Skip to main content

URLink: Using Names As Sole Internet Addresses to Tackle Scanning Attacks in IoT

The Internet adopts a layered architecture where IP addresses are used to identify endpoints and port numbers serves as application multiplexers over a single host. Nowadays, names are usually used to expose a service to public access. However, even with the current DNS architecture, nodes must still know what the running host's IP address and service's port number are to access the service. In fact, any node can directly contact a publicly available node, sometimes for other purposes than accessing its public services. This is specially a challenge in IoT as highlighted by numerous high-profile DDoS attacks which leverage Internet scanning to find vulnerable IoT nodes. Defending against this is often a challenge for service operators. This paper questions this current architecture and calls for an alternative called URLink, where names are used as the sole identifier and access door towards a service. Through a new network abstraction called URLSocket, clients are no longer aware of the public service's IP address and port number. We argue that such an approach is beneficial for IoT networks, as it can be used to address various security and privacy issues in these network. While such an architecture calls for changes in the client application stacks, existing applications (e.g. those running on an IoT node) can still leverage the proposed system in the current Internet.

Author(s)

Digital Object Identifier (DOI)
https://doi.org/10.1145/3628356.3630115
Author(s) not member of CyberExcellence
Shirin Kalantari
Laurens Sion
Danny Hughes