TY - GEN
T1 - Secure and Scalable IoT
T2 - 36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021
AU - Lee, Junwon
AU - Lee, Heejo
N1 - Publisher Copyright:
© 2021, IFIP International Federation for Information Processing.
PY - 2021
Y1 - 2021
N2 - IoT, which is closely connected with our daily life, shows high growth in the automotive, healthcare, and retail fields. IoT security threats can cause severe problems in our lives. However, the security of the IoT network is insufficient to cope with security threats. Therefore, an attacker can use man-in-the-middle-attacks (MITM), DNS manipulation, and route tampering for eavesdropping, privacy breach, service outages and delay, power consumption, and system manipulation. Currently, VPN and data encryption is applied to protect the IoT network from these security threats. However, due to the limited resources of IoT device, the TCP/IP-based VPN and encryption are also limited. Although a lightweight IoT communication protocol such as LoWPAN is used, TCP/IP-based VPN such as IPsec, OpenVPN, and Wireguard require bandwidth, CPU/memory, and electric power at the level of general endpoint devices. In this paper, we propose a secure and scalable IoT (SSI) network platform that can prevent security threats while minimizing use of computing resources of an IoT device. SSI, which has a lower load than TCP/IP-based VPN, is a layer 2 VPN and supply data link frame encryption. L2TP and VXLAN are provided for a scalable layer 2 VPN, and the MACsec algorithm encrypts layer 2 frames. SSI shows 30% network speed improvement and 31.6% CPU usage reduction compared to IoT network applied OpenVPN.
AB - IoT, which is closely connected with our daily life, shows high growth in the automotive, healthcare, and retail fields. IoT security threats can cause severe problems in our lives. However, the security of the IoT network is insufficient to cope with security threats. Therefore, an attacker can use man-in-the-middle-attacks (MITM), DNS manipulation, and route tampering for eavesdropping, privacy breach, service outages and delay, power consumption, and system manipulation. Currently, VPN and data encryption is applied to protect the IoT network from these security threats. However, due to the limited resources of IoT device, the TCP/IP-based VPN and encryption are also limited. Although a lightweight IoT communication protocol such as LoWPAN is used, TCP/IP-based VPN such as IPsec, OpenVPN, and Wireguard require bandwidth, CPU/memory, and electric power at the level of general endpoint devices. In this paper, we propose a secure and scalable IoT (SSI) network platform that can prevent security threats while minimizing use of computing resources of an IoT device. SSI, which has a lower load than TCP/IP-based VPN, is a layer 2 VPN and supply data link frame encryption. L2TP and VXLAN are provided for a scalable layer 2 VPN, and the MACsec algorithm encrypts layer 2 frames. SSI shows 30% network speed improvement and 31.6% CPU usage reduction compared to IoT network applied OpenVPN.
KW - IoT platform
KW - L2TP
KW - MACsec
KW - Network overlay
KW - Network separation
KW - VXLAN
UR - http://www.scopus.com/inward/record.url?scp=85111364970&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-78120-0_19
DO - 10.1007/978-3-030-78120-0_19
M3 - Conference contribution
AN - SCOPUS:85111364970
SN - 9783030781194
T3 - IFIP Advances in Information and Communication Technology
SP - 287
EP - 301
BT - ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings
A2 - Jøsang, Audun
A2 - Futcher, Lynn
A2 - Hagen, Janne
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 22 June 2021 through 24 June 2021
ER -