Mitigating DDoS Flooding Attacks against IoT using Custom Hardware Modules

The increasing number of deployed Internet of Things (IoT) devices is supporting a plethora of new applications that enriches our daily lives. Smart Cities, for instance, leverage IoT to enable new ways of interactions among citizens, government, public services, healthcare, natural resources, waste and energy management. This synergy pushes the participation of individuals and organizations to new levels, strengthening democracy. However, the ubiquity of such devices and their unique characteristics of being numerous, constantly connected to the Internet and having constrained processing capabilities turned IoT into the new target of cyberattacks. Lately, we have witnessed an alarming increase in attack events towards IoT. The most common pattern is usually done in two phases. In the first phase, attackers exploit vulnerabilities in as many devices as possible, turning them into their bots. In the second phase, attackers order bots to dispatch as many request as possible towards a chosen target, flooding them with requests, attempting to exhaust device's computing resources: a Distributed Denial of Service (DDoS) is in place. The traditional targets of massive DDoS attacks are eminent organizations, like financial institutions, governments and online retailers. However, there is space still for small scale DDoS attacks towards IoT devices itself. The main objective would be bringing down IoT devices which firmwares are not easily exploitable, such as security/video surveillance devices. In this paper, we present a study on DDoS flooding attack mitigation where IoT devices are the targets. To that end, we propose a feasible architecture leveraging a CoAP Accelerator to effectively improve device's resilience. The CoAP Accelerator works in cooperation with the device's CPU, having a key role on CoAP message processing. The architecture was prototyped in a System-on-Chip (SoC) Field Programmable Gate Array (FPGA) and evaluations were carried out demonstrating how device's computing resources are not exhausted, thus allowing it to proper operate while under attack.