IoT Security via Address Shuffling: The Easy Way

Securing Internet of Things (IoT) devices and protecting their applications from privacy leaks is a challenge, due to their weak (computational and storage) capabilities, and their proximity with sensitive data. Considering the resource-constrains of such devices, their long lifetime, and the intermittent connections, classical security approaches are often too difficult or impractical to apply. Moving target defense is an established technique whose goal is to lower the attack surface to malicious users by constantly modifying device footprint. Changing the address to an IoT device without privacy leaks is, however, a nontrivial task. In this paper, we propose a novel method to perform a network-wide (Internet protocol and medium access control) address shuffling procedure, called address shuffling algorithm with HMAC (AShA), which is simple to implement, and whose network overhead is minimal. To demonstrate its effectiveness, we analyze our approach via theoretical analysis and simulations. Our analysis shows how AShA parameters can be adapted to various network sizes while our simulations results show how AShA can be used to successfully perform a global collision-free address renewal on networks of more than 2000 nodes using 16-bit addresses.