Visible to the public Biblio

Filters: Author is Li, Yuhong  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
Li, Yuhong, Björck, Fredrik, Xue, Haoyue.  2016.  IoT Architecture Enabling Dynamic Security Policies. Proceedings of the 4th International Conference on Information and Network Security. :50–54.

The Internet of Things (IoT) architecture is expected to evolve into a model containing various open systems, integrated environments, and platforms, which can be programmed and can provide secure services on demand. However, not much effort has been devoted towards the security of such an IoT architecture. In this paper, we present an IoT architecture that supports deploying dynamic security policies for IoT services. In this approach, IoT devices, gateways, and data are open and programmable to IoT application developers and service operators. Fine-grained security policies can be programmed and dynamically adjusted according to users' requirements, devices' capabilities and networking environments. The implementation and test results show that new security policies can be created and deployed rapidly and demonstrate the feasibility of the architecture.

Xue, Haoyue, Li, Yuhong, Rahmani, Rahim, Kanter, Theo, Que, Xirong.  2017.  A Mechanism for Mitigating DoS Attack in ICN-based Internet of Things. Proceedings of the 1st International Conference on Internet of Things and Machine Learning. :26:1–26:10.
Information-Centric Networking (ICN) 1 is a significant networking paradigm for the Internet of Things, which is an information-centric network in essence. The ICN paradigm owns inherently some security features, but also brings several new vulnerabilities. The most significant one among them is Interest flooding, which is a new type of Denial of Service (DoS) attack, and has even more serious effects to the whole network in the ICN paradigm than in the traditional IP paradigm. In this paper, we suggest a new mechanism to mitigate Interest flooding attack. The detection of Interest flooding and the corresponding mitigation measures are implemented on the edge routers, which are directly connected with the attackers. By using statistics of Interest satisfaction rate on the incoming interface of some edge routers, malicious name-prefixes or interfaces can be discovered, and then dropped or slowed down accordingly. With the help of the network information, the detected malicious name-prefixes and interfaces can also be distributed to the whole network quickly, and the attack can be mitigated quickly. The simulation results show that the suggested mechanism can reduce the influence of the Interest flooding quickly, and the network performance can recover automatically to the normal state without hurting the legitimate users.