Live Intrusion Obliviation Network OS

NS-T L.I.O.N. OS™ is a Linux operating system based on OpenWrt. L.I.O.N. targets programmable embedded platforms and implements a secure Software Defined Edge-Cloud Network architecture for IoT applications in Smart Class- rooms, Smart Homes, and Smart Health.

The building blocks of L.I.O.N. OS include but are not limited to OpenFlow, Bluetooth Low Energy, and WiFi. OpenFlow functions between the switch and controller on a network therefore initiating a unified control protocol. An SDN controller installs flow entries on OpenFlow switches, which perform per flow analysis on incoming traffic. A switch will always forward new flows to the SDN controller which in turn updates flow entries on switches as new traffic patterns are known.

The OpenFlow protocol adds a variety of features for efficient network management. "Network Visibility" is an important feature for an IoT network. It allows device monitoring of all connected nodes and maps out the entire network. "Resource Monitoring" enables flexible system resource management (i.e. bandwidth, communication channels, computation platforms etc.) This results in efficient resource utilization for dynamic and improved data flows. "Network Virtualization" enables network slicing based on users, subnets, or traffic flows to integrate all physical network devices into the software defined network.

L.I.O.N. OS extends the features on OpenFlow by integrating progammability, mobility, load balancing, hidden terminal mitigation, and network security protocols.

• "Programmability" simplifies network programming by creating simple and powerful abstractions on the network. It brings essential tools to a programmer working on a central view of the entire network independent of state changes on the client side (e.g. authorization, authentication, and client state machines).

• "Mobility" Virtual APs identify every client with a unique BSSID which appear as unique APs to each client. Each physical AP hosts an Virtual AP for each connected client. Handing off a client between two APs is performed by deactivating a client Virtual AP from a physical AP and activating it at a different AP without entering a client reassociation process.

• "Load Balancing" For scalability and load traffic management, load balancing has been implemented by dynamically re-assigning clients to balance the APs. Re-association based load balancing is used as the method of handing off clients to different Access Points for scalability. Our performance results demonstrate that executing multiple handoffs even at 100ms intervals do not result in any TCP degradation.

• "Hidden Terminal Mitigation" Enterprise WLANs encounter hidden terminal loses that other management schemes like RTS/CTS (Request To Send/Clear To Send) mitigate through client modifications. L.I.O.N. eliminates client-end modifications by implementing an application to mitigate hidden terminals as a result of the centralized network view advantage. This application is envisioned to measure link impairments and collisions.

We integrate a Multiple SDN Controller architecture for Ad-Hoc Networks based on the assumption that equal interaction is default on an SDN controller, which grants it full access to the switch and ensures all controllers have the same rules. A node in Ad-Hoc networks can be viewed as a combination of Legacy interfaces on the physical layer, Programmable layer on an SDN compatible virtual switch and an SDN controller, and An operating system with its applications on the OS layer.

In this system, all legacy interfaces are connected to a virtual switch controlled by an SDN controller and embedded into the node. Since controllers on each network node have equal interaction, they need not consider liabilities of suspicious nodes of malicious users accessing the network through them. Ad-Hoc users will connect to trusted nodes through their embedded SDN-compatible switch. An SDN controller with equal interaction to the network, enhances the security and connectivity between each node.

The major advantages of the SDN based Ad-Hoc network architecture is the compatibility with an SDN legacy network. Since each node in the Ad-Hoc network has an embedded SDN-compatible switch and an SDN controller, both the infrastructure based legacy networks and the infrastructure-less Ad-Hoc networks can interconnect to extend the SDN domain which enhances scalability of IoT networks.

All network rules can also be synchronized between multiple controllers in the extended SDN domain in equal interaction. In modern architectures, the SDN domain is limited to an infrastructured network. In this architecture, Ad-Hoc users are required to connect to the legacy network through other nodes as a network gateway which is directly linked to an SDN controller.

Our architecture extends the SDN domain to include all Ad-Hoc devices. This includes deploying an OpenFlow software switch, such as "Open vSwitch" in each Ad-Hoc node. This configuration can incorporate Ad-Hoc nodes into the SDN domain, therefore extending security rules onto every node. NS-T L.I.O.N. OS™ supports both infra-structured and infrastructure-less networks.

#NS-T for Software