Date of Award
Santa Clara : Santa Clara University, 2020.
Computer Science and Engineering
Minimal local resources, lack of consistency in low level protocols and market pressures contribute to IoT devices being more vulnerable than traditional computing devices. These devices not only have a wide variety of processors and implementations, but they often serve different purposes and generate unique network traffic. Current IoT network security solutions fail to account for and handle both the scale at which IoT devices can be deployed and the heterogeneous nature of the traffic they produce. In order to accommodate these differences and improve on current solutions, we propose the implementation of a microsegmented firewall for IoT networks. Unlike traditional microsegmented architectures, which use a virtual management layer and hypervisors to manage, route, and filter the traffic from VMs, we propose the use of a cloud based management layer working in cooperation with fog node filters to manage end device traffic. The fog nodes act as the first hop from the IoT devices, filtering traffic according to the rules given to them by the management layer. This decreases packet filtering latency by distributing the computing load and limiting the number of hops packets make for processing. Meanwhile, having a singular management point gives network administrators the convenience of controlling all traffic flows at a moments notice as would be the case in a traditional SDN. As a result, this architecture promotes both the adaptability and scalability needed in IoT networks, all while securing traffic flows and minimizing latency.
Lund, Ryan; Fenzl, Anthony; and Villanueva, Chelsea, "Distributed Firewall for IoT" (2020). Computer Science and Engineering Senior Theses. 164.