When a new IoT device joins a T-Net, it will be explicitly registered with the corresponding I-Guardian by an administrator/user.
As more IoT devices join the T-Net, the demand for efficient membership management mechanism will grow.
5) Group Security Mechanisms inside ThingNet: A T-Net must have the following mechanisms to provide group security for T-Net members.
* Ensuring that only known (member) devices are present in the T-Net.
Moreover, if IoT devices have enough resources, it might be possible to integrate intrusion detection systems to monitor the behaviour of the T-Net and to detect anomalous behaviour .
For example, control of packet-flow by utilizing layer 2 mechanisms, such as Address Resolution Protocol in IPv4 and Neighbour Discovery Protocol in IPv6, may be used to support group security inside the T-Net.
Such services will strengthen the overall group security and robustness of the whole T-Net.
When an I-Guardian receives an alert from an IoT device, the I-Guardian generates an SNMPv3 INFORM message including the received alert information and sends it to the corresponding I-Applications and/or the designated Network Management System of the T-Net. The I-Application and NMS need to be equipped with the receiver of an INFORM message.
In this experiment, we assumed that the addition and removal of members from a T-Net group are manually handled by a T-Net administrator.
This way, the attack surface is reduced, as I-Guardians become the only remote target--IoT devices can only be directly attacked if the adversary is located in the T-Net. Therefore, developers, manufacturers, and network administrators can focus their time and effort to patch, update and upgrade I-Guardians' software and hardware.
Moreover, due to this holistic point of view that I-Guardians have of the IoT networks they manage, not only they can actively and passively monitor and manage the security of all IoT devices, but they can also implement additional services that facilitate the orchestration of the functionality of the whole T-Net, enhancing its resilience and robustness.
In addition, the size of T-Net should be determined based on the required level of the realtimeness.