FLEX-IoT: Secure and Resource-Efficient Network Boot System for Flexible-IoT Platform

Keon-Ho Park; Seong-Jin Kim; Joobeom Yun; Seung-Ho Lim; Ki-Woong Park

doi:10.3390/s21062060

FLEX-IoT: Secure and Resource-Efficient Network Boot System for Flexible-IoT Platform

Sensors (Basel). 2021 Mar 15;21(6):2060. doi: 10.3390/s21062060.

Authors

Keon-Ho Park¹, Seong-Jin Kim¹, Joobeom Yun¹, Seung-Ho Lim², Ki-Woong Park¹

Affiliations

¹ Department of Computer and Information Security, and Convergence Engineering for Intelligent Drone, Sejong University, Seoul 05006, Korea.
² Division of Computer Engineering, Hankuk University of Foreign Studies, Yongin 17035, Korea.

Abstract

In an internet of things (IoT) platform with a copious number of IoT devices and active variation of operational purpose, IoT devices should be able to dynamically change their system images to play various roles. However, the employment of such features in an IoT platform is hindered by several factors. Firstly, the trivial file transfer protocol (TFTP), which is generally used for network boot, has major security vulnerabilities. Secondly, there is an excessive demand for the server during the network boot, since there are numerous IoT devices requesting system images according to the variation of their roles, which exerts a heavy network overhead on the server. To tackle these challenges, we propose a system termed FLEX-IoT. The proposed system maintains a FLEX-IoT orchestrater which uses an IoT platform operation schedule to flexibly operate the IoT devices in the platform. The IoT platform operation schedule contains the schedules of all the IoT devices on the platform, and the FLEX-IoT orchestrater employs this schedule to flexibly change the mode of system image transfer at each moment. FLEX-IoT consists of a secure TFTP service, which is fully compatible with the conventional TFTP, and a resource-efficient file transfer method (adaptive transfer) to streamline the system performance of the server. The proposed secure TFTP service comprises of a file access control and attacker deception technique. The file access control verifies the identity of the legitimate IoT devices based on the hash chain shared between the IoT device and the server. FLEX-IoT provides security to the TFTP for a flexible IoT platform and minimizes the response time for network boot requests based on adaptive transfer. The proposed system was found to significantly increase the attack-resistance of TFTP with little additional overhead. In addition, the simulation results show that the volume of transferred system images on the server decreased by 27% on average, when using the proposed system.

Keywords: attacker deception; flexible IoT; resource-efficient network boot; secure TFTP.

Abstract

Grants and funding