Edge security for SIP-enabled IoT devices with P4

Edge security for SIP-enabled IoT devices with P4

The exponential growth of IoT devices poses security concerns, in part because they provide a fertile breeding ground for botnets. For example, the Mirai botnet infected almost 65,000 devices in its first 20 h. With the prevalence of Session Initiation Protocol (SIP) phones and devices on the networ...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2022-02, Vol.203, p.108698, Article 108698
Hauptverfasser: Febro, Aldo, Xiao, Hannan, Spring, Joseph, Christianson, Bruce
Format: Artikel
Sprache:eng
Schlagworte:
Anomalies
Breeding grounds
Command and control
Cybersecurity
DDoS
Denial of service attacks
Dictionary attack
Edge computing
Enumeration
Infections
Inspection
IoT
Malware
Network security
Packets (communication)
Servers
SIP
SIPVicious
State machines
VNF
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The exponential growth of IoT devices poses security concerns, in part because they provide a fertile breeding ground for botnets. For example, the Mirai botnet infected almost 65,000 devices in its first 20 h. With the prevalence of Session Initiation Protocol (SIP) phones and devices on the networks today, the attacker could easily target and recruit these IoT devices as bots. Conventional network security measures do not provide adequate attack prevention, detection, and mitigation for these widely distributed IoT devices. This paper presents microVNF, a Virtualized Network Function (VNF) that leverages the programmable data plane feature on the edge switch. Based on knowledge gained from the Mirai botnet incident and following the defense-in-depth principle, microVNF protects IoT devices against SIP DDoS attacks in two stages: before and after infection. Prior to infection, it protects against SIP scanning, enumeration, and dictionary attacks. After infection, microVNF blocks botnet registration attempts to the command-and-control (CNC) server, thereby preventing the botnet from receiving commands sent from the CNC server, and detects and mitigates botnet SIP DDoS attacks. We conducted six experiments that involved using popular attack tools against microVNF, and it successfully performed deep-packet inspection of unencrypted SIP packets so as to track anomalies from a typical SIP state-machine. In this use case, besides providing physical connectivity to the IoT devices, the edge switch containing microVNF also provides the first line of defense in stopping malicious packets from propagating upstream to the core network. In addition to securing SIP, the microVNF approach can be adapted to other text-based, application-layer protocols such as HTTP and SMTP. MicroVNF leverages the native capability of programmable data planes without depending on external devices, thereby making this approach practical for securing edge-computing environments against application-layer attacks.
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2021.108698