ZFort:基于 SDN 的物联网中信任管理和流量工程的可扩展零信任方法

IF 6 3区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Internet of Things Pub Date : 2024-10-29 DOI:10.1016/j.iot.2024.101419
Usman Ashraf , Mohammed Al-Naeem , Muhammad Nasir Mumtaz Bhutta , Chau Yuen
{"title":"ZFort:基于 SDN 的物联网中信任管理和流量工程的可扩展零信任方法","authors":"Usman Ashraf ,&nbsp;Mohammed Al-Naeem ,&nbsp;Muhammad Nasir Mumtaz Bhutta ,&nbsp;Chau Yuen","doi":"10.1016/j.iot.2024.101419","DOIUrl":null,"url":null,"abstract":"<div><div>The Internet of Things (IoT), is a promising solution, but faces critical security challenges in the backdrop of evolving and sophisticated threats. Traditional security models are not well-adopted to protecting these diverse and resource-constrained devices against evolving threats like Advanced Persistent Threats (APTs). We introduce <em>ZFort</em>, a zero-trust framework that prioritizes the security of critical nodes in IoT networks. ZFort dynamically evaluates the risk status of nodes based on node’s criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data ZFort dynamically assesses node risk based on criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data, and Common Vulnerability Scoring System (CVSS). ZFort uses a stochastic differential equation model for dynamic and continuous trust evaluation between nodes. Based on this evaluation, it dynamically adjusts security measures and routing decisions in real-time. Additionally, ZFort quickly isolates nodes that are likely compromised and prevents routing across them. ZFort uses Mixed Integer Linear Programming (MILP) and efficient heuristics, guaranteeing scalability and resource efficiency even in large networks and enhances the resilience and trustworthiness of key IoT infrastructure.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"28 ","pages":"Article 101419"},"PeriodicalIF":6.0000,"publicationDate":"2024-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"ZFort: A scalable zero-trust approach for trust management and traffic engineering in SDN based IoTs\",\"authors\":\"Usman Ashraf ,&nbsp;Mohammed Al-Naeem ,&nbsp;Muhammad Nasir Mumtaz Bhutta ,&nbsp;Chau Yuen\",\"doi\":\"10.1016/j.iot.2024.101419\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The Internet of Things (IoT), is a promising solution, but faces critical security challenges in the backdrop of evolving and sophisticated threats. Traditional security models are not well-adopted to protecting these diverse and resource-constrained devices against evolving threats like Advanced Persistent Threats (APTs). We introduce <em>ZFort</em>, a zero-trust framework that prioritizes the security of critical nodes in IoT networks. ZFort dynamically evaluates the risk status of nodes based on node’s criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data ZFort dynamically assesses node risk based on criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data, and Common Vulnerability Scoring System (CVSS). ZFort uses a stochastic differential equation model for dynamic and continuous trust evaluation between nodes. Based on this evaluation, it dynamically adjusts security measures and routing decisions in real-time. Additionally, ZFort quickly isolates nodes that are likely compromised and prevents routing across them. ZFort uses Mixed Integer Linear Programming (MILP) and efficient heuristics, guaranteeing scalability and resource efficiency even in large networks and enhances the resilience and trustworthiness of key IoT infrastructure.</div></div>\",\"PeriodicalId\":29968,\"journal\":{\"name\":\"Internet of Things\",\"volume\":\"28 \",\"pages\":\"Article 101419\"},\"PeriodicalIF\":6.0000,\"publicationDate\":\"2024-10-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Internet of Things\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2542660524003603\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660524003603","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

物联网(IoT)是一种前景广阔的解决方案,但在不断演变的复杂威胁背景下,它面临着严峻的安全挑战。传统的安全模式并不能很好地保护这些多样化、资源有限的设备免受高级持续性威胁(APT)等不断演变的威胁。我们引入了零信任框架 ZFort,该框架优先考虑物联网网络中关键节点的安全。ZFort 根据节点的临界度和来自常见漏洞和暴露(CVE)数据的漏洞评分动态评估节点的风险状态。ZFort 采用随机微分方程模型对节点间的信任度进行动态和连续评估。根据这种评估,它可以动态地实时调整安全措施和路由决策。此外,ZFort 还能快速隔离可能受到攻击的节点,并防止路由穿过这些节点。ZFort 采用混合整数线性规划(MILP)和高效启发式方法,即使在大型网络中也能保证可扩展性和资源效率,并增强关键物联网基础设施的弹性和可信度。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
ZFort: A scalable zero-trust approach for trust management and traffic engineering in SDN based IoTs
The Internet of Things (IoT), is a promising solution, but faces critical security challenges in the backdrop of evolving and sophisticated threats. Traditional security models are not well-adopted to protecting these diverse and resource-constrained devices against evolving threats like Advanced Persistent Threats (APTs). We introduce ZFort, a zero-trust framework that prioritizes the security of critical nodes in IoT networks. ZFort dynamically evaluates the risk status of nodes based on node’s criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data ZFort dynamically assesses node risk based on criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data, and Common Vulnerability Scoring System (CVSS). ZFort uses a stochastic differential equation model for dynamic and continuous trust evaluation between nodes. Based on this evaluation, it dynamically adjusts security measures and routing decisions in real-time. Additionally, ZFort quickly isolates nodes that are likely compromised and prevents routing across them. ZFort uses Mixed Integer Linear Programming (MILP) and efficient heuristics, guaranteeing scalability and resource efficiency even in large networks and enhances the resilience and trustworthiness of key IoT infrastructure.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Internet of Things
Internet of Things Multiple-
CiteScore
3.60
自引率
5.10%
发文量
115
审稿时长
37 days
期刊介绍: Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.
期刊最新文献
Mitigating smart contract vulnerabilities in electronic toll collection using blockchain security LBTMA: An integrated P4-enabled framework for optimized traffic management in SD-IoT networks AI-based autonomous UAV swarm system for weed detection and treatment: Enhancing organic orange orchard efficiency with agriculture 5.0 A consortium blockchain-edge enabled authentication scheme for underwater acoustic network (UAN) Is artificial intelligence a new battleground for cybersecurity?
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1