A Highly Compatible Verification Framework with Minimal Upgrades to Secure an Existing Edge Network
Authors: 
Zhenyu Li, Yong Ding, Honghao Gao, Bo Qu, Yujue Wang, Jun LiAuthors Info & Claims
Zhenyu Li, Yong Ding, Honghao Gao, Bo Qu, Yujue Wang, Jun LiAuthors Info & ClaimsArticle No.: 41, Pages 1 - 23
Abstract
Edge networks are providing services for an increasing number of companies, and they can be used for communication between edge devices and edge gateways. However, the performance of edge devices varies greatly, and it is not easy to upgrade low-performance edge devices. Therefore, cyber attackers can use the vulnerability of edge devices to implement advanced persistent threat attacks. This article proposes a network verification framework for edge networks that can minimize the upgrades needed to strengthen edge network security. First, the communication parties use the data transmitted by the given edge network. Our method uses our proposed PacketVerifier to attach verification information to the packet after it is sent and to verify and restore the packet before it reaches the receiver. Second, due to the performance requirements of edge networks, we design a new data processing structure, namely, a sliding window double ring, to improve the performance of strict sequential protocols in parallel validation. Finally, experimental simulations show that our parallel processing algorithm has good performance in terms of network bandwidth compared with two existing packet processing algorithms. Furthermore, the proposed packet with verification information is compatible with the existing network topology, which helps PacketVerifier establish trustworthy transmission in a zero-trust environment.
References
[1]
Mahdi Abbasi, Azad Shokrollahi, Mohammad R. Khosravi, and Varun G. Menon. 2020. High-performance flow classification using hybrid clusters in software defined mobile edge computing. Comput. Commun. 160 (July 2020), 643–660.
[2]
Adel Alshamrani, Sowmya Myneni, Ankur Chowdhary, and Dijiang Huang. 2019. A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities. IEEE Commun. Surveys Tutor. 21, 2 (2019), 1851–1877.
[3]
Abdulmalik Alwarafy, Khaled A. Al-Thelaya, Mohamed Abdallah, Jens Schneider, and Mounir Hamdi. 2021. A survey on security and privacy issues in edge-computing-assisted internet of things. IEEE Internet Things J. 8, 6 (2021), 4004–4022.
[4]
Muhammad Ajmal Azad, Samiran Bag, Charith Perera, Mahmoud Barhamgi, and Feng Hao. 2020. Authentic caller: Self-enforcing authentication in a next-generation network. IEEE Trans. Industr. Inform. 16, 5 (2020), 3606–3615.
[5]
Siguang Chen, Xi Zhu, Haijun Zhang, Chuanxin Zhao, Geng Yang, and Kun Wang. 2020. Efficient privacy preserving data collection and computation offloading for fog-assisted IoT. IEEE Trans. Sustain. Comput. 5, 4 (2020), 526–540.
[6]
T. Dierks and E. Rescorla. 2008. RFC 5246: The transport layer security (TLS) protocol version 1.2. RFC. Retrieved from https://www.rfc-editor.org/rfc/rfc5246.html.
[7]
DPDK Project Group. 2021. About DPDK. Retrieved from https://www.dpdk.org/about/.
[8]
FireEye. 2021. Threat Intelligence Reports by Industry. Retrieved from https://www.fireeye.com/current-threats/reports-by-industry.html.
[9]
Gemini George and Sabu M. Thampi. 2020. Combinatorial analysis for securing IoT-assisted industry 4.0 applications from vulnerability-based attacks. IEEE Trans. Industr. Inform. 3203, c (2020), 1–12.
[10]
B. Gleeson, A. Lin, J. Heinanen, G. Armitage, and A. Malis. 2000. RFC2764: A framework for IP based virtual private networks. RFC. Retrieved from https://www.rfc-editor.org/rfc/rfc2764.html.
[11]
Gowenfawr. 2020. How does TLS traffic impact firewalls? Retrieved from https://security.stackexchange.com/questions/207906/how-does-tls-traffic-impact-firewalls.
[12]
Junqin Huang, Linghe Kong, Guihai Chen, Min You Wu, Xue Liu, and Peng Zeng. 2019. Towards secure industrial iot: Blockchain system with credit-based consensus mechanism. IEEE Trans. Industr. Inform. 15, 6 (2019), 3680–3689.
[13]
Hyperledger. 2020. Hyperledger Fabric BlockChain. Retrieved from https://github.com/hyperledger/fabric/blob/master/docs/source/blockchain.rst.
[14]
Nitin Jirwan, Ajay Singh, and Sandip Vijay. 2013. Review and analysis of cryptography techniques. Int. J. Sci. Eng. Res. 4, 3 (2013), 1–6.
[15]
Liu Junjiao, Xiaodong Lin, Chen Xin, Wen Hui, Hong Li, Hu Yan, Sun Jiawei, Shi Zhiqiang, and Limin Sun. 2020. ShadowPLCs: A novel scheme for remote detection of industrial process control attacks. IEEE Trans. Depend. Secure Comput. 5971, c (2020), 1–16.
[16]
Kaspersky. 2021. Kaspersky ICS Cert. Retrieved from https://ics-cert.kaspersky.com.
[17]
Kaspersky. 2021. Kaspersky ICS Cert. Threat landscape for industrial automation systems—Statistics for H2 2020. Retrieved from https://ics-cert.kaspersky.com/reports/2021/03/25/threat-landscape-for-industrial-automation-systems-statistics-for-h2-2020/.
[18]
Hongjun Li, Jia Yu, Hanlin Zhang, Ming Yang, and Huaqun Wang. 2020. Privacy-preserving and distributed algorithms for modular exponentiation in IoT with edge computing assistance. IEEE Internet Things J. 7, 9 (2020), 8769–8779.
[19]
Faisal Naeem, Muhammad Tariq, and H. Vincent Poor. 2021. SDN-enabled energy-efficient routing optimization framework for industrial internet of things. IEEE Transactions on Industrial Informatics 17, 8 (2021), 5660–5667.
[20]
Ben Nahorney. 2019. Threats in encrypted traffic. Retrieved from https://blogs.cisco.com/security/threats-in-encrypted-traffic.
[21]
National Institute of Standards and Technology. 2020. Zero trust architecture—NIST special publication 800-207. Retrieved from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf.
[22]
Tadeu F. Oliveira, Samuel Xavier-De-souza, and Luiz F. Silveira. 2021. Improving energy efficiency on SDN control-plane using multi-core controllers. Energies 14, 11 (2021), 1–20.
[23]
Tie Qiu, Jiancheng Chi, Xiaobo Zhou, Zhaolong Ning, Mohammed Atiquzzaman, and Dapeng Oliver Wu. 2020. Edge computing in industrial internet of things: Architecture, advances and challenges. IEEE Commun. Surveys Tutor. 22, 4 (2020), 2462–2488.
[24]
Partha Pratim Ray and Neeraj Kumar. 2021. SDN/NFV architectures for edge-cloud oriented IoT: A systematic review. Comput. Commun. 169 (2021), 129–153.
[25]
David E. Sanger, Clifford Krauss, and Nicole Perlroth. 2021. Cyberattack Forces a Shutdown of a Top U.S. Pipeline. Retrieved from https://www.nytimes.com/2021/05/08/us/politics/cyberattack-colonial-pipeline.html.
[26]
Jangirala Srinivas, Ashok Kumar Das, Mohammad Wazid, and Neeraj Kumar. 2018. Anonymous lightweight chaotic map-based authenticated key agreement protocol for industrial internet of things. IEEE Trans. Depend. Secure Comput. 17, 6 (2018), 1133–1146.
[27]
Darshana Upadhyay and Srinivas Sampalli. 2020. SCADA (Supervisory Control and Data Acquisition) systems: Vulnerability assessment and security recommendations. Comput. Secur. 89 (2020), 101666.
[28]
Vmware. 2021. VMware ESXi. Retrieved from https://www.vmware.com/products/esxi-and-esx.html.
[29]
Chun Jung Wu, Ying Tie, Satoshi Hara, Kazuki Tamiya, Akira Fujita, Katsunari Yoshioka, and Tsutomu Matsumoto. 2018. Iotprotect: Highly deployable whitelist-based protection for low-cost internet-of-things devices. J. Info. Process. 26 (2018), 662–672.
[30]
Di Wu and Nirwan Ansari. 2021. A trust-evaluation-enhanced blockchain-secured industrial IoT system. IEEE Internet Things J. 8, 7 (2021), 5510–5517.
[31]
Jiale Zhang, Yanchao Zhao, Jie Wu, and Bing Chen. 2020. LVPDA: A lightweight and verifiable privacy-preserving data aggregation scheme for edge-enabled IoT. IEEE Internet Things J. 7, 5 (2020), 4016–4027.
[32]
Peng Zhang, Xiangning Chen, Yun Ge, and Jin Lin. 2016. A parallel processing and synthesis structure for improving access security and efficiency in SDN environment. Chinese J. Electr. 25, 5 (2016), 817–823.
[33]
Xiaojian Zhang, Liandong Chen, Jie Fan, Xiangqun Wang, and Qi Wang. 2021. Power IoT security protection architecture based on zero trust framework. In Proceedings of the IEEE 5th International Conference on Cryptography, Security and Privacy (CSP’21). 166–170.
[34]
Yongli Zhao, Wei Wang, Yajie Li, Carlos Colman Meixner, Massimo Tornatore, and Jie Zhang. 2019. Edge computing and networking: A survey on infrastructures and applications. IEEE Access 7 (2019), 101213–101230.
[35]
Ma Zhaofeng, Wang Xiaochang, Deepak Kumar Jain, Haneef Khan, Gao Hongmin, and Wang Zhen. 2020. A blockchain-based trusted data management scheme in edge computing. IEEE Trans. Industr. Inform. 16, 3 (2020), 2013–2021.
Index Terms
- A Highly Compatible Verification Framework with Minimal Upgrades to Secure an Existing Edge Network
Recommendations
AI4SAFE-IoT: an AI-powered secure architecture for edge layer of Internet of things
AbstractWith the increasing use of the Internet of things (IoT) in diverse domains, security concerns and IoT threats are constantly rising. The computational and memory limitations of IoT devices have resulted in emerging vulnerabilities in most IoT-run ...
EIDDM: Edge and Internet Layer Distributed DoS Threats Detection and Mitigation for Internet of Things Wireless Communications
AbstractDistributed Denial of Service (DDoS) attacks, plague the Internet of Things (IoT)-enabled distributed communication network. To mitigate DDoS attacks on IoT many protocols have been suggested in earlier literature, but most of them are successful ...
UPPAAL-Based Software-Defined Network Verification
TMPA '13: Proceedings of the 2013 Tools & Methods of Program AnalysisA lot of efforts were made in the last few years in the area of software-defined networks (SDN) - a special kind of computer networks in which the switching device control is fully centralized. This paper investigates the problems of formal description ...
Comments
Information & Contributors
Information
Published In
August 2023
303 pages
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 August 2023
Online AM: 24 March 2022
Accepted: 17 January 2022
Revised: 18 September 2021
Received: 12 April 2021
Published in TOIT Volume 23, Issue 3
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- National Key R&D Program of China
- National Natural Science Foundation of China
- Guangdong Key R&D Program
- Guangxi Natural Science Foundation
- PCNL Major Key Project
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 356Total Downloads
- Downloads (Last 12 months)169
- Downloads (Last 6 weeks)7
Reflects downloads up to 30 Aug 2024
Other Metrics
Citations
Cited By
View allView Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in