Analysis of attacks on device manager in software-defined Internet of Things

The Internet of Things is a network of physical devices consisting of embedded systems and sensors that interact with each other and connect to the Internet, and the quick growth of the Internet of Things industry has resulted in complex inter-networking on the Internet. Software-defined networking is a recent advance in computer networking that redefines the network paradigm for future communication, and the advantages of software-defined networking can also be applied to Internet of Things, namely as software-defined Internet of Things. In this article, we investigate the vulnerability of the software-defined Internet of Things platform device manager, which monitors the connected Internet of Things devices in the network. Although being the one that performs one of the most crucial services, the device managers in current primary controllers have a big security issue as they do not include any device verification, authentication, or authorization routines. Consequently, the device manager accepts all the changes of device information made by other devices, which leads to potential attacks as demonstrated in this article. To address this problem, a comprehensive and lightweight countermeasure is proposed and its effectiveness is verified through experiments.