IoT Security via Address Shuffling: The Easy Way

Francesca Nizzi, Tommaso Pecorella, Flavio Esposito, Laura Pierucci, Romano Fantacci
2019 IEEE Internet of Things Journal  
Securing Internet of Things (IoT) devices and protecting their applications from privacy leaks is a challenge, due to their weak (computational and storage) capabilities, and their proximity with sensitive data. Considering the resourceconstrains of such devices, their long lifetime, and the intermittent connections, classical security approaches are often too difficult or impractical to apply. Moving Target Defense is an established technique whose goal is to lower the attack surface to
more » ... us users by constantly modifying device footprint. Changing the address to an IoT device without privacy leaks is, however, a nontrivial task. In this paper, we propose a novel method to perform a network-wide (IP and MAC) address shuffling procedure, called Address Shuffling Algorithm with HMAC (AShA), which is simple to implement, and whose network overhead is minimal. To demonstrate its effectiveness, we analyze our approach via theoretical analysis and simulations. Our analysis shows how AShA parameters can be adapted to various network sizes while our simulations results show how AShA can be used to successfully perform a global collision-free address renewal on networks of more than 2000 nodes using 16-bit addresses. header is often compressed using RObust Header Compression (ROHC) [7] or IPv6 over Low power Wireless Personal Area Network (6LoWPAN) [8] . Header compression, along with IPv6 Stateless Address Autoconfiguration (SLAAC) [9], is however a serious privacy threat: an attacker may discover the IP address of the nodes by merely analyzing their Medium Access Control (MAC) address, opening its way to analysis of node capabilities and vulnerabilities. Moreover, passive attackers can infer network topologies and learn what are the nodes functionalities even without compromising any system (e.g., they could infer which nodes are responsible for perimeter surveillance planning for another attack) [10] . To reduce the attack surface within IoT network and system security, a viable technique is to introduce randomness in the network behavior. The efforts of some attackers are diminished or even vanished without the ability to gather or predict enough information before the network parameters change. Examples of security techniques that leverage randomness to secure a communication are encryption key refresh and applicationlevel behavior variations. Random (application) protocol behavior can be implemented, for example, by modifying the periodicity of a node data report, or by adding random data to regular packet payloads. Despite being a valuable defense mechanism approach, randomizing the application behavior alone is insufficient to prevent routing or other types of attacks generated by guessing the physical node placement in the network: an attacker can still use the MAC addresses to learn the network topology. To add a MAC-level randomness, a system could periodically change the MAC address of each node. This technique alone has, however, various drawbacks. In particular, the signaling overhead required to coordinate the address change is significant. While in wired network the overhead may not be a concern, when devices are constrained by bandwidth and power, such overhead may severely impact the IoT system performance. It is hence important to devise (MAC) address renewal methods with minimal impact on the network signaling overhead. To this aim, in this paper we present an a novel address shuffling technique that we call AShA, as in Address Shuffling Algorithm. AShA is energy-efficient, has minimal impact on the network overhead, and it is easy to implement. The key novelty behind AShA is a cryptographic hash that enables a controlled and collision-free address shuffling. Only the legitimate nodes and the network controller are able to predict the address renew outcomes, and from the point of view of the attacker, the addresses follow a random pattern over time. We evaluate the efficiency of our proposed method with respect to the number of nodes in the network both theoretically and through simulations. Our results show that, for typical network sizes (i.e., less than 700 nodes for each Personal This is the author's version of an article that has been published in this journal. Changes were made to this version by the publisher prior to publication. The final version of record is available at http://dx.
doi:10.1109/jiot.2019.2892003 fatcat:ovryz4bx3fbojgtwupi4bp6q2e