دانلود رایگان مقاله انگلیسی EclipseIoT: یک مرکز امن و انطباق برای اینترنت اشیا - الزویر 2018

Abstract

With the proliferation in the quantity and types of devices that may be included in an Internet of Things (IoT) ecosystem, particularly in the context of a smart home, it is essential to provide mechanisms to deal with the heterogeneity which such devices encompass. Variations can occur in data formats, frequency of operation, or type of communication protocols supported. The ability to support integration between sensors using a “hub” has become central to address many of these issues. The implementation of such a hub can provide both the ability to act as an aggregator for various sensors, and also limit an attacker’s visibility into locally provisioned sensing capability. This paper introduces EclipseIoT, an adaptive hub which uses dynamically loadable add-on modules to communicate with diverse IoT devices, provides policy-based access control, limits exposure of local IoT devices through cloaking, and offers a canary-function based capability to monitor attack behaviours. Its architecture and implementation are discussed, along with its use within a smart home testbed consisting of commercially available devices such as Phillips Hue Bridge, Samsung Smart Things Hub, TP-Link Smart Plug, and TP-Link Smart Camera. The effectiveness of EclipseIoT is further evaluated by simulating various attacks such as Address Resolution Protocol (ARP) spoofing, Media Access Control (MAC) address spoofing, Man-In-The-Middle (MITM), port scanning, capturing handshakes, sniffing, and Denial of Service (DoS). It is demonstrated that direct attacks upon EclipseIoT components are mitigated due to the security techniques being used.

Conclusion

This paper introduces EclipseIoT, a hub which aims to address IoT heterogeneity, as well as enhancing the overall security of a smart environment. The main components of EclipseIoT are both a gateway and a policy sever. The gateway is capable of communicating with each device whilst also allowing users to access their devices over a secure communications channel, addressing the heterogeneity of the IoT ecosystem. Simultaneously, the policy server maintains accountability of such access. Further mechanisms such as authentication, AES256 algorithm, sub-network configuration, and canary functions also enhance the overall security. In order to evaluate the security of the proposed hub, it was implemented and further incorporated within a home-based testbed. This included commercially available devices, to which we applied a penetration testing methodology consisting of a selection of various attacks. The results from such attacks demonstrated that EclipseIoT significantly improves the security of the heterogeneous IoT ecosystem, as it was able to mitigate against most of the attacks which affect conventional IoT networks.  However, EclipseIoT faces its limitations. Firstly, it relies on third-party providers, such as PubNub, to support some actions within the framework. If such third-parties halted their services, the actions on our framework would not be able to perform. Another limitation is the fact that the communication channels between the gateway and the user and the gateway and the policy server, are based on TLS across PubNub. The security of the system was enhanced by implementing the AES256 algorithm in addition to the TLS protocol. However, as these communications are passed over PubNub, they must be decrypted to be able to forward messages to the correct destination. When using AES alongside TLS, PubNub is not able to perform this action. Lastly, although APIs provide an accessible and user-friendly interface to access, add, and control the smart devices, they are often subjected to having limits for the number of requests that they can receive.