TY - GEN
T1 - Authenticating Endpoints and Vetting Connections in Residential Networks
AU - Liu, Yu
AU - Taylor, Curtis R.
AU - Shue, Craig A.
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/4/8
Y1 - 2019/4/8
N2 - The security of residential networks can vary greatly. These networks are often administrated by end-users who may lack security expertise or the resources to adequately defend their networks. Insecure residential networks provide attackers with opportunities to infiltrate systems and create a platform for launching powerful attacks. To address these issues, we introduce a new approach that uses software-defined networking (SDN) to allow home users to outsource their security maintenance to a cloud-based service provider. Using this architecture, we show how a novel network-based two-factor authentication approach can be used to protect Internet of Things devices. Our approach works without requiring modifications to end-devices. We further show how security modules can enforce protocol messages to limit the attack surface in vulnerable devices. Our analysis shows that the system is effective and adds less than 50 milliseconds of delay to the start of a connection with less than 100 microseconds of delay for subsequent packets.
AB - The security of residential networks can vary greatly. These networks are often administrated by end-users who may lack security expertise or the resources to adequately defend their networks. Insecure residential networks provide attackers with opportunities to infiltrate systems and create a platform for launching powerful attacks. To address these issues, we introduce a new approach that uses software-defined networking (SDN) to allow home users to outsource their security maintenance to a cloud-based service provider. Using this architecture, we show how a novel network-based two-factor authentication approach can be used to protect Internet of Things devices. Our approach works without requiring modifications to end-devices. We further show how security modules can enforce protocol messages to limit the attack surface in vulnerable devices. Our analysis shows that the system is effective and adds less than 50 milliseconds of delay to the start of a connection with less than 100 microseconds of delay for subsequent packets.
KW - residential networks
KW - software-defined networking
KW - two-factor authentication
UR - http://www.scopus.com/inward/record.url?scp=85064981561&partnerID=8YFLogxK
U2 - 10.1109/ICCNC.2019.8685568
DO - 10.1109/ICCNC.2019.8685568
M3 - Conference contribution
AN - SCOPUS:85064981561
T3 - 2019 International Conference on Computing, Networking and Communications, ICNC 2019
SP - 136
EP - 140
BT - 2019 International Conference on Computing, Networking and Communications, ICNC 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2019 International Conference on Computing, Networking and Communications, ICNC 2019
Y2 - 18 February 2019 through 21 February 2019
ER -