Softwarized IoT Network Immunity Against Eavesdropping With Programmable Data Planes

State-of-the-art mechanisms against eavesdropping first encrypt all packet payloads in the application layer and then split the packets into multiple network paths. However, versatile eavesdroppers could simultaneously intercept several paths to intercept all the packets, classify the packets into s...

Full description

Saved in:
Bibliographic Details
Published in:IEEE internet of things journal 2021-04, Vol.8 (8), p.6578-6590
Main Authors: Liu, Gang, Quan, Wei, Cheng, Nan, Gao, Deyun, Lu, Ning, Zhang, Hongke, Shen, Xuemin
Format: Article
Language:English
Subjects:
Algorithms
Classification
Classification algorithms
Cryptography
Eavesdropping
Eavesdropping attacks
Encryption
Headers
Immunity
Internet of Things
network immune scheme
Packets (communication)
Payloads
programming protocol-independent packet processors (P4)
Protocols
Streams
three lines of defenses
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:State-of-the-art mechanisms against eavesdropping first encrypt all packet payloads in the application layer and then split the packets into multiple network paths. However, versatile eavesdroppers could simultaneously intercept several paths to intercept all the packets, classify the packets into streams using transport fields, and analyze the streams by brute-force. In this article, we propose a programming protocol-independent packet processors (P4)-based network immune scheme (P4NIS) against the intractable eavesdropping. Specifically, P4NIS is equipped with three lines of defenses to provide a softwarized network immunity. Packets are successively processed by the third, second, and first line of defenses. The third line basically encrypts all packet payloads in the application layer using cryptographic mechanisms. Additionally, the second line re-encrypts all packet headers in the transport layer to distribute the packets from one stream into different streams, and disturbs eavesdroppers to classify the packets correctly. Besides, the second line adopts a programmable design for dynamically changing encryption algorithms. Complementally, the first line uses programmable forwarding policies which could split all the double-encrypted packets into different network paths disorderly. Using a paradigm of programmable data planes-P4, we implement P4NIS and evaluate its performances. Experimental results show that P4NIS can increase difficulties of eavesdropping and transmission throughput effectively compared with state-of-the-art mechanisms. Moreover, if P4NIS and state-of-the-art mechanisms have the same level of defending eavesdropping, P4NIS can decrease the encryption cost by 69.85%-81.24%.
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2020.3048842