WiFi Network Access Control for IoT Connectivity with Software Defined Networking

Abstract

The Internet of Things (IoT) is a fundamental change to the nature of the Internet whereby a massive and diverse range of objects will become network addressable. This may be the networking of previously discrete devices but also the embedding of computers into devices or components that did not previously have it. Not all connected devices have the same access needs nor rights, and network access control must be able to address the diversity effectively. Using a Software Defined Networking (SDN) approach with captive portals and port based network access (IEEE 802.1X) this paper demonstrates the first network access control (NAC) using SDN through judicious use of multiple flow tables in the widely used OpenFlow v1.3 protocol. We show that the 802.1X approach requires up to 72% fewer packets to be exchanged compared to the captive portal approach and up to 80% reduction in terms of authentication delay. Our results also show that access control via DHCP, DNS and HTTP services experience similar authentication delays because the dominant delay is due to the OpenFlow control channel delay. The work presented herein makes significant progress towards empowering network administrators with fine grained control over WiFi networks.