ZFort: A scalable zero-trust approach for trust management and traffic engineering in SDN based IoTs

IF 6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Internet of Things Pub Date : 2024-10-29 DOI:10.1016/j.iot.2024.101419

Usman Ashraf , Mohammed Al-Naeem , Muhammad Nasir Mumtaz Bhutta , Chau Yuen

{"title":"ZFort: A scalable zero-trust approach for trust management and traffic engineering in SDN based IoTs","authors":"Usman Ashraf , Mohammed Al-Naeem , Muhammad Nasir Mumtaz Bhutta , Chau Yuen","doi":"10.1016/j.iot.2024.101419","DOIUrl":null,"url":null,"abstract":"<div><div>The Internet of Things (IoT), is a promising solution, but faces critical security challenges in the backdrop of evolving and sophisticated threats. Traditional security models are not well-adopted to protecting these diverse and resource-constrained devices against evolving threats like Advanced Persistent Threats (APTs). We introduce <em>ZFort</em>, a zero-trust framework that prioritizes the security of critical nodes in IoT networks. ZFort dynamically evaluates the risk status of nodes based on node’s criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data ZFort dynamically assesses node risk based on criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data, and Common Vulnerability Scoring System (CVSS). ZFort uses a stochastic differential equation model for dynamic and continuous trust evaluation between nodes. Based on this evaluation, it dynamically adjusts security measures and routing decisions in real-time. Additionally, ZFort quickly isolates nodes that are likely compromised and prevents routing across them. ZFort uses Mixed Integer Linear Programming (MILP) and efficient heuristics, guaranteeing scalability and resource efficiency even in large networks and enhances the resilience and trustworthiness of key IoT infrastructure.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"28 ","pages":"Article 101419"},"PeriodicalIF":6.0000,"publicationDate":"2024-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660524003603","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The Internet of Things (IoT), is a promising solution, but faces critical security challenges in the backdrop of evolving and sophisticated threats. Traditional security models are not well-adopted to protecting these diverse and resource-constrained devices against evolving threats like Advanced Persistent Threats (APTs). We introduce ZFort, a zero-trust framework that prioritizes the security of critical nodes in IoT networks. ZFort dynamically evaluates the risk status of nodes based on node’s criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data ZFort dynamically assesses node risk based on criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data, and Common Vulnerability Scoring System (CVSS). ZFort uses a stochastic differential equation model for dynamic and continuous trust evaluation between nodes. Based on this evaluation, it dynamically adjusts security measures and routing decisions in real-time. Additionally, ZFort quickly isolates nodes that are likely compromised and prevents routing across them. ZFort uses Mixed Integer Linear Programming (MILP) and efficient heuristics, guaranteeing scalability and resource efficiency even in large networks and enhances the resilience and trustworthiness of key IoT infrastructure.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

ZFort：基于 SDN 的物联网中信任管理和流量工程的可扩展零信任方法

物联网（IoT）是一种前景广阔的解决方案，但在不断演变的复杂威胁背景下，它面临着严峻的安全挑战。传统的安全模式并不能很好地保护这些多样化、资源有限的设备免受高级持续性威胁（APT）等不断演变的威胁。我们引入了零信任框架 ZFort，该框架优先考虑物联网网络中关键节点的安全。ZFort 根据节点的临界度和来自常见漏洞和暴露（CVE）数据的漏洞评分动态评估节点的风险状态。ZFort 采用随机微分方程模型对节点间的信任度进行动态和连续评估。根据这种评估，它可以动态地实时调整安全措施和路由决策。此外，ZFort 还能快速隔离可能受到攻击的节点，并防止路由穿过这些节点。ZFort 采用混合整数线性规划（MILP）和高效启发式方法，即使在大型网络中也能保证可扩展性和资源效率，并增强关键物联网基础设施的弹性和可信度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.