Zero trust management of data flow between IoT edge nodes based on SDN
Aiming at the lack of effective means for detecting and localizing malicious nodes in the data flow transmission link in Internet of things (IoT), a zero trust management method of data flow between IoT edge nodes based on software defined network (SDN) was proposed. This method applied the architec...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2024-07-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024060/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539220879966208 |
|---|---|
| author | XIAO Jingxu GUO Yuanbo CHANG Chaowen WU Ping YANG Chenli |
| author_facet | XIAO Jingxu GUO Yuanbo CHANG Chaowen WU Ping YANG Chenli |
| author_sort | XIAO Jingxu |
| collection | DOAJ |
| description | Aiming at the lack of effective means for detecting and localizing malicious nodes in the data flow transmission link in Internet of things (IoT), a zero trust management method of data flow between IoT edge nodes based on software defined network (SDN) was proposed. This method applied the architecture of SDN to the process of data flow transmission between edge nodes. A fixed-length header overhead was used for zero trust management of data flow, nodes, and paths to achieve lightweight packet forwarding verification and malicious node localization functions. In the forwarding path, the security verification of packets was performed by the switching node, and the verification information was counted to ensure the security of the data flow transmission and the consistency of the path. Based on the type of abnormal packets, the controller adopted dichotomous method to mark the switching node that performed the verification operation to gradually narrow down the scope of malicious nodes, and realized the localization of multiple types of malicious nodes. Finally, the proposed method was simulated and evaluated. The experimental results show that the method introduces a forwarding delay of less than 10% and a throughput loss of less than 8%. |
| format | Article |
| id | doaj-art-a08534f1c12641dea87b07c8a6bd81b1 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2024-07-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-a08534f1c12641dea87b07c8a6bd81b12025-01-14T07:24:44ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2024-07-014510111667384897Zero trust management of data flow between IoT edge nodes based on SDNXIAO JingxuGUO YuanboCHANG ChaowenWU PingYANG ChenliAiming at the lack of effective means for detecting and localizing malicious nodes in the data flow transmission link in Internet of things (IoT), a zero trust management method of data flow between IoT edge nodes based on software defined network (SDN) was proposed. This method applied the architecture of SDN to the process of data flow transmission between edge nodes. A fixed-length header overhead was used for zero trust management of data flow, nodes, and paths to achieve lightweight packet forwarding verification and malicious node localization functions. In the forwarding path, the security verification of packets was performed by the switching node, and the verification information was counted to ensure the security of the data flow transmission and the consistency of the path. Based on the type of abnormal packets, the controller adopted dichotomous method to mark the switching node that performed the verification operation to gradually narrow down the scope of malicious nodes, and realized the localization of multiple types of malicious nodes. Finally, the proposed method was simulated and evaluated. The experimental results show that the method introduces a forwarding delay of less than 10% and a throughput loss of less than 8%.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024060/Internet of thingssoftware defined networkzero trust managementanomaly detectionanomaly location |
| spellingShingle | XIAO Jingxu GUO Yuanbo CHANG Chaowen WU Ping YANG Chenli Zero trust management of data flow between IoT edge nodes based on SDN Tongxin xuebao Internet of things software defined network zero trust management anomaly detection anomaly location |
| title | Zero trust management of data flow between IoT edge nodes based on SDN |
| title_full | Zero trust management of data flow between IoT edge nodes based on SDN |
| title_fullStr | Zero trust management of data flow between IoT edge nodes based on SDN |
| title_full_unstemmed | Zero trust management of data flow between IoT edge nodes based on SDN |
| title_short | Zero trust management of data flow between IoT edge nodes based on SDN |
| title_sort | zero trust management of data flow between iot edge nodes based on sdn |
| topic | Internet of things software defined network zero trust management anomaly detection anomaly location |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024060/ |
| work_keys_str_mv | AT xiaojingxu zerotrustmanagementofdataflowbetweeniotedgenodesbasedonsdn AT guoyuanbo zerotrustmanagementofdataflowbetweeniotedgenodesbasedonsdn AT changchaowen zerotrustmanagementofdataflowbetweeniotedgenodesbasedonsdn AT wuping zerotrustmanagementofdataflowbetweeniotedgenodesbasedonsdn AT yangchenli zerotrustmanagementofdataflowbetweeniotedgenodesbasedonsdn |