Browse Prior Art Database

IOT: MESH-WIDE AUTHORIZATION CONTROL AND TRAFFIC TUNNELING QUARANTINE TECHNIQUES FOR ENHANCED SECURITY CHECKS OF NODES

IP.com Disclosure Number: IPCOM000246297D
Publication Date: 2016-May-25
Document File: 9 page(s) / 475K

Publishing Venue

The IP.com Prior Art Database

Related People

Jay Johnston: AUTHOR [+4]

Abstract

A mesh network of nodes is provided with enhanced security techniques to quarantine nodes that first join (or rejoin) the mesh network. The quarantine involves tunneling all traffic from that new node to a fog router for enhanced analysis and security checks. An authorization list is propagated throughout the mesh that indicates which nodes have passed the quarantine and are authorized, and which nodes are banned from the mesh. Quarantining nodes that join the mesh network allows for extra security checks to be run against the node and preventing it from compromising neighbor nodes during that quarantine time. By encapsulating a quarantined node's traffic at the edge of the mesh, it can be ensured that the data generated will be forwarded (and never processed locally) through the mesh towards the fog router where it is examined with greater scrutiny and analytics than any mesh node could do.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 21% of the total text.

Page 01 of 9

 IOT: MESH-WIDE AUTHORIZATION CONTROL AND TRAFFIC TUNNELING QUARANTINE TECHNIQUES FOR ENHANCED SECURITY CHECKS OF NODES IN NETWORK

AUTHORS:

Jay Johnston Rama Darbha

  David White Magnus Mortensen

CISCO SYSTEMS, INC.

ABSTRACT

    A mesh network of nodes is provided with enhanced security techniques to quarantine nodes that first join (or rejoin) the mesh network. The quarantine involves tunneling all traffic from that new node to a fog router for enhanced analysis and security checks. An authorization list is propagated throughout the mesh that indicates which nodes have passed the quarantine and are authorized, and which nodes are banned from the mesh. Quarantining nodes that join the mesh network allows for extra security checks to be run against the node and preventing it from compromising neighbor nodes during that quarantine time. By encapsulating a quarantined node's traffic at the edge of the mesh, it can be ensured that the data generated will be forwarded (and never processed locally) through the mesh towards the fog router where it is examined with greater scrutiny and analytics than any mesh node could do.

DETAILED DESCRIPTION

     Mesh networks of nodes (sensors) will become targets of attacks. Such attacks might include disruption of the communication between nodes, theft of nodes, or worse: the removal, compromise and re-insertion of a compromised node into the mesh. Flexible security enforcement and problem detection options are needed in the mesh network to provide differentiated levels of security, so that different types of threats can be managed appropriately.

Copyright 2016 Cisco Systems, Inc.

1


Page 02 of 9

    Presented herein is a system and method to ensure that if a node is removed from a mesh network by a malicious actor, modified, and then returned to the mesh network, it undergoes the most intensive security checks possible; additionally the node is quarantined and all data-path traffic is tunnelled back to the fog router for analysis. It is unable to communicate with any node other than the fog router, to prevent potential infection of nearby nodes.

Nodes in the mesh network are in one of a few states:


Authorized - The node is fully trusted by the mesh network.

Quarantined - The node is not trusted by the mesh network, but allowed to provisionally join and send data into the mesh.

Blacklisted - The node is shunned from the mesh network and cannot join.

An authorization list is propagated throughout a mesh network of nodes. The

authorization list indicates which nodes are authorized, quarantined, or blacklisted. In one embodiment, this authorization list could be maintained using block chain technology, which ensures each node has the most up to date version of the authorization list. In another embodiment, the authorization list is simply signed by the fog router for authenticity.

    Nodes that attempt to join the mesh network are immediately quarantined. Quarantined nodes have all their traffic tunneled dire...