An Effective Security Method Based on Combining 802.1x, DMZ and SSL-VPN for IoT Network Security

Yıl 2020, Cilt: 4 Sayı: 2, 65 - 76, 31.12.2020

İlhan Fırat Kılınçer Fatih Ertam Orhan Yaman Abdülkadir Şengür

https://doi.org/10.26650/acin.779547

Öz

IoT applications appear in many areas due to their flexible structures and many advantages they provide. The increase in IoT applications brings many security vulnerabilities. In order to close these security gaps and ensure the security of the created system, some measures should be taken by combining existing technologies with new technologies. In this study, a method that uses various security technologies together is proposed to ensure the security of the IoT application network. Accordingly, 802.1x technology was used to connect wireless sensor devices to a Wi-Fi network. Thus, in the first step, unauthorized users are not allowed to connect to this network. In the second step, IoT data was collected on a central server, and this server was taken to the DMZ zone in the firewall. Thus, access to the server is both restricted, and server access is logged. In the last step, with SSL-VPN configured in the firewall, data can be safely monitored from the external environment. The biggest advantages of the proposed approach are that it can be used easily in existing Wi-Fi networks, provides communication security, and is low cost. Considering these advantages, it is considered to be an important work in the field of IoT network security.

Anahtar Kelimeler

IoT, IEEE 802.1x, DMZ, SSL-VPN, Wireless Sensor Networks, Network Security, Wi-Fi Security

Destekleyen Kurum

Firat University Scientific Research Projects Unit

Proje Numarası

TEKF.18.13

Teşekkür

This work was supported by the FUBAP (Firat University Scientific Research Projects Unit) under Grant No: TEKF.18.13.

IoT Ağ Güvenliği için 802.1x, DMZ ve SSL-VPN Birleştirme Tabanlı Etkili bir Güvenlik Yöntemleri

Öz

IoT uygulamaları, sahip oldukları esnek yapıları ve sağladıkları birçok avantajdan dolayı birçok alanda karşımıza çıkmaktadırlar. IoT uygulamalarındaki artış, birçok güvenlik açığını da getirmektedir. Bu güvenlik açıklarını kapatmak ve oluşturulan sistemin güvenliğini sağlamak için mevcut teknolojiler, yeni teknolojilerle birleştirilerek bazı önlemler alınmalıdır. Bu çalışmada, IoT uygulama ağının güvenliğini sağlamak için, çeşitli güvenlik teknolojilerini bir arada kullanan bir yöntem önerilmiştir. Buna göre, kablosuz sensör cihazlarının, Wi-Fi ağına bağlanması için 802.1x teknolojisini kullanıldı. Böylelikle, ilk adımda yetkisiz kullanıcıların bu ağa bağlanmasına izin verilmez. İkinci adımda IoT verileri merkezi bir sunucu üzerinde toplanmış ve bu sunucu güvenlik duvarındaki DMZ bölgesine alınmıştır. Böylece, sunucuya erişim hem kısıtlanır hem de sunucu erişimlerinin günlüğü tutulur. Son adımda, güvenlik duvarında konfigüre edilen SSL-VPN ile dış ortamdan verilerin güvenli bir şekilde izlenmesi sağlanmıştır. Önerilen yaklaşımın en büyük avantajları, mevcut Wi-Fi ağlarında rahatlıkla kullanılabilir olması, haberleşme güvenliğini sağlaması ve düşük maliyetli olmasıdır. Bu avantajları göz önünde bulundurulduğunda, IoT ağ güvenliği alanında önemli bir çalışma olduğu düşünülmektedir.

Anahtar Kelimeler

IoT, IEEE 802.1x, DMZ, SSL-VPN, Kablosuz Sensör Ağları, Ağ Güvenliği, Wi-Fi Güvenliği

Proje Numarası

TEKF.18.13

Kaynakça

• Alabdulatif A, Ma X, Nolle L. Analysing and attacking the 4-way handshake of IEEE 802.11i standard. In: 2013 8th International Conference for Internet Technology and Secured Transactions, ICITST 2013. 2013. p. 382–7.
• Aly M, Khomh F, Haoues M, Quintero A, Yacout S. Enforcing security in Internet of Things frameworks: A Systematic Literature Review. Internet of Things. 2019;6:100050.
• Amanullah MA, Habeeb RAA, Nasaruddin FH, Gani A, Ahmed E, Nainar ASM, et al. Deep learning and big data technologies for IoT security. Vol. 151, Computer Communications. 2020. p. 495–517.
• Aziz IA, Hasan H, Ismail J, Mehat M. Remote Monitoring in Agricultural Greenhouse Using Wireless Sensor and Short Message Service ( SMS ). Int J Eng Technol IJET. 2009;9(9):1–12.
• Chen JC, Jiang MC, Liu YIW. Wireless LAN security and IEEE 802.11l. IEEE Wireless Communications. 2005.
• Chen JC, Wang YP. Extensible Authentication Protocol (EAP) and IEEE 802.1x: Tutorial and Empirical Experience. IEEE Commun Mag. 2005;
• Cho JS, Yeo SS, Kim SK. Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value. Comput Commun. 2011;34(3):391–7.
• Fantacci R, Maccari L, Pecorella T, Frosali F. Analysis of secure handover for IEEE 802.1X-based wireless ad hoc networks. IEEE Wirel Commun. 2007;
• García-Hernández C, Ibargüengoytia-González P, García-Hernández J, Pérez-Díaz J. Wireless Sensor Networks and Applications: a Survey. IJCSNS Int J Comput Sci Netw Secur [Internet]. 2007;7(3):264–73. Available from: http://campus.cva.itesm.mx/jdperez/documentos/IJCSNS-WSN-publicado-03-2007.pdf
• Gu YH, Zhang JX. Research on the security of IEEE 802.1x authentication mechanism in wireless LAN. In: 2nd International Conference on Information Science and Engineering, ICISE2010 - Proceedings. 2010.
• Hermaduanti N, Riadi I. Automation framework for rogue access point mitigation in ieee 802.1X-based WLAN. J Theor Appl Inf Technol. 2016;
• Hossain MM, Fotouhi M, Hasan R. Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things. In: Proceedings - 2015 IEEE World Congress on Services, SERVICES 2015. 2015. p. 21–8.
• Hucaby D. CCNA wireless 640-722 official cert guide [Internet]. 2014. Available from: https://www.safaribooksonline.com/library/view/ccna-wireless-640-722/9780133445725/
• Hussain R, Abdullah I. Review of Different Encryptionand Decryption Techniques Used for Security and Privacy of IoT in Different Applications. In: 2018 6th IEEE International Conference on Smart Energy Grid Engineering, SEGE 2018. 2018. p. 293–7.
• Juma M, Monem AA, Shaalan K. Hybrid End-to-End VPN Security Approach for Smart IoT Objects. J Netw Comput Appl. 2020;158.
• Khattak HA, Shah MA, Khan S, Ali I, Imran M. Perception layer security in Internet of Things. Futur Gener Comput Syst. 2019;100:144–64.
• KILINÇER İF, ERTAM F, ŞENGÜR A. Automated Fake Access Point Attack Detection and Prevention System with IoT Devices. Balk J Electr Comput Eng. 2020;
• Kilinçer IF, Ertam F, Yaman O, Akbal A. Automatic fault detection with Bayes method in university campus network. In: IDAP 2017 - International Artificial Intelligence and Data Processing Symposium. 2017.
• Kodali RK, Mahesh KS. A low cost implementation of MQTT using ESP8266. In: Proceedings of the 2016 2nd International Conference on Contemporary Computing and Informatics, IC3I 2016. 2016a.
• Kodali RK, Mahesh KS. Low cost ambient monitoring using ESP8266. In: Proceedings of the 2016 2nd International Conference on Contemporary Computing and Informatics, IC3I 2016. 2016b. p. 779–82.
• Li L, Hu X, Chen K, He K. The applications of WiFi-based Wireless Sensor Network in Internet of Things and Smart Grid. In: Proceedings of the 2011 6th IEEE Conference on Industrial Electronics and Applications, ICIEA 2011. 2011. p. 789–93.
• Lin Y, Kong R, Guan M, She R. Design and implementation of smart home intranet based on ZigBee. Res J Appl Sci Eng Technol. 2014;
• Mahali MI. Smart Door Locks Based On Internet Of Things Concept with Mobile Backend as a Service. J Electron Informatics, Vocat Educ. 2016;
• Mendez GR, Mukhopadhyay SC. A Wi-Fi based smart wireless sensor network for an agricultural environment. In: Smart Sensors, Measurement and Instrumentation. 2013. p. 247–68.
• Mohamad Noor M binti, Hassan WH. Current research on Internet of Things (IoT) security: A survey. Comput Networks. 2019;148:283–94.
• Pandey RC, Verma M, Sahu LK. Internet of Things (IOT) Based Gas Leakage Monitoring and Alerting System with MQ-2 Sensor. Int J Eng Dev Res. 2017;
• Pukhanov A. WiFi Extension for Drought Early-Warning Detection System Components by. 2015;
• Saha S, Majumdar A. Data centre temperature monitoring with ESP8266 based Wireless Sensor Network and cloud based dashboard with real time alert system. In: Proceedings of 2nd International Conference on 2017 Devices for Integrated Circuit, DevIC 2017. 2017. p. 307–10.
• Sha K, Yang TA, Wei W, Davari S. A survey of edge computing based designs for IoT security. Digit Commun Networks. 2020;
• Singh P, Saikia S. Arduino-based smart irrigation using water flow sensor, soil moisture sensor, temperature sensor and ESP8266 WiFi module. In: IEEE Region 10 Humanitarian Technology Conference 2016, R10-HTC 2016 - Proceedings. 2017.
• Škraba A, Koložvari A, Kofjač D, Stojanović R, Stanovov V, Semenkin E. Prototype of group heart rate monitoring with NODEMCU ESP8266. In: 2017 6th Mediterranean Conference on Embedded Computing, MECO 2017 - Including ECYPS 2017, Proceedings. 2017.
• Srivastava P, Bajaj M, Rana AS. IOT based controlling of hybrid energy system using ESP8266. In: 2018 IEEMA Engineer Infinite Conference, eTechNxT 2018. 2018a. p. 1–5.
• Srivastava P, Bajaj M, Rana AS. Overview of ESP8266 Wi-Fi module based smart irrigation system using IOT. In: Proceedings of the 4th IEEE International Conference on Advances in Electrical and Electronics, Information, Communication and Bio-Informatics, AEEICB 2018. 2018b.
• Thaker T. ESP8266 based implementation of wireless sensor network with Linux based web-server. In: 2016 Symposium on Colossal Data Analysis and Networking, CDAN 2016. 2016.
• Tonage S, Yemul S, Jare R, Patki V. IoT based home automation system using NodeMCU ESP8266 module. Int J Adv Res Dev. 2018;
• Union IT. ITU Internet Reports 2005: The Internet of Things. Vol. 4, Communications Engineer. 2005.
• Zha X, Ma M. Security improvements of IEEE 802.11i 4-way handshake scheme. In: 12th IEEE International Conference on Communication Systems 2010, ICCS 2010. 2010. p. 667–71.
• Wireless Security Protocols [Internet]. Available from: https://ipcisco.com/lesson/wireless-security-protocols/