Managing AAA in NFV/SDN-enabled IoT scenarios

Abstract

This paper proposes a novel policy-based framework to manage Authentication, Authorization and Accounting (AAA) and Channel Protection security functions in IoT networks enabled with Software defined Networks (SDN) and Network Function Virtualization (NFV) technologies. The virtual AAA, including network authenticators, are deployed as VNF dynamically at the edge, facilitating the devices' bootstrapping and ruling the access control of IoT devices to the network. The enforcement of network authorization decisions in the virtual switches is carried out through SDN. Moreover, the proposed softwarized and centralized channel protection management solution allows distributing dynamically the necessary cryptokeys for IoT M2M communications, in order to establishing DTLs tunnels among IoT devices, whenever demanded by the cybersecurity framework.