ZETROS: A zero-trust IoT network security framework using distributed blacklisting, trust scoring and smart contracts

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-08-19 DOI:10.1016/j.comnet.2025.111601

Cem Ata Baykara , Ilgın Şafak , Kubra Kalkan

{"title":"ZETROS: A zero-trust IoT network security framework using distributed blacklisting, trust scoring and smart contracts","authors":"Cem Ata Baykara , Ilgın Şafak , Kubra Kalkan","doi":"10.1016/j.comnet.2025.111601","DOIUrl":null,"url":null,"abstract":"<div><div>The purpose of Internet of Things (IoT) security is to ensure the availability, confidentiality, and integrity of IoT networks. However, due to the heterogeneity of IoT devices and the possibility of attacks of various kinds from both inside and outside the network, securing an IoT network is a difficult task. Handshake protocols are useful for achieving mutual authentication, which allows secure inclusion of devices into the network. By verifying that the information they receive is accurate and from a trusted source, mutual authentication minimizes the possibility that a malicious actor will compromise their connections. However, handshake protocols do not protect devices from attackers in the network. Use of autonomous anomaly detection and blacklisting prevents nodes with anomalous behavior from joining, re-joining, or remaining in the network. Similarly, trust scoring is another popular method that can be used to increase the resilience of the network against trust based system attacks. In view of the above, the contributions of this paper are three-fold. First, to ensure the security of the IoT network from outsider attacks in a zero-trust environment, we propose a new handshake protocol based on Physical Unclonable Functions that can be used in IoT device discovery and mutual authentication between the IoT device and the server. The proposed protocol is resilient to Man-in-the-Middle, replay and forgery attacks, as proven in our security analysis. Secondly, we propose a real-time intrusion and anomaly detection framework based on machine learning to prevent network-based attacks from insiders. Finally, we propose a trust system which utilizes feedback mechanisms based on smart contracts for managing the trust of a dynamic IoT network to increase resilience against behavioral attacks. Simulation results show that by using blacklisting, our trust management model provides greater resilience against trust-based attacks compared to similar blockchain-based trust models in the literature, and the proposed distributed IoT network security framework can secure an IoT network from both internal and external attacks, even in an environment where half of the devices in the network are compromised.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"271 ","pages":"Article 111601"},"PeriodicalIF":4.6000,"publicationDate":"2025-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625005687","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The purpose of Internet of Things (IoT) security is to ensure the availability, confidentiality, and integrity of IoT networks. However, due to the heterogeneity of IoT devices and the possibility of attacks of various kinds from both inside and outside the network, securing an IoT network is a difficult task. Handshake protocols are useful for achieving mutual authentication, which allows secure inclusion of devices into the network. By verifying that the information they receive is accurate and from a trusted source, mutual authentication minimizes the possibility that a malicious actor will compromise their connections. However, handshake protocols do not protect devices from attackers in the network. Use of autonomous anomaly detection and blacklisting prevents nodes with anomalous behavior from joining, re-joining, or remaining in the network. Similarly, trust scoring is another popular method that can be used to increase the resilience of the network against trust based system attacks. In view of the above, the contributions of this paper are three-fold. First, to ensure the security of the IoT network from outsider attacks in a zero-trust environment, we propose a new handshake protocol based on Physical Unclonable Functions that can be used in IoT device discovery and mutual authentication between the IoT device and the server. The proposed protocol is resilient to Man-in-the-Middle, replay and forgery attacks, as proven in our security analysis. Secondly, we propose a real-time intrusion and anomaly detection framework based on machine learning to prevent network-based attacks from insiders. Finally, we propose a trust system which utilizes feedback mechanisms based on smart contracts for managing the trust of a dynamic IoT network to increase resilience against behavioral attacks. Simulation results show that by using blacklisting, our trust management model provides greater resilience against trust-based attacks compared to similar blockchain-based trust models in the literature, and the proposed distributed IoT network security framework can secure an IoT network from both internal and external attacks, even in an environment where half of the devices in the network are compromised.

查看原文本刊更多论文

ZETROS：零信任物联网网络安全框架，使用分布式黑名单、信任评分和智能合约

物联网（IoT）安全的目的是确保物联网网络的可用性、保密性和完整性。然而，由于物联网设备的异质性以及网络内外各种攻击的可能性，确保物联网网络的安全是一项艰巨的任务。握手协议对于实现相互认证很有用，这允许设备安全地包含到网络中。通过验证他们收到的信息是准确的，并且来自可信的来源，相互身份验证可以最大限度地减少恶意行为者破坏其连接的可能性。但是，握手协议不能保护网络中的设备免受攻击者的攻击。使用自主异常检测和黑名单防止节点异常行为从加入，重新加入，或留在网络。类似地，信任评分是另一种流行的方法，可用于增加网络抵御基于信任的系统攻击的弹性。综上所述，本文的贡献有三个方面。首先，为了确保物联网网络在零信任环境下免受外部攻击的安全，我们提出了一种基于物理不可克隆功能的新的握手协议，该协议可用于物联网设备发现和物联网设备与服务器之间的相互认证。正如我们的安全分析所证明的那样，所提出的协议具有抵御中间人攻击、重放攻击和伪造攻击的能力。其次，我们提出了一个基于机器学习的实时入侵和异常检测框架，以防止来自内部人员的基于网络的攻击。最后，我们提出了一个信任系统，该系统利用基于智能合约的反馈机制来管理动态物联网网络的信任，以增加对行为攻击的弹性。仿真结果表明，与文献中类似的基于区块链的信任模型相比，通过使用黑名单，我们的信任管理模型对基于信任的攻击提供了更大的弹性，并且所提出的分布式物联网网络安全框架可以保护物联网网络免受内部和外部攻击，即使在网络中一半设备被破坏的环境中也是如此。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.