Acta Infologica

SUBMITINFORMATION
EnglishTürkçe

Research Article


DOI :10.26650/acin.779547   IUP :10.26650/acin.779547    Full Text (PDF)

An Effective Security Method Based on Combining 802.1x, DMZ and SSL-VPN for IoT Network Security

İlhan Fırat KılınçerFatih ErtamOrhan YamanAbdülkadir Şengür

IoT applications appear in many areas due to their flexible structures and many advantages they provide. The increase in IoT applications brings many security vulnerabilities. In order to close these security gaps and ensure the security of the created system, some measures should be taken by combining existing technologies with new technologies. In this study, a method that uses various security technologies together is proposed to ensure the security of the IoT application network. Accordingly, 802.1x technology was used to connect wireless sensor devices to a Wi-Fi network. Thus, in the first step, unauthorized users are not allowed to connect to this network. In the second step, IoT data was collected on a central server, and this server was taken to the DMZ zone in the firewall. Thus, access to the server is both restricted, and server access is logged. In the last step, with SSL-VPN configured in the firewall, data can be safely monitored from the external environment. The biggest advantages of the proposed approach are that it can be used easily in existing Wi-Fi networks, provides communication security, and is low cost. Considering these advantages, it is considered to be an important work in the field of IoT network security.

Keywords: IoTIEEE 802.1xDMZSSL-VPNWireless Sensor NetworksNetwork SecurityWi-Fi Security
DOI :10.26650/acin.779547   IUP :10.26650/acin.779547    Full Text (PDF)

IoT Ağ Güvenliği için 802.1x, DMZ ve SSL-VPN Birleştirme Tabanlı Etkili bir Güvenlik Yöntemi

İlhan Fırat KılınçerFatih ErtamOrhan YamanAbdülkadir Şengür

IoT uygulamaları, sahip oldukları esnek yapıları ve sağladıkları birçok avantajdan dolayı birçok alanda karşımıza çıkmaktadırlar. IoT uygulamalarındaki artış, birçok güvenlik açığını da getirmektedir. Bu güvenlik açıklarını kapatmak ve oluşturulan sistemin güvenliğini sağlamak için mevcut teknolojiler, yeni teknolojilerle birleştirilerek bazı önlemler alınmalıdır. Bu çalışmada, IoT uygulama ağının güvenliğini sağlamak için, çeşitli güvenlik teknolojilerini bir arada kullanan bir yöntem önerilmiştir. Buna göre, kablosuz sensör cihazlarının, Wi-Fi ağına bağlanması için 802.1x teknolojisini kullanıldı. Böylelikle, ilk adımda yetkisiz kullanıcıların bu ağa bağlanmasına izin verilmez. İkinci adımda IoT verileri merkezi bir sunucu üzerinde toplanmış ve bu sunucu güvenlik duvarındaki DMZ bölgesine alınmıştır. Böylece, sunucuya erişim hem kısıtlanır hem de sunucu erişimlerinin günlüğü tutulur. Son adımda, güvenlik duvarında konfigüre edilen SSL-VPN ile dış ortamdan verilerin güvenli bir şekilde izlenmesi sağlanmıştır. Önerilen yaklaşımın en büyük avantajları, mevcut Wi-Fi ağlarında rahatlıkla kullanılabilir olması, haberleşme güvenliğini sağlaması ve düşük maliyetli olmasıdır. Bu avantajları göz önünde bulundurulduğunda, IoT ağ güvenliği alanında önemli bir çalışma olduğu düşünülmektedir. 


Keywords: IoTIEEE 802.1xDMZSSL-VPNKablosuz Sensör AğlarıAğ GüvenliğiWi-Fi Güvenliği

PDF View

References

  • Alabdulatif A, Ma X, Nolle L. Analysing and attacking the 4-way handshake of IEEE 802.11i standard. In: 2013 8th International Conference for Internet Technology and Secured Transactions, ICITST 2013. 2013. p. 382–7. google scholar
  • Aly M, Khomh F, Haoues M, Quintero A, Yacout S. Enforcing security in Internet of Things frameworks: A Systematic Literature Review. Internet of Things. 2019;6:100050. google scholar
  • Amanullah MA, Habeeb RAA, Nasaruddin FH, Gani A, Ahmed E, Nainar ASM, et al. Deep learning and big data technologies for IoT security. Vol. 151, Computer Communications. 2020. p. 495–517. google scholar
  • Aziz IA, Hasan H, Ismail J, Mehat M. Remote Monitoring in Agricultural Greenhouse Using Wireless Sensor and Short Message Service ( SMS ). Int J Eng Technol IJET. 2009;9(9):1–12. google scholar
  • Chen JC, Jiang MC, Liu YIW. Wireless LAN security and IEEE 802.11l. IEEE Wireless Communications. 2005. google scholar
  • Chen JC, Wang YP. Extensible Authentication Protocol (EAP) and IEEE 802.1x: Tutorial and Empirical Experience. IEEE Commun Mag. 2005; google scholar
  • Cho JS, Yeo SS, Kim SK. Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value. Comput Commun. 2011;34(3):391–7. google scholar
  • Fantacci R, Maccari L, Pecorella T, Frosali F. Analysis of secure handover for IEEE 802.1X-based wireless ad hoc networks. IEEE Wirel Commun. 2007; google scholar
  • García-Hernández C, Ibargüengoytia-González P, García-Hernández J, Pérez-Díaz J. Wireless Sensor Networks and Applications: a Survey. IJCSNS Int J Comput Sci Netw Secur [Internet]. 2007;7(3):264–73. Available from: http://campus.cva.itesm.mx/jdperez/documentos/IJCSNS-WSNpublicado-03-2007.pdf google scholar
  • Gu YH, Zhang JX. Research on the security of IEEE 802.1x authentication mechanism in wireless LAN. In: 2nd International Conference on Information Science and Engineering, ICISE2010 - Proceedings. 2010. google scholar
  • Hermaduanti N, Riadi I. Automation framework for rogue access point mitigation in ieee 802.1X-based WLAN. J Theor Appl Inf Technol. 2016; google scholar
  • Hossain MM, Fotouhi M, Hasan R. Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things. In: Proceedings - 2015 IEEE World Congress on Services, SERVICES 2015. 2015. p. 21–8. google scholar
  • Hucaby D. CCNA wireless 640-722 official cert guide [internet]. 2014. Available from: https://www.safaribooksonline.com/library/view/ ccna-wireless-640-722/9780133445725/ google scholar
  • Hussain R, Abdullah I. Review of Different Encryptionand Decryption Techniques Used for Security and Privacy of IoT in Different Applications. In: 2018 6th IEEE International Conference on Smart Energy Grid Engineering, SEGE 2018. 2018. p. 293–7. google scholar
  • Juma M, Monem AA, Shaalan K. Hybrid End-to-End VPN Security Approach for Smart IoT Objects. J Netw Comput Appl. 2020;158. google scholar
  • Khattak HA, Shah MA, Khan S, Ali I, Imran M. Perception layer security in Internet of Things. Futur Gener Comput Syst. 2019;100:144–64. google scholar
  • KILINÇER İF, ERTAM F, ŞENGÜR A. Automated Fake Access Point Attack Detection and Prevention System with IoT Devices. Balk J Electr Comput Eng. 2020; google scholar
  • Kilinçer IF, Ertam F, Yaman O, Akbal A. Automatic fault detection with Bayes method in university campus network. In: IDAP 2017 - International Artificial Intelligence and Data Processing Symposium. 2017. google scholar
  • Kodali RK, Mahesh KS. A low cost implementation of MQTT using ESP8266. In: Proceedings of the 2016 2nd International Conference on Contemporary Computing and Informatics, IC3I 2016. 2016a. google scholar
  • Kodali RK, Mahesh KS. Low cost ambient monitoring using ESP8266. In: Proceedings of the 2016 2nd International Conference on Contemporary Computing and Informatics, IC3I 2016. 2016b. p. 779–82. google scholar
  • Li L, Hu X, Chen K, He K. The applications of WiFi-based Wireless Sensor Network in Internet of Things and Smart Grid. In: Proceedings of the 2011 6th IEEE Conference on Industrial Electronics and Applications, ICIEA 2011. 2011. p. 789–93. google scholar
  • Lin Y, Kong R, Guan M, She R. Design and implementation of smart home intranet based on ZigBee. Res J Appl Sci Eng Technol. 2014; google scholar
  • Mahali MI. Smart Door Locks Based On Internet Of Things Concept with Mobile Backend as a Service. J Electron Informatics, Vocat Educ. 2016; google scholar
  • Mendez GR, Mukhopadhyay SC. A Wi-Fi based smart wireless sensor network for an agricultural environment. In: Smart Sensors, Measurement and Instrumentation. 2013. p. 247–68. google scholar
  • Mohamad Noor M binti, Hassan WH. Current research on Internet of Things (IoT) security: A survey. Comput Networks. 2019;148:283–94. google scholar
  • Pandey RC, Verma M, Sahu LK. Internet of Things (IOT) Based Gas Leakage Monitoring and Alerting System with MQ-2 Sensor. Int J Eng Dev Res. 2017; google scholar
  • Pukhanov A. Wi-Fi Extension for Drought Early-Warning Detection System Components by. 2015; google scholar
  • Saha S, Majumdar A. Data centre temperature monitoring with ESP8266 based Wireless Sensor Network and cloud based dashboard with real time alert system. In: Proceedings of 2nd International Conference on 2017 Devices for Integrated Circuit, DevIC 2017. 2017. p. 307–10. google scholar
  • Sha K, Yang TA, Wei W, Davari S. A survey of edge computing based designs for IoT security. Digit Commun Networks. 2020; google scholar
  • Singh P, Saikia S. Arduino-based smart irrigation using water flow sensor, soil moisture sensor, temperature sensor and ESP8266 Wi-Fi module. In: IEEE Region 10 Humanitarian Technology Conference 2016, R10-HTC 2016 - Proceedings. 2017. google scholar
  • Škraba A, Koložvari A, Kofjač D, Stojanović R, Stanovov V, Semenkin E. Prototype of group heart rate monitoring with NODEMCU ESP8266. In: 2017 6th Mediterranean Conference on Embedded Computing, MECO 2017 - Including ECYPS 2017, Proceedings. 2017. google scholar
  • Srivastava P, Bajaj M, Rana AS. IOT based controlling of hybrid energy system using ESP8266. In: 2018 IEEMA Engineer Infinite Conference, eTechNxT 2018. 2018a. p. 1–5. google scholar
  • Srivastava P, Bajaj M, Rana AS. Overview of ESP8266 Wi-Fi module based smart irrigation system using IOT. In: Proceedings of the 4th IEEE International Conference on Advances in Electrical and Electronics, Information, Communication and Bio-Informatics, AEEICB 2018. 2018b. google scholar
  • Thaker T. ESP8266 based implementation of wireless sensor network with Linux based web-server. In: 2016 Symposium on Colossal Data Analysis and Networking, CDAN 2016. 2016. google scholar
  • Tonage S, Yemul S, Jare R, Patki V. IoT based home automation system using NodeMCU ESP8266 module. Int J Adv Res Dev. 2018; google scholar
  • Union IT. ITU Internet Reports 2005: The Internet of Things. Vol. 4, Communications Engineer. 2005. google scholar
  • Zha X, Ma M. Security improvements of IEEE 802.11i 4-way handshake scheme. In: 12th IEEE International Conference on Communication Systems 2010, ICCS 2010. 2010. p. 667–71. google scholar
  • Wireless Security Protocols [Internet]. Available from: https://ipcisco.com/lesson/wireless-security-protocols/ google scholar

Citations

Copy and paste a formatted citation or use one of the options to export in your chosen format


EXPORT



APA

Kılınçer, İ.F., Ertam, F., Yaman, O., & Şengür, A. (2020). An Effective Security Method Based on Combining 802.1x, DMZ and SSL-VPN for IoT Network Security. Acta Infologica, 4(2), 65-76. https://doi.org/10.26650/acin.779547


AMA

Kılınçer İ F, Ertam F, Yaman O, Şengür A. An Effective Security Method Based on Combining 802.1x, DMZ and SSL-VPN for IoT Network Security. Acta Infologica. 2020;4(2):65-76. https://doi.org/10.26650/acin.779547


ABNT

Kılınçer, İ.F.; Ertam, F.; Yaman, O.; Şengür, A. An Effective Security Method Based on Combining 802.1x, DMZ and SSL-VPN for IoT Network Security. Acta Infologica, [Publisher Location], v. 4, n. 2, p. 65-76, 2020.


Chicago: Author-Date Style

Kılınçer, İlhan Fırat, and Fatih Ertam and Orhan Yaman and Abdülkadir Şengür. 2020. “An Effective Security Method Based on Combining 802.1x, DMZ and SSL-VPN for IoT Network Security.” Acta Infologica 4, no. 2: 65-76. https://doi.org/10.26650/acin.779547


Chicago: Humanities Style

Kılınçer, İlhan Fırat, and Fatih Ertam and Orhan Yaman and Abdülkadir Şengür. An Effective Security Method Based on Combining 802.1x, DMZ and SSL-VPN for IoT Network Security.” Acta Infologica 4, no. 2 (Apr. 2024): 65-76. https://doi.org/10.26650/acin.779547


Harvard: Australian Style

Kılınçer, İF & Ertam, F & Yaman, O & Şengür, A 2020, 'An Effective Security Method Based on Combining 802.1x, DMZ and SSL-VPN for IoT Network Security', Acta Infologica, vol. 4, no. 2, pp. 65-76, viewed 19 Apr. 2024, https://doi.org/10.26650/acin.779547


Harvard: Author-Date Style

Kılınçer, İ.F. and Ertam, F. and Yaman, O. and Şengür, A. (2020) ‘An Effective Security Method Based on Combining 802.1x, DMZ and SSL-VPN for IoT Network Security’, Acta Infologica, 4(2), pp. 65-76. https://doi.org/10.26650/acin.779547 (19 Apr. 2024).


MLA

Kılınçer, İlhan Fırat, and Fatih Ertam and Orhan Yaman and Abdülkadir Şengür. An Effective Security Method Based on Combining 802.1x, DMZ and SSL-VPN for IoT Network Security.” Acta Infologica, vol. 4, no. 2, 2020, pp. 65-76. [Database Container], https://doi.org/10.26650/acin.779547


Vancouver

Kılınçer İF, Ertam F, Yaman O, Şengür A. An Effective Security Method Based on Combining 802.1x, DMZ and SSL-VPN for IoT Network Security. Acta Infologica [Internet]. 19 Apr. 2024 [cited 19 Apr. 2024];4(2):65-76. Available from: https://doi.org/10.26650/acin.779547 doi: 10.26650/acin.779547


ISNAD

Kılınçer, İlhanFırat - Ertam, Fatih - Yaman, Orhan - Şengür, Abdülkadir. An Effective Security Method Based on Combining 802.1x, DMZ and SSL-VPN for IoT Network Security”. Acta Infologica 4/2 (Apr. 2024): 65-76. https://doi.org/10.26650/acin.779547



TIMELINE


Submitted12.08.2020
Accepted16.12.2020
Published Online31.12.2020

LICENCE


Attribution-NonCommercial (CC BY-NC)

This license lets others remix, tweak, and build upon your work non-commercially, and although their new works must also acknowledge you and be non-commercial, they don’t have to license their derivative works on the same terms.


SHARE




Istanbul University Press aims to contribute to the dissemination of ever growing scientific knowledge through publication of high quality scientific journals and books in accordance with the international publishing standards and ethics. Istanbul University Press follows an open access, non-commercial, scholarly publishing.