From an internet service provider's (ISP) perspective, modern broadband access networks pose significant and ever increasing challenges in terms of security management. The growing number of permanently connected home networks, with a myriad of poorly managed devices, imposes significant security risks not only to the domestic customers, unable to defend themselves from security attacks, but also to the ISP and third-parties potentially targeted by large-scale distributed botnet attacks fed by swarms of zombie domestic personal computers. In this context, the traditional delimitation of customer and ISP perimeters is no longer effective. Home networks became too complex and vulnerable to be autonomously managed by the average customer, and the scale and sophistication of distributed security attacks make it more and more difficult for the ISP to properly manage security without intervening outside the boundaries of its own network. Considering this state of affairs, we propose an alternative architecture for security management. This architecture increases the level of integration and cooperation between the domains of the ISP infrastructure and the home network. At the same time, it potentially improves the scalability and granularity of traditional intrusion detection and prevention mechanisms.
Keywords
Security;distributed IDS;home networks;CWMP
Related Project
iCIS - Intelligent Computing in the Internet of Services
Journal
Wiley Security and Communication Networks (ISSN 1939-0122), Hsiao-Hwa Chen and Hamid R. Sharif, July 2015
DOI
Cited by
Year 2018 : 3 citations
Di Mauro, Mario, and Cesario Di Sarno. "Improving SIEM capabilities through an enhanced probe for encrypted Skype traffic detection." Journal of Information Security and Applications 38 (2018): 85-95.
Pecorella, T.; Pierucci, L.; Nizzi, F. “Network Sentiment” Framework to Improve Security and Privacy for Smart Home, Future Internet, Vol 10, Issue 12, pp125, December 2018. DOI: 10.3390/fi10120125
Norbert Nthala, Ivan Flechais, "Rethinking Home Network Security", in Proc. of Conference: European Workshop on Usable Security (EuroUSEC), London, England, April 2018. DOI: 10.14722/eurousec.2018.23011
Year 2016 : 2 citations
K. M. Lee, W. G. Teng and T. W. Hou, "DRASE: A Dynamic Rescheduling and Self-Adaptive Estimation Technique to Enhance ACS Throughputs in CWMP," in IEEE Communications Letters, vol. 20, no. 11, pp. 2161-2164, Nov. 2016.
doi: 10.1109/LCOMM.2016.2602198
Li Kunmin, Toward Optimizing System Capabilities in a CWMP Network, PhD. Thesis, Cheng Kung University Engineering Science degree thesis, 2016 (http://www.airitilibrary.com/Publication/alDetailedMesh?docid=U0026-2706201617101000)