Softwarized IoT Network Immunity Against Eavesdropping With Programmable Data Planes

State-of-the-art mechanisms against eavesdropping first encrypt all packet payloads in the application layer and then split the packets into multiple network paths. However, versatile eavesdroppers could simultaneously intercept several paths to intercept all the packets, classify the packets into streams using transport fields, and analyze the streams by brute-force. In this article, we propose a programming protocol-independent packet processors (P4)-based network immune scheme (P4NIS) against the intractable eavesdropping. Specifically, P4NIS is equipped with three lines of defenses to provide a softwarized network immunity. Packets are successively processed by the third, second, and first line of defenses. The third line basically encrypts all packet payloads in the application layer using cryptographic mechanisms. Additionally, the second line re-encrypts all packet headers in the transport layer to distribute the packets from one stream into different streams, and disturbs eavesdroppers to classify the packets correctly. Besides, the second line adopts a programmable design for dynamically changing encryption algorithms. Complementally, the first line uses programmable forwarding policies which could split all the double-encrypted packets into different network paths disorderly. Using a paradigm of programmable data planes-P4, we implement P4NIS and evaluate its performances. Experimental results show that P4NIS can increase difficulties of eavesdropping and transmission throughput effectively compared with state-of-the-art mechanisms. Moreover, if P4NIS and state-of-the-art mechanisms have the same level of defending eavesdropping, P4NIS can decrease the encryption cost by 69.85%-81.24%.