Research Area:  Software Defined Networks
The increase of Software Defined Networks (SDN) and Network Function Virtualization (NFV) technologies is bringing many security management benefits that can be exploited at the edge of Internet of Things (IoT) networks to deal with cyber-threats. In this sense, this paper presents and evaluates a novel policy-based and cyber-situational awareness security framework for continuous and dynamic management of Authentication, Authorization, Accounting (AAA) as well as Channel Protection virtual security functions in IoT networks enabled with SDN/NFV. The virtual AAA, including network authenticators, are deployed as VNF (Virtual Network Function) dynamically at the edge, in order to enable scalable device’s bootstrapping and managing the access control of IoT devices to the network. In addition, our solution allows distributing dynamically the necessary crypto-keys for IoT Machine to Machine (M2M) communications and deploy virtual Channel-protection proxys as VNFs, with the aim of establishing secure tunnels among IoT devices and services, according to the contextual decisions inferred by the cognitive framework. The solution has been implemented and evaluated, demonstrating its feasibility to manage dynamically AAA and channel protection in SDN/NFV-enabled IoT scenarios.
Keywords:  
IoT
SDN
NFV
channel protection
bootstrapping
AAA
security policies
Author(s) Name:  Alejandro Molina Zarca, Dan Garcia-Carrillo, Jorge Bernal Bernabe, Jordi Ortiz, Rafael Marin-Perez and Antonio Skarmeta
Journal name:   Sensors
Conferrence name:  
Publisher name:  MDPI
DOI:  10.3390/s19020295
Volume Information:  Volume 19,Issue 2
Paper Link:   https://www.mdpi.com/1424-8220/19/2/295