Loading…

Softwarized IoT Network Immunity Against Eavesdropping With Programmable Data Planes

State-of-the-art mechanisms against eavesdropping first encrypt all packet payloads in the application layer and then split the packets into multiple network paths. However, versatile eavesdroppers could simultaneously intercept several paths to intercept all the packets, classify the packets into s...

Full description

Saved in:

Bibliographic Details
Published in:	IEEE internet of things journal 2021-04, Vol.8 (8), p.6578-6590
Main Authors:	Liu, Gang, Quan, Wei, Cheng, Nan, Gao, Deyun, Lu, Ning, Zhang, Hongke, Shen, Xuemin
Format:	Article
Language:	English
Subjects:	Algorithms Classification Classification algorithms Cryptography Eavesdropping Eavesdropping attacks Encryption Headers Immunity Internet of Things network immune scheme Packets (communication) Payloads programming protocol-independent packet processors (P4) Protocols Streams three lines of defenses
Citations:	Items that this one cites Items that cite this one
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

cited_by	cdi_FETCH-LOGICAL-c293t-e8bda1b8ec1a10c641596d69e4ed0bfac3c2954ffc430b10b1c500b576aa57973
cites	cdi_FETCH-LOGICAL-c293t-e8bda1b8ec1a10c641596d69e4ed0bfac3c2954ffc430b10b1c500b576aa57973
container_end_page	6590
container_issue	8
container_start_page	6578
container_title	IEEE internet of things journal
container_volume	8
creator	Liu, Gang Quan, Wei Cheng, Nan Gao, Deyun Lu, Ning Zhang, Hongke Shen, Xuemin
description	State-of-the-art mechanisms against eavesdropping first encrypt all packet payloads in the application layer and then split the packets into multiple network paths. However, versatile eavesdroppers could simultaneously intercept several paths to intercept all the packets, classify the packets into streams using transport fields, and analyze the streams by brute-force. In this article, we propose a programming protocol-independent packet processors (P4)-based network immune scheme (P4NIS) against the intractable eavesdropping. Specifically, P4NIS is equipped with three lines of defenses to provide a softwarized network immunity. Packets are successively processed by the third, second, and first line of defenses. The third line basically encrypts all packet payloads in the application layer using cryptographic mechanisms. Additionally, the second line re-encrypts all packet headers in the transport layer to distribute the packets from one stream into different streams, and disturbs eavesdroppers to classify the packets correctly. Besides, the second line adopts a programmable design for dynamically changing encryption algorithms. Complementally, the first line uses programmable forwarding policies which could split all the double-encrypted packets into different network paths disorderly. Using a paradigm of programmable data planes-P4, we implement P4NIS and evaluate its performances. Experimental results show that P4NIS can increase difficulties of eavesdropping and transmission throughput effectively compared with state-of-the-art mechanisms. Moreover, if P4NIS and state-of-the-art mechanisms have the same level of defending eavesdropping, P4NIS can decrease the encryption cost by 69.85%-81.24%.
doi_str_mv	10.1109/JIOT.2020.3048842
format	article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2510425706</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9312141</ieee_id><sourcerecordid>2510425706</sourcerecordid><originalsourceid>FETCH-LOGICAL-c293t-e8bda1b8ec1a10c641596d69e4ed0bfac3c2954ffc430b10b1c500b576aa57973</originalsourceid><addsrcrecordid>eNpNkE1Lw0AQhhdRsNT-APGy4Dl19jPJsdSqkWILRjyGTbKpqU027m4t9deb0iLCwDuH552BB6FrAmNCIL57ThbpmAKFMQMeRZyeoQFlNAy4lPT8336JRs6tAaCvCRLLAUpfTeV3ytY_usSJSfGL9jtjP3HSNNu29ns8Wam6dR7P1Ld2pTVdV7cr_F77D7y0ZmVV06h8o_G98govN6rV7gpdVGrj9OiUQ_T2MEunT8F88ZhMJ_OgoDHzgY7yUpE80gVRBArJiYhlKWPNdQl5pQrWc4JXVcEZ5KSfQgDkIpRKiTAO2RDdHu921nxttfPZ2mxt27_MqCDAqQhB9hQ5UoU1zlldZZ2tG2X3GYHs4C87-MsO_rKTv75zc-zUWus_PmaEEk7YL3tHbAM</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2510425706</pqid></control><display><type>article</type><title>Softwarized IoT Network Immunity Against Eavesdropping With Programmable Data Planes</title><source>IEEE Electronic Library (IEL) Journals</source><creator>Liu, Gang ; Quan, Wei ; Cheng, Nan ; Gao, Deyun ; Lu, Ning ; Zhang, Hongke ; Shen, Xuemin</creator><creatorcontrib>Liu, Gang ; Quan, Wei ; Cheng, Nan ; Gao, Deyun ; Lu, Ning ; Zhang, Hongke ; Shen, Xuemin</creatorcontrib><description>State-of-the-art mechanisms against eavesdropping first encrypt all packet payloads in the application layer and then split the packets into multiple network paths. However, versatile eavesdroppers could simultaneously intercept several paths to intercept all the packets, classify the packets into streams using transport fields, and analyze the streams by brute-force. In this article, we propose a programming protocol-independent packet processors (P4)-based network immune scheme (P4NIS) against the intractable eavesdropping. Specifically, P4NIS is equipped with three lines of defenses to provide a softwarized network immunity. Packets are successively processed by the third, second, and first line of defenses. The third line basically encrypts all packet payloads in the application layer using cryptographic mechanisms. Additionally, the second line re-encrypts all packet headers in the transport layer to distribute the packets from one stream into different streams, and disturbs eavesdroppers to classify the packets correctly. Besides, the second line adopts a programmable design for dynamically changing encryption algorithms. Complementally, the first line uses programmable forwarding policies which could split all the double-encrypted packets into different network paths disorderly. Using a paradigm of programmable data planes-P4, we implement P4NIS and evaluate its performances. Experimental results show that P4NIS can increase difficulties of eavesdropping and transmission throughput effectively compared with state-of-the-art mechanisms. Moreover, if P4NIS and state-of-the-art mechanisms have the same level of defending eavesdropping, P4NIS can decrease the encryption cost by 69.85%-81.24%.</description><identifier>ISSN: 2327-4662</identifier><identifier>EISSN: 2327-4662</identifier><identifier>DOI: 10.1109/JIOT.2020.3048842</identifier><identifier>CODEN: IITJAU</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Algorithms ; Classification ; Classification algorithms ; Cryptography ; Eavesdropping ; Eavesdropping attacks ; Encryption ; Headers ; Immunity ; Internet of Things ; network immune scheme ; Packets (communication) ; Payloads ; programming protocol-independent packet processors (P4) ; Protocols ; Streams ; three lines of defenses</subject><ispartof>IEEE internet of things journal, 2021-04, Vol.8 (8), p.6578-6590</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2021</rights><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c293t-e8bda1b8ec1a10c641596d69e4ed0bfac3c2954ffc430b10b1c500b576aa57973</citedby><cites>FETCH-LOGICAL-c293t-e8bda1b8ec1a10c641596d69e4ed0bfac3c2954ffc430b10b1c500b576aa57973</cites><orcidid>0000-0001-8906-813X ; 0000-0001-7907-2071 ; 0000-0002-2141-0653 ; 0000-0001-7454-0905 ; 0000-0002-4140-287X ; 0000-0002-8641-4057 ; 0000-0001-7365-3166</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9312141$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,27924,27925,54796</link.rule.ids></links><search><creatorcontrib>Liu, Gang</creatorcontrib><creatorcontrib>Quan, Wei</creatorcontrib><creatorcontrib>Cheng, Nan</creatorcontrib><creatorcontrib>Gao, Deyun</creatorcontrib><creatorcontrib>Lu, Ning</creatorcontrib><creatorcontrib>Zhang, Hongke</creatorcontrib><creatorcontrib>Shen, Xuemin</creatorcontrib><title>Softwarized IoT Network Immunity Against Eavesdropping With Programmable Data Planes</title><title>IEEE internet of things journal</title><addtitle>JIoT</addtitle><description>State-of-the-art mechanisms against eavesdropping first encrypt all packet payloads in the application layer and then split the packets into multiple network paths. However, versatile eavesdroppers could simultaneously intercept several paths to intercept all the packets, classify the packets into streams using transport fields, and analyze the streams by brute-force. In this article, we propose a programming protocol-independent packet processors (P4)-based network immune scheme (P4NIS) against the intractable eavesdropping. Specifically, P4NIS is equipped with three lines of defenses to provide a softwarized network immunity. Packets are successively processed by the third, second, and first line of defenses. The third line basically encrypts all packet payloads in the application layer using cryptographic mechanisms. Additionally, the second line re-encrypts all packet headers in the transport layer to distribute the packets from one stream into different streams, and disturbs eavesdroppers to classify the packets correctly. Besides, the second line adopts a programmable design for dynamically changing encryption algorithms. Complementally, the first line uses programmable forwarding policies which could split all the double-encrypted packets into different network paths disorderly. Using a paradigm of programmable data planes-P4, we implement P4NIS and evaluate its performances. Experimental results show that P4NIS can increase difficulties of eavesdropping and transmission throughput effectively compared with state-of-the-art mechanisms. Moreover, if P4NIS and state-of-the-art mechanisms have the same level of defending eavesdropping, P4NIS can decrease the encryption cost by 69.85%-81.24%.</description><subject>Algorithms</subject><subject>Classification</subject><subject>Classification algorithms</subject><subject>Cryptography</subject><subject>Eavesdropping</subject><subject>Eavesdropping attacks</subject><subject>Encryption</subject><subject>Headers</subject><subject>Immunity</subject><subject>Internet of Things</subject><subject>network immune scheme</subject><subject>Packets (communication)</subject><subject>Payloads</subject><subject>programming protocol-independent packet processors (P4)</subject><subject>Protocols</subject><subject>Streams</subject><subject>three lines of defenses</subject><issn>2327-4662</issn><issn>2327-4662</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><recordid>eNpNkE1Lw0AQhhdRsNT-APGy4Dl19jPJsdSqkWILRjyGTbKpqU027m4t9deb0iLCwDuH552BB6FrAmNCIL57ThbpmAKFMQMeRZyeoQFlNAy4lPT8336JRs6tAaCvCRLLAUpfTeV3ytY_usSJSfGL9jtjP3HSNNu29ns8Wam6dR7P1Ld2pTVdV7cr_F77D7y0ZmVV06h8o_G98govN6rV7gpdVGrj9OiUQ_T2MEunT8F88ZhMJ_OgoDHzgY7yUpE80gVRBArJiYhlKWPNdQl5pQrWc4JXVcEZ5KSfQgDkIpRKiTAO2RDdHu921nxttfPZ2mxt27_MqCDAqQhB9hQ5UoU1zlldZZ2tG2X3GYHs4C87-MsO_rKTv75zc-zUWus_PmaEEk7YL3tHbAM</recordid><startdate>20210415</startdate><enddate>20210415</enddate><creator>Liu, Gang</creator><creator>Quan, Wei</creator><creator>Cheng, Nan</creator><creator>Gao, Deyun</creator><creator>Lu, Ning</creator><creator>Zhang, Hongke</creator><creator>Shen, Xuemin</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0001-8906-813X</orcidid><orcidid>https://orcid.org/0000-0001-7907-2071</orcidid><orcidid>https://orcid.org/0000-0002-2141-0653</orcidid><orcidid>https://orcid.org/0000-0001-7454-0905</orcidid><orcidid>https://orcid.org/0000-0002-4140-287X</orcidid><orcidid>https://orcid.org/0000-0002-8641-4057</orcidid><orcidid>https://orcid.org/0000-0001-7365-3166</orcidid></search><sort><creationdate>20210415</creationdate><title>Softwarized IoT Network Immunity Against Eavesdropping With Programmable Data Planes</title><author>Liu, Gang ; Quan, Wei ; Cheng, Nan ; Gao, Deyun ; Lu, Ning ; Zhang, Hongke ; Shen, Xuemin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c293t-e8bda1b8ec1a10c641596d69e4ed0bfac3c2954ffc430b10b1c500b576aa57973</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Algorithms</topic><topic>Classification</topic><topic>Classification algorithms</topic><topic>Cryptography</topic><topic>Eavesdropping</topic><topic>Eavesdropping attacks</topic><topic>Encryption</topic><topic>Headers</topic><topic>Immunity</topic><topic>Internet of Things</topic><topic>network immune scheme</topic><topic>Packets (communication)</topic><topic>Payloads</topic><topic>programming protocol-independent packet processors (P4)</topic><topic>Protocols</topic><topic>Streams</topic><topic>three lines of defenses</topic><toplevel>online_resources</toplevel><creatorcontrib>Liu, Gang</creatorcontrib><creatorcontrib>Quan, Wei</creatorcontrib><creatorcontrib>Cheng, Nan</creatorcontrib><creatorcontrib>Gao, Deyun</creatorcontrib><creatorcontrib>Lu, Ning</creatorcontrib><creatorcontrib>Zhang, Hongke</creatorcontrib><creatorcontrib>Shen, Xuemin</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Xplore</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE internet of things journal</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Liu, Gang</au><au>Quan, Wei</au><au>Cheng, Nan</au><au>Gao, Deyun</au><au>Lu, Ning</au><au>Zhang, Hongke</au><au>Shen, Xuemin</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Softwarized IoT Network Immunity Against Eavesdropping With Programmable Data Planes</atitle><jtitle>IEEE internet of things journal</jtitle><stitle>JIoT</stitle><date>2021-04-15</date><risdate>2021</risdate><volume>8</volume><issue>8</issue><spage>6578</spage><epage>6590</epage><pages>6578-6590</pages><issn>2327-4662</issn><eissn>2327-4662</eissn><coden>IITJAU</coden><abstract>State-of-the-art mechanisms against eavesdropping first encrypt all packet payloads in the application layer and then split the packets into multiple network paths. However, versatile eavesdroppers could simultaneously intercept several paths to intercept all the packets, classify the packets into streams using transport fields, and analyze the streams by brute-force. In this article, we propose a programming protocol-independent packet processors (P4)-based network immune scheme (P4NIS) against the intractable eavesdropping. Specifically, P4NIS is equipped with three lines of defenses to provide a softwarized network immunity. Packets are successively processed by the third, second, and first line of defenses. The third line basically encrypts all packet payloads in the application layer using cryptographic mechanisms. Additionally, the second line re-encrypts all packet headers in the transport layer to distribute the packets from one stream into different streams, and disturbs eavesdroppers to classify the packets correctly. Besides, the second line adopts a programmable design for dynamically changing encryption algorithms. Complementally, the first line uses programmable forwarding policies which could split all the double-encrypted packets into different network paths disorderly. Using a paradigm of programmable data planes-P4, we implement P4NIS and evaluate its performances. Experimental results show that P4NIS can increase difficulties of eavesdropping and transmission throughput effectively compared with state-of-the-art mechanisms. Moreover, if P4NIS and state-of-the-art mechanisms have the same level of defending eavesdropping, P4NIS can decrease the encryption cost by 69.85%-81.24%.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/JIOT.2020.3048842</doi><tpages>13</tpages><orcidid>https://orcid.org/0000-0001-8906-813X</orcidid><orcidid>https://orcid.org/0000-0001-7907-2071</orcidid><orcidid>https://orcid.org/0000-0002-2141-0653</orcidid><orcidid>https://orcid.org/0000-0001-7454-0905</orcidid><orcidid>https://orcid.org/0000-0002-4140-287X</orcidid><orcidid>https://orcid.org/0000-0002-8641-4057</orcidid><orcidid>https://orcid.org/0000-0001-7365-3166</orcidid></addata></record>
fulltext	fulltext
identifier	ISSN: 2327-4662
ispartof	IEEE internet of things journal, 2021-04, Vol.8 (8), p.6578-6590
issn	2327-4662 2327-4662
language	eng
recordid	cdi_proquest_journals_2510425706
source	IEEE Electronic Library (IEL) Journals
subjects	Algorithms Classification Classification algorithms Cryptography Eavesdropping Eavesdropping attacks Encryption Headers Immunity Internet of Things network immune scheme Packets (communication) Payloads programming protocol-independent packet processors (P4) Protocols Streams three lines of defenses
title	Softwarized IoT Network Immunity Against Eavesdropping With Programmable Data Planes
url	http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-08T03%3A35%3A23IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Softwarized%20IoT%20Network%20Immunity%20Against%20Eavesdropping%20With%20Programmable%20Data%20Planes&rft.jtitle=IEEE%20internet%20of%20things%20journal&rft.au=Liu,%20Gang&rft.date=2021-04-15&rft.volume=8&rft.issue=8&rft.spage=6578&rft.epage=6590&rft.pages=6578-6590&rft.issn=2327-4662&rft.eissn=2327-4662&rft.coden=IITJAU&rft_id=info:doi/10.1109/JIOT.2020.3048842&rft_dat=%3Cproquest_cross%3E2510425706%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c293t-e8bda1b8ec1a10c641596d69e4ed0bfac3c2954ffc430b10b1c500b576aa57973%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2510425706&rft_id=info:pmid/&rft_ieee_id=9312141&rfr_iscdi=true