See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/317422672

Software Defined IoT security framework

Conference Paper · May 2017

DOI: 10.1109/SDS.2017.7939144

CITATIONS READS

27 741

4 authors, including:

Ola Salman Imad H. Elhajj

Deepvu American University of Beirut
55 PUBLICATIONS 2,285 CITATIONS 266 PUBLICATIONS 4,644 CITATIONS

SEE PROFILE SEE PROFILE

Ali Chehab
American University of Beirut
364 PUBLICATIONS 5,772 CITATIONS

SEE PROFILE

All content following this page was uploaded by Ali Chehab on 12 October 2017.

The user has requested enhancement of the downloaded file.

 2017 Fourth International Conference on Software Defined Systems (SDS)

Software Defined IoT Security Framework

Ola Salman Imad Elhajj Ali Chehab Ayman Kayssi
Department Electrical and Computer Engineering
American University of Beirut
Beirut 1107 2020, Lebanon
{oms15, ie05, chehab, ayman}@aub.edu.lb

Abstract— The requirements of the fifth generation of We consider Software Defined Networking (SDN) and
mobile communications technology (5G) present many Cloud/Edge computing as the promising technologies to
challenges. Among others, it aims at improved support of address some of these challenges. SDN provides the
device-to-device communication, lower cost, lower latency capabilities to configure policies and rules along the whole
than 4G and lower battery consumption, for better network in a consistent way [1]. SDN, separating control and
implementation of the Internet of things (IoT). However, data planes, is vital to enable dynamic access policies (as well
the connectivity of IoT devices gives rise to additional as for the consistency verification and monitoring tasks).
security and privacy concerns. Given the associated data In this paper, we propose a security framework embedded
proliferation and the integration of third-party in a global IoT network architecture. The main function of this
applications, the access control management becomes an framework is to perform the AA (Authentication and
exceedingly complex task. Thus, a security model is needed. Authorization) operations. This paper is organized as follows:
Few years ago, the “softwarization” invasion along with the in section II, we review the most recent security solutions
network “virtualization” have led to a new network control within SDN. Section III introduces our global view of the IoT
paradigm and paved the way towards a global network future network. In section IV, we present our authentication and
operating system. In this paper, we discuss the IoT authorization flow schemes. Section V illustrates the evaluation
requirements in terms of security and privacy. part. Finally, we conclude in section VI.
Additionally, we propose an IoT software defined security
framework. II. LITERATURE REVIEW
Keywords—SDN, IoT, Authentication, Access Control, A. IOT Security Platform
Security. In [2, 3], a proposition of a federated SDN based controlled
I. INTRODUCTION architecture is presented. This architecture consists of multiple
The increase in connected devices and device to device IoT domains and security is improved by making the SDN
communication has been referred to in many way: Internet of controller a central trusted authority. Thus, the communication
Thing (IoT), Internet of Everything (IoE), Internet of Anything between the adjacent IoT domains is done through the edge
(IoA), Machine-to-Machine (M2M), Industrial Internet of controllers. While the proposed security solution seems to cope
Things (IIoT), etc. The common aspect between all these terms with the scalability issue having multiple IoT controlled
is the connection of new kinds of objects to the Internet in order domains, it is not clear how the federated layer of controllers is
to build a connected world. managed. Actually, it is possible to have a malicious controller
in a certain domain. So, a higher orchestration layer is needed.
In the IoT technology, every “thing” has to be uniquely The domain size, the presence of multiple controllers in the
identified and accessible. Such a task, with the proliferation of same domain, the overhead imposed on the device acting as a
wireless sensors and wireless communication technologies, is controller, and the supported security functions are the main
challenging given the different silos of heterogeneous limitations of the proposed scheme.
networks. In addition, Metcalfe’s law states that the value of a
telecommunication network is exponentially proportional to the The need to implement the access control in IoT at the
number of its connected users. About 50 billion of things will network level is discussed in [4]. The authors argue that
be connected to the global network by 2020 as stated by Cisco. implementing security functions at the device level, as
This large scale will impact QoS and management as we know performed in the current network paradigm, is cumbersome in
them in today’s networks. Furthermore, IoT applications the IoT case. Many of the IoT things are just sensors and do not
typically result in large volumes of data, requiring new ways have that much processing and storage capacities. In this
of logging and analyzing. Finally, the security and privacy context, they proposed a new platform to detect attacks at the
concerns are ones of the most important challenges facing the network level.
IoT proliferation. Having billions of things connected to the The IoT security platform design requirements are
Internet sending real-time data calls for special considerations. discussed in [5, 6]. One of the most important constraints is to
Having different types of data with different levels of have a lightweight security scheme due to the constrained
criticality, from entertainment to medical, we need to establish nature of the IoT environment.
a security model to ensure proper data access and handling. To
complicate matters further, the “things” power consumption B. Network Access Control (NAC)
and processing capabilities limitations constrain the security NAC in traditional networks suffers from several issues
mechanisms that can be supported. such as: lack of authorization, network openness, distributed
nature of network systems (authorization needs centralization

978-1-5386-2855-3/17/$31.00 ©2017 IEEE

 2017 Fourth International Conference on Software Defined Systems (SDS)

of control), rules and policies inconsistency, static rules and concept in the network domain. NFV aims at virtualizing the
management complexity, and the Policy Enforcement Point network functions detaching them from the hardware
localization which presents mostly a bottleneck and a single dependency. Thus, different network functions can be deployed
point of failure. Furthermore, access control in today's networks on the same hardware. Slicing, another option provided by the
is limited to firewalls application and access lists in the network virtualization paradigm, consists of isolating the network
elements [7]. Firewalls suffer from the single point of failure instances giving the opportunity to share the same network
and static configuration problems, and ACLs management is infrastructure between multiple providers, applications, flows,
complex and error prone [8]. Therefore, introducing SDN is key etc.
to hide the complexity in the access control enforcement and On the other hand, advanced technologies for handling IoT
management. By introducing SDN flow-based mentality, the big data are required. Cloud computing revealed high
access control function can achieve finer granularity. effectiveness in this context. Providing Software as a Service
Additionally, the possibility of having different virtual (SaaS), Platform as a Service (PaaS), Infrastructure as a Service
networks on top of the same physical network contributes in (IaaS), and more recently, Network as a Service, cloud
separating the users’ flows using virtual ports (e.g. VLAN). computing was a revolutionary technology in the last decade.
FlowNAC is one of the first attempts to model NAC in a However, centralizing the data storage and analysis at the cloud
flow-based manner [9]. FlowNAC extends 802.1X employing compromises the network core capability to handle the big
EAPoL-in-EAPoL to differentiate services requested by the amount of generated data in terms of added overhead and
same user. Relying on port based access control (PBAC), this latency. Thus, a new technology emerged aiming at pushing
model implements the enforcement point as a module in an data processing and storage to the network edge. Edge/fog
SDN controller capable of configuring the policies as flows computing has been known in the mobile domain by Mobile
along the data paths. FLowIdentity is another attempt to Edge Computing (MEC). MEC aims at providing cloud-based
implement Software-Defined NAC [10]. This work is similar services at the user’s proximity presenting valuable benefits:
to FlowNAC but with the proposition of an RBAC firewall low latency, augmented reality, location awareness, high
which provides flexibility and dynamicity in the policy throughput, high scalability, etc.
enforcement task.
B. Proposed Hierarchical Control-based IoT Architecture
These are some of the most important works aiming at
implementing NAC in a software defined manner showing that Integrating the mentioned enabling technologies, our
network function softwarization. However, these solutions are architecture is composed of six layers: the device layer, the
mainly based on port based access control. IoT calls for a new access network layer, the access control layer, the core network
access control paradigm targeting the application level. Having layer, the core control layer, and the application layer. Being
multiple applications with different level of criticality, we need SDN controlled, this network is not intended to be fully
to have fine-grained control up to the application layer. centralized. However, we resort to a hierarchical design to
Recently, Palo alto Networks corporation proposed to integrate overcome the complexity of a single control level in this highly
App-ID at the network level [11]. Thus, each application having scalable network [13]. Besides, IoT (along with 5G) is depicted
a unique identifier can be granted the correspondent to be the “nervous system” of the digital society [14]. Thus, we
requirements (e.g. QoS) and access permissions. tried in this architecture to imitate the human nervous system,
which is composed of two levels of control: central (brain and
III. FUTURE NETWORK ARCHITECTURE spinal cord) and peripheral (network of nerves), to build an
architecture characterized by a hierarchical control design. In
A. Need for Softwarisation our architecture, the brain of the network is the core controller
As discussed previously, heterogeneity, big data, high and the spinal cord is the set of access controllers. The
scalability, and security and privacy concerns are the main IoT peripheral nerves are the devices connected to the access points.
challenges. Having our private assets (healthcare sensors, car, The Device Layer: This layer consists of a set of
home, etc.) connected to the Internet exposes our private life to heterogeneous devices with different capabilities (processing,
serious security and privacy breaches. power, memory, etc.) and different supported access
In this context, SDN separating the data and control planes technologies (Wi-Fi, Bluetooth, radio wave, etc.). Thus,
allows for more network flexibility, dynamicity, and different authentication schemes are employed (password,
configurability. The SDN architecture, presented in [12], RFID, PIN, challenge/response scheme with symmetric or
consists of a data plane composed by managed network public/private keys, etc.). In this context, each set of devices
elements (switches or routers) and a control plane consisting of will have a certain level of security depending on the
a central controller. An application layer, residing on top of the authentication scheme it supports and the application it runs. A
controller, consists of a set of network functions revealing the device could run multiple applications (with different
network programmability. Different application types ranging credential profiles) and thus each one will have a different
from simple network monitoring to more critical ones such as clearance to access different classes of data.
security policies’ enforcement (e.g. firewall) are supported by The Access Network Layer: This layer consists of a
this layer. Also, a management plane is added vertically aside set of access relay points, which are equipped with SDN
to the control plane. This architecture helps in providing enabled network elements: OpenFlow switches, routers,
management flexibility and network dynamicity (main required middle boxes, etc. Additionally, these access points are
aspects for the future network). Along with SDN, NFV is a fog enabled and thus they can provide primitive data
complementary technology that applies the virtualization services (i.e. OpenStack nodes).
 2017 Fourth International Conference on Software Defined Systems (SDS)

App’ 1 App’ 2 App’ 3 App’ 4 App’ 5

Core Network
Controller

Core Network
App 1 App 2 App 1 App 2 App 1 App 2

Access Controller Access Controller Access Controller

Access Network

Figure 1: Future Network Architecture

The devices in this layer are managed by the access control deployment of these applications over the core and the access
layer and thus the access rules of the underlying devices are networks.
defined by this control layer and configured accordingly in the
IV. PROPOSED SECURITY SCHEME
devices.
The Access Control Layer: This layer consists of the access There are many access control models: Mandatory Access
control points. These intelligent points include mini SDN Control (MAC), Discretionary Access Control (DAC), Role
controllers that manage the underlying heterogeneous Based Access Control (RBAC), Attribute Based Access
networks. Connected to the core network devices, these Control (ABAC), and Capability Based Access Control
software-defined gateways (SD-GWs) are also managed by the (CBAC). MAC was proposed essentially in the military
upper layer control. domain. DAC is applied in some operating systems. RBAC is
mainly used in the web domain. ABAC recently proposed in
The Core Network Layer: This layer consists of a set of the context based security domain to provide dynamic access
hybrid core network elements that connect the clusters of the rules. Most Recently, CBAC has been proposed to cope with
access networks. Controlled by the core SDN controller, this the network scalability and configuration flexibility issues.
layer could employ the autonomic computing paradigm to
enable self-management, self-healing, and self-optimization In our security model, we refer to the architecture presented
characteristics needed in this large and critical network [15]. in section III (Figure 1). We propose to have different access
control models in this architecture. The core controller is acting
The Core Control Layer: This layer is responsible for as a global network operating system and presents high
managing the hybrid core network (SDN and non SDN based criticality, a kind of military security aspect (MAC and/or
devices set: routers, switches, gateways). Having the highest DAC) is needed there. Few subjects must have permission to
level of security, this layer has the central role of access control access or modify any information at this level. The main entities
management. As well as being aware of all network permitted to interact directly with this entity are the access
configurations, authentications, access rules, etc. the core controllers and the set of critical applications (App’s). The
controller has the power to modify or inject new rules in case Second control level of the network, the access one, is a very
of malicious behavior detection or any deficiency. dynamic one. So, it needs to apply a dynamic access control
The Application Layer: This layer consists of a set of model. RBAC or CBAC combined with ABAC would fit these
applications deployed over the virtualized core network. requirements.
Developed by third party companies, these applications can Thus, each thing after having registered and given its initial
present serious security risks. Thus, a tight access control is credentials, it will be assigned a security level (in our case, it
necessary to be integrated within the virtualized managed will be assigned a role and permissions). This level depends on
the thing capabilities (processing, power, and storage) which
 2017 Fourth International Conference on Software Defined Systems (SDS)

affect its authentication faithfulness. Accordingly, it will be time, the AC forwards this request to the CC entity. The CC
assigned permissions with respect to its capabilities and its must authenticate first the AC forwarding the request by
installed applications. Similarly, each application will be verifying the request accompanied certificate.
granted certain capabilities to access network resources (similar
to the mobile applications authorization process).
Each device connected to the IoT network has specific
Thing SD-GW AC CC
capabilities and thus each one will be assigned a certain level
of security accordingly. On the other hand, the set of resources Auth Rqst
(data, processes, bandwidth, etc.) has different levels of ChallengeAuthorization
criticalities and thus each set of resources will have a certain Response
security classification level. In our model, the classification of Ok, Cert
both subjects and resources are performed by the central core Auth Rqst
Auth Rqst, Cert
controller. Different levels of security (e.g. multiple Authorization
Authorization
applications profiles) at the same device might invoke the Challenge Challenge,
multi-level authentication principle and thus at each level, Response Response, Cert
Ok, Cert
different access rules are included. Auth Rqst
Auth Rqst, Cert1 Auth Rqst, Cert1, Cert2
The proposed architecture allows for the distribution of
access control configurations, so, when a subject requires Authorization Authorization
Challenge Challenge, Challenge,
access to a certain object, it sends the request to the nearest Response, Cert
Response Response, Cert
access point which looks for a rule (in case of communication Ok, Cert
resource) in its forwarding table. If it does not find the Conx Rqst, cert
correspondent one, it will ask the access controller. If the access Challenge Authorization
controller has the correspondent configuration, it will reply Response
accordingly. If not, it will forward the request to the core OK
controller through the core network. Thus, the core controller
will check if the subject has the permission to access the target Figure 2: Initial Authentication Scheme
object with respect to the defined properties and security rules Then, it must authenticate and generate the certification for the
with the actual session security function values. But, in either SD-GW, which will be stored in the global database, the local
case, it will send a response back to the access point through AC database and the local SD-GW database. Note that the keys
the access controller. Thus, once configured for the first time, might be generated by the SD-GW, AC or CC but the
the subject at the second access has only to ask the certifications are exclusively generated by the CC. After being
correspondent access point (if it is not mobile). In case of authenticated by the AC, the SD-GW is ready to authenticate
mobility, a communication between the old and new access the user devices. When a new user device wants to connect to
points could solve this issue. Pushing the access control the mobile network, it must initiate an authentication request
configurations to the network edge saves time and bandwidth toward the SD-GW which in turn forwards this request to the
in comparison to a fully centralized control scheme. AC forwarding it to the CC after checking the SD-GW
Additionally, the access controller can have a role in making certificate. The same process takes place, so the CC makes sure
the decision if configured by the corresponding security of the correctness of the AC and SD-GW certificates (Cert1 and
functions and rules. Cert2) and returns to the AC the challenge response values and
As we mentioned before, the subject’s security level per the user device certificate, which must be forwarded back to the
application is a function of the subject ‘s supported user device and stored at each level. When receiving the
authentication scheme and the running application profile. So, certificate and the authentication challenge, the user device
the same application deployed on different assets will not have responds by sending the response to the SD-GW. Upon
the same access permissions and thus this helps in preventing receiving the correct response, the SD-GW authenticates the
weak authenticated devices from breaking the system device by an OK reply. This process takes place only once
confidentiality (for some object security levels). Additionally, when the user connects for the first time to its Home Network.
we consider the request as being processed per application per However, the second time, as shown in the last part of the
session. So, there is no static subject security level. messages exchange, Figure 2, the user device is authenticated
Furthermore, it is granular to the application level. directly with the SD-GW point.
A. Initial Registration, Authentication, and Authorization. B. Intra-domain Authentication and Authorization
In Figure 2, we present the initial authentication process that Delegation.
takes place between the different network elements. Initially, In the second case (Figure 3), the “Thing” is moving from
each AC must be authenticated and certificated by the Core one cell to another. In this case, the SD-GWs being
Controller (CC). Note that in our case, we assume that CC is a authenticated by the AC, they can perform a mutual
trusted party. After authenticating the AC, providing it a authentication using their stored certifications. Initially, when a
certification that is saved in a global database and in the AC handover occurs, the old SD-GW initiates a handover request
local database, each SD-GW has to be authenticated by the AC to the new SD-GW. Thus, after the mutual authentication
and the CC. Hence, after being discovered by the AC, the SD- phase, the old SD-GW sends the “Thing” credentials to the new
GW sends an authentication request to the AC. For the first SD-GW. Consequently, when the “Thing” tries to connect to
 2017 Fourth International Conference on Software Defined Systems (SDS)

the new SD-AP, it will be authenticated correctly. Finally, after Model−Checker (OFCM), the CL−based Attack Searcher (CL-
the handover is performed, the new SD-AP updates the AC ATSe), the SAT−based Model−Checker (SATMC), and the
Tree Automata−based Protocol Analyzer (TA4SP). The default
backend is the OFCM. These back-ends test if the security goals
Thing Old SD- New AC are satisfied or violated [16]. The HLPSL file defines the
GW SD-GW protocol’s agents as roles. Each role has certain parameters
Hand Rqst,
passed to it from other roles, an initial state, and several steps
Challenge1, Authorization
can be defined where transition from state to state is done at
specific events (sending or receiving messages). Each role
Response1, Challenge2
Response2, Hand OK description is defined by having local variables and initial
“Thing” Cert parameters passed to it as parameters. The session declaration
encompasses all the agents, keys, identities, and functions
Conx Rqst,
Challeng Authorization declared in the knowledge of each role. The session role allows
Respons different roles to work in parallel [17].
OK Testing was performed using the SPAN/AVISPA virtual
Update Rqst, box (VBox) disk image on a virtual machine. SPAN is a
OK Authorization Security Protocol Animator; it provides a high-level interface
where the user inputs the protocol description in the CAS
language, which is then automatically transformed into an
HLPSL file [16].
Figure 3: Handling Authentication with intra domain mobility In our CAS file, we defined the core controller, the access
controller, the gateway and the thing as users, their public keys,
about the new “Thing” location. When launching the update,
the used numbers and hash functions in the identifiers section.
the new SD-GW must be authenticated also by the AC. In its
In the messages section, we defined the exchanged messages
turn, the AC must send in its periodic update the new “Thing”
between users. In the knowledge section, we defined the
location to the CC.
knowledge of each user. In the session section, we instantiate
C. Inter-domains Authentication and Authorization the session variables. We have defined also the intruder
Delegation. knowledge and finally the goals. In the generated HLPSL file,
we have three roles: Thing (T), Gateway (GW), Access
New SD- New Controller (AC), and Core Controller (CC). Each role has
Thing Old AC CC
GW AC certain knowledge, initial state, and several transitions defined
Hand Rqst, in its role section. The session initialization is performed in the
Challenge1,
C 1 Authorization environment role where the global variables are defined.
Response1,
C 2 Challenge2 This HLPSL file is translated into an IF file. The analysis,
Response2, Hand OK
“Thing” Cert which is fully automated, is executed on the IF protocol
Conx Rqst,
“Thing” Cert Update Rqst, description file. In our testing, we have applied two backend
Challenge Authorization C 2 Authorization checkers (OFCM & CL_ATSE) to this file. The results show
t
Response that our scheme is SAFE against attacks.
OK OK
The main concept of these checkers is that they look for
Figure 4: Handling Authentication with inter domains mobility possible attacks simulating the role of an intruder. The analysis
considers the channels as insecure mediums and all
In this case, the “Thing” moves form AC domain to another unencrypted messages or encrypted messages with attainable
AC domain (Figure 4). The same process performed in the keys can be perceived by the intruder. So, these testing
previous case between SD-GWs must be performed between algorithms try to test if the defined security goals in the
the involved ACs. Additionally, the new AC must provide the HLPSLIF file can be violated by introducing the intruder role
“Thing” certificate to the new SD-GW. Thus, when the “Thing” or not. Upon the analysis, they decide if the protocol is SAFE,
requests a connection to the new SD-GW, it can be UNSAFE, or INCONCLUSIVE. The main attacks that are
authenticated by the corresponding certificate. Finally, the new considered by these testing/verification algorithms are:
AC must update the CC about the “Thing” location. unauthorized access, masquerade, man-in-the-middle and
replay attacks.
V. ANALYSIS
We tested our scheme using the AVISPA (Automated VI. CONCLUSION
Validation of Internet Security Protocols and Applications) In this paper, we have defined the essential security
tool. This tool uses HLPSL (High Level Protocols Specification functions needed to be implemented in any IoT architecture.
Language), a high-level role-based language which permits the Authentication and authorization are two main security
description of the security protocol using roles. The translator functions to ensure authorized access to network resources.
HLPSLIF transforms the high-level protocol description in an These are primitive and unavoidable security practices. SDN &
intermediate format (IF), which is then passed to one of four NFV, and cloud/edge computing are the enablers of the IoT due
backend modules. These modules are: The On−the−fly to their capability to overcome the unpreceded added
 2017 Fourth International Conference on Software Defined Systems (SDS)

complexity. Consequently, a new architecture integrating these

technologies is proposed in this paper. This architecture,
imitating the human nervous system, presents two levels of
control in a hierarchical way. The SDN control, integrated in
the proposed architecture, besides having a global view of the
network, it helps in providing flexibility to apply any change or
to verify the correctness of the system behavior.
ACKNOWLEDGMENTS
Research funded by TELUS Corp., Canada
REFERENCES
[1] V. Dangovas and F. Kuliesius, "SDN-driven authentication and access
control system." In The International Conference on Digital
Information, Networking, and Wireless Communications (DINWC), p.
20. Society of Digital Information and Wireless Communication, 2014.
[2] O. Flauzac, C. González, A. Hachani and F. Nolot, "SDN Based
Architecture for IoT and Improvement of the Security," 2015 IEEE 29th
International Conference on Advanced Information Networking and
Applications Workshops, Gwangiu, 2015, pp. 688-693.
[3] F. Olivier, G. Carlos and N. Florent, '"New Security Architecture for IoT
Network," Procedia Computer Science, vol. 52, pp. 1028-1033.
[4] V. Sivaraman, H. H. Gharakheili, A. Vishwanath, R. Boreli and O.
Mehani, "Network-level security and privacy control for smart-home
IoT devices," 2015 IEEE 11th International Conference on Wireless and
Mobile Computing, Networking and Communications (WiMob), Abu
Dhabi, 2015, pp. 163-167.
[5] R. T. Tiburski, L. A. Amaral, E. de Matos, D. F. G. de Azevedo and F.
Hessel, "The Role of Lightweight Approaches Towards the
Standardization of a Security Architecture for IoT Middleware
Systems," in IEEE Communications Magazine, vol. 54, no. 12, pp. 56-
62, December 2016.
[6] J. L. Hernández-Ramos, M. P. Pawlowski, A. J. Jara, A. F. Skarmeta and
L. Ladid, "Toward a Lightweight Authentication and Authorization
Framework for Smart Objects," in IEEE Journal on Selected Areas in
Communications, vol. 33, no. 4, pp. 690-702, April 2015.
[7] I. Amdouni, F. Hrizi, A. Laouiti, E. Grasa and H. Chaouchi, "Exploring
the flexibility of network access control in the recursive InterNetwork
Architecture," 2016 22nd Asia-Pacific Conference on Communications
(APCC), Yogyakarta, Indonesia, 2016, pp. 559-566.
[8] M. Belhaouane, J. Garcia-Alfaro and H. Debar, "On the Isofunctionality
of Network Access Control Lists," Availability, Reliability and Security
(ARES), 2015 10th International Conference on, Toulouse, 2015, pp.
168-173.
[9] J. Matias, J. Garay, A. Mendiola, N. Toledo and E. Jacob, "FlowNAC:
Flow-based Network Access Control," 2014 Third European Workshop
on Software Defined Networks, Budapest, 2014, pp. 79-84.
[10] S. T. Yakasai and C. G. Guy, "FlowIdentity: Software-defined network
access control," Network Function Virtualization and Software Defined
Network (NFV-SDN), 2015 IEEE Conference on, San Francisco, CA,
2015, pp. 115-120.
[11] https://www.paloaltonetworks.com/technologies/app-id.
[12] https://tools.ietf.org/html/rfc7426.
[13] D. TABAK, '"A Review of: “THEORY OF HIERARCHICAL,
MULTILEVEL SYSTEMS”, by M. D. Mesarovic, D. Macko and Y.
Takahara. Academic Press, New York, 1970. 294 pp," International
Journal of General Systems, vol. 2, no. 1, 01/01, pp. 55-56.
[14] D. Soldani and A. Manzalini, '"5G: The Nervous System of the True
Digital Society," E-LETTER.
[15] https://tools.ietf.org/html/rfc7575.
[16] http://www.avispa-project.org/package/tutorial.pdf.
[17] http://www.avispa-project.org/package/user-manual.pdf.

View publication stats