ZFort: A scalable zero-trust approach for trust management and traffic engineering in SDN based IoTs

IF 6 3区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Usman Ashraf , Mohammed Al-Naeem , Muhammad Nasir Mumtaz Bhutta , Chau Yuen
{"title":"ZFort: A scalable zero-trust approach for trust management and traffic engineering in SDN based IoTs","authors":"Usman Ashraf ,&nbsp;Mohammed Al-Naeem ,&nbsp;Muhammad Nasir Mumtaz Bhutta ,&nbsp;Chau Yuen","doi":"10.1016/j.iot.2024.101419","DOIUrl":null,"url":null,"abstract":"<div><div>The Internet of Things (IoT), is a promising solution, but faces critical security challenges in the backdrop of evolving and sophisticated threats. Traditional security models are not well-adopted to protecting these diverse and resource-constrained devices against evolving threats like Advanced Persistent Threats (APTs). We introduce <em>ZFort</em>, a zero-trust framework that prioritizes the security of critical nodes in IoT networks. ZFort dynamically evaluates the risk status of nodes based on node’s criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data ZFort dynamically assesses node risk based on criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data, and Common Vulnerability Scoring System (CVSS). ZFort uses a stochastic differential equation model for dynamic and continuous trust evaluation between nodes. Based on this evaluation, it dynamically adjusts security measures and routing decisions in real-time. Additionally, ZFort quickly isolates nodes that are likely compromised and prevents routing across them. ZFort uses Mixed Integer Linear Programming (MILP) and efficient heuristics, guaranteeing scalability and resource efficiency even in large networks and enhances the resilience and trustworthiness of key IoT infrastructure.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"28 ","pages":"Article 101419"},"PeriodicalIF":6.0000,"publicationDate":"2024-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660524003603","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

The Internet of Things (IoT), is a promising solution, but faces critical security challenges in the backdrop of evolving and sophisticated threats. Traditional security models are not well-adopted to protecting these diverse and resource-constrained devices against evolving threats like Advanced Persistent Threats (APTs). We introduce ZFort, a zero-trust framework that prioritizes the security of critical nodes in IoT networks. ZFort dynamically evaluates the risk status of nodes based on node’s criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data ZFort dynamically assesses node risk based on criticality and vulnerability scores derived from Common Vulnerabilities and Exposures (CVE) data, and Common Vulnerability Scoring System (CVSS). ZFort uses a stochastic differential equation model for dynamic and continuous trust evaluation between nodes. Based on this evaluation, it dynamically adjusts security measures and routing decisions in real-time. Additionally, ZFort quickly isolates nodes that are likely compromised and prevents routing across them. ZFort uses Mixed Integer Linear Programming (MILP) and efficient heuristics, guaranteeing scalability and resource efficiency even in large networks and enhances the resilience and trustworthiness of key IoT infrastructure.
ZFort:基于 SDN 的物联网中信任管理和流量工程的可扩展零信任方法
物联网(IoT)是一种前景广阔的解决方案,但在不断演变的复杂威胁背景下,它面临着严峻的安全挑战。传统的安全模式并不能很好地保护这些多样化、资源有限的设备免受高级持续性威胁(APT)等不断演变的威胁。我们引入了零信任框架 ZFort,该框架优先考虑物联网网络中关键节点的安全。ZFort 根据节点的临界度和来自常见漏洞和暴露(CVE)数据的漏洞评分动态评估节点的风险状态。ZFort 采用随机微分方程模型对节点间的信任度进行动态和连续评估。根据这种评估,它可以动态地实时调整安全措施和路由决策。此外,ZFort 还能快速隔离可能受到攻击的节点,并防止路由穿过这些节点。ZFort 采用混合整数线性规划(MILP)和高效启发式方法,即使在大型网络中也能保证可扩展性和资源效率,并增强关键物联网基础设施的弹性和可信度。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Internet of Things
Internet of Things Multiple-
CiteScore
3.60
自引率
5.10%
发文量
115
审稿时长
37 days
期刊介绍: Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信