A Sandboxing based security model to contain malicious traffic in smart homes

Abstract

The Internet of Things (lOT) is a developing Next Generation Network (NGN) paradigm that aims to have more devices connected to the Internet and the possibility of these devices to autonomously communicate with each other. These devices mainly use wireless links to communicate, with little or no flow control, error checking or security monitoring. While this helps support mobility and optimize performance, the compromise in flow control and security monitoring, renders them more vulnerable to potential attacks from malicious users. This poses security threats to data exchanged between devices especially in a smart home environment. This necessitates having mechanisms to provide security against malicious messages and unauthorized modification of information to limit potential attacks on integrity and confidentiality of data. Isolation mechanisms would be ideal to cushion devices and the entire lOT network. Sandboxing involves isolating suspect data, processes, applications or devices from the rest of the system. This restricts access to more system resources hence ensuring continuity and availability of the entire system. This research work thus proposed a model to ensure comprehensive data security in a smart home by using sandboxing. The model proposed mechanisms to provide an isolating environment to contain malicious traffic by evaluating levels of authorization, and restricting communication nodes to what they were allowed to. This thus ensured a proactive data security approach in lOT networks within a smart home environment. Linux security Module implementations were used to provide a custom sandbox from the Kernel level. Instant Contiki, a virtual version of the lOT operating system Contiki, was used to emulate lOT communication with Cooja as the emulating module.