas

Information Systems and Management

Access to Document

10.1007/978-3-030-78120-0_19

Cite this

Lee, J., & Lee, H. (2021). Secure and Scalable IoT: An IoT Network Platform Based on Network Overlay and MAC Security. In A. Jøsang, L. Futcher, & J. Hagen (Eds.), ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings (pp. 287-301). (IFIP Advances in Information and Communication Technology; Vol. 625). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-78120-0_19

Secure and Scalable IoT: An IoT Network Platform Based on Network Overlay and MAC Security. / Lee, Junwon; Lee, Heejo.
ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings. ed. / Audun Jøsang; Lynn Futcher; Janne Hagen. Springer Science and Business Media Deutschland GmbH, 2021. p. 287-301 (IFIP Advances in Information and Communication Technology; Vol. 625).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, J & Lee, H 2021, Secure and Scalable IoT: An IoT Network Platform Based on Network Overlay and MAC Security. in A Jøsang, L Futcher & J Hagen (eds), ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings. IFIP Advances in Information and Communication Technology, vol. 625, Springer Science and Business Media Deutschland GmbH, pp. 287-301, 36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021, Virtual, Online, 21/6/22. https://doi.org/10.1007/978-3-030-78120-0_19

Lee J, Lee H. Secure and Scalable IoT: An IoT Network Platform Based on Network Overlay and MAC Security. In Jøsang A, Futcher L, Hagen J, editors, ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2021. p. 287-301. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-030-78120-0_19

Lee, Junwon ; Lee, Heejo. / Secure and Scalable IoT : An IoT Network Platform Based on Network Overlay and MAC Security. ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings. editor / Audun Jøsang ; Lynn Futcher ; Janne Hagen. Springer Science and Business Media Deutschland GmbH, 2021. pp. 287-301 (IFIP Advances in Information and Communication Technology).

@inproceedings{783ca76991be4e7bae75e5b3f4b4067d,

title = "Secure and Scalable IoT: An IoT Network Platform Based on Network Overlay and MAC Security",

abstract = "IoT, which is closely connected with our daily life, shows high growth in the automotive, healthcare, and retail fields. IoT security threats can cause severe problems in our lives. However, the security of the IoT network is insufficient to cope with security threats. Therefore, an attacker can use man-in-the-middle-attacks (MITM), DNS manipulation, and route tampering for eavesdropping, privacy breach, service outages and delay, power consumption, and system manipulation. Currently, VPN and data encryption is applied to protect the IoT network from these security threats. However, due to the limited resources of IoT device, the TCP/IP-based VPN and encryption are also limited. Although a lightweight IoT communication protocol such as LoWPAN is used, TCP/IP-based VPN such as IPsec, OpenVPN, and Wireguard require bandwidth, CPU/memory, and electric power at the level of general endpoint devices. In this paper, we propose a secure and scalable IoT (SSI) network platform that can prevent security threats while minimizing use of computing resources of an IoT device. SSI, which has a lower load than TCP/IP-based VPN, is a layer 2 VPN and supply data link frame encryption. L2TP and VXLAN are provided for a scalable layer 2 VPN, and the MACsec algorithm encrypts layer 2 frames. SSI shows 30% network speed improvement and 31.6% CPU usage reduction compared to IoT network applied OpenVPN.",

keywords = "IoT platform, L2TP, MACsec, Network overlay, Network separation, VXLAN",

author = "Junwon Lee and Heejo Lee",

note = "Publisher Copyright: {\textcopyright} 2021, IFIP International Federation for Information Processing.; 36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021 ; Conference date: 22-06-2021 Through 24-06-2021",

year = "2021",

doi = "10.1007/978-3-030-78120-0_19",

language = "English",

isbn = "9783030781194",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "287--301",

editor = "Audun J{\o}sang and Lynn Futcher and Janne Hagen",

booktitle = "ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Secure and Scalable IoT

T2 - 36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021

AU - Lee, Junwon

AU - Lee, Heejo

PY - 2021

Y1 - 2021

N2 - IoT, which is closely connected with our daily life, shows high growth in the automotive, healthcare, and retail fields. IoT security threats can cause severe problems in our lives. However, the security of the IoT network is insufficient to cope with security threats. Therefore, an attacker can use man-in-the-middle-attacks (MITM), DNS manipulation, and route tampering for eavesdropping, privacy breach, service outages and delay, power consumption, and system manipulation. Currently, VPN and data encryption is applied to protect the IoT network from these security threats. However, due to the limited resources of IoT device, the TCP/IP-based VPN and encryption are also limited. Although a lightweight IoT communication protocol such as LoWPAN is used, TCP/IP-based VPN such as IPsec, OpenVPN, and Wireguard require bandwidth, CPU/memory, and electric power at the level of general endpoint devices. In this paper, we propose a secure and scalable IoT (SSI) network platform that can prevent security threats while minimizing use of computing resources of an IoT device. SSI, which has a lower load than TCP/IP-based VPN, is a layer 2 VPN and supply data link frame encryption. L2TP and VXLAN are provided for a scalable layer 2 VPN, and the MACsec algorithm encrypts layer 2 frames. SSI shows 30% network speed improvement and 31.6% CPU usage reduction compared to IoT network applied OpenVPN.

AB - IoT, which is closely connected with our daily life, shows high growth in the automotive, healthcare, and retail fields. IoT security threats can cause severe problems in our lives. However, the security of the IoT network is insufficient to cope with security threats. Therefore, an attacker can use man-in-the-middle-attacks (MITM), DNS manipulation, and route tampering for eavesdropping, privacy breach, service outages and delay, power consumption, and system manipulation. Currently, VPN and data encryption is applied to protect the IoT network from these security threats. However, due to the limited resources of IoT device, the TCP/IP-based VPN and encryption are also limited. Although a lightweight IoT communication protocol such as LoWPAN is used, TCP/IP-based VPN such as IPsec, OpenVPN, and Wireguard require bandwidth, CPU/memory, and electric power at the level of general endpoint devices. In this paper, we propose a secure and scalable IoT (SSI) network platform that can prevent security threats while minimizing use of computing resources of an IoT device. SSI, which has a lower load than TCP/IP-based VPN, is a layer 2 VPN and supply data link frame encryption. L2TP and VXLAN are provided for a scalable layer 2 VPN, and the MACsec algorithm encrypts layer 2 frames. SSI shows 30% network speed improvement and 31.6% CPU usage reduction compared to IoT network applied OpenVPN.

KW - IoT platform

KW - L2TP

KW - MACsec

KW - Network overlay

KW - Network separation

KW - VXLAN

UR - http://www.scopus.com/inward/record.url?scp=85111364970&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-78120-0_19

DO - 10.1007/978-3-030-78120-0_19

M3 - Conference contribution

AN - SCOPUS:85111364970

SN - 9783030781194

T3 - IFIP Advances in Information and Communication Technology

SP - 287

EP - 301

BT - ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings

A2 - Jøsang, Audun

A2 - Futcher, Lynn

A2 - Hagen, Janne

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 22 June 2021 through 24 June 2021

ER -

Secure and Scalable IoT: An IoT Network Platform Based on Network Overlay and MAC Security

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this