Internet of Things (IoT) and software-defined networking (SDN) are two recent trends that are believed to dramatically shape the future computer networking. IoT connects ubiquitous devices that will fill our surroundings and help people in everyday tasks, while SDN reshapes the way computer networks are managed. These developments will also change the information security and threat landscape of the networks. The IoT devices have often constrained user interfaces, which creates challenges for security configuration and protocols. Software-defined networking, on the other hand, changes the network architecture and thus exposes the infrastructure to new threats. Identifying potential security problems and finding solutions for them is paramount for the success of these technologies. This thesis studies a set of problems relating to the security of emerging networking technologies and, more specifically, IoT and SDN. We describe a novel device pairing protocol for IoT devices that uses fuzzy user-generated information for authenticating the key exchange. Unlike earlier proposals, the protocol does not make any assumptions on how entropy is distributed in the shared secret. This makes the protocol well-suited for situations where the shared secret is fuzzy and its properties are variable. We also study SDN security from various angles. More specifically, we discuss insider attacks where the adversary has already gotten a foothold in the target network, and denial-of-service attacks that can be launched via the network data plane. We find that the consequences of these attacks are highly dependent on the network configuration. The thesis also describes a tenant isolation solution implemented with existing SDN technologies. Finally, we analyze the security of Bloom-filter-based authorization mechanisms for multicast forwarding and find that several of the proposed protocols are vulnerable to denial-of-service attacks and are thus unsuitable for open networks.
|Translated title of the contribution||Tietoturvallisuus tulevaisuuden tietoverkkoteknologioissa - Näkökulmia esineiden Internetiin ja ohjelmoitaviin tietoverkkoihin|
|Publication status||Published - 2016|
|MoE publication type||G5 Doctoral dissertation (article)|
- computer security
- Internet of things
- software-defined networking