Research article

Secure multi-path routing for Internet of Things based on trust evaluation


  • Received: 04 December 2023 Revised: 13 January 2024 Accepted: 16 January 2024 Published: 04 February 2024
  • In the realm of the Internet of Things (IoT), ensuring the security of communication links and evaluating the safety of nodes within these links remains a significant challenge. The continuous threat of anomalous links, harboring malicious switch nodes, poses risks to data transmission between edge nodes and between edge nodes and cloud data centers. To address this critical issue, we propose a novel trust evaluation based secure multi-path routing (TESM) approach for IoT. Leveraging the software-defined networking (SDN) architecture in the data transmission process between edge nodes, TESM incorporates a controller comprising a security verification module, a multi-path routing module, and an anomaly handling module. The security verification module ensures the ongoing security validation of data packets, deriving trust scores for nodes. Subsequently, the multi-path routing module employs multi-objective reinforcement learning to dynamically generate secure multiple paths based on node trust scores. The anomaly handling module is tasked with handling malicious switch nodes and anomalous paths. Our proposed solution is validated through simulation using the Ryu controller and P4 switches in an SDN environment constructed with Mininet. The results affirm that TESM excels in achieving secure data forwarding, malicious node localization, and the secure selection and updating of transmission paths. Notably, TESM introduces a minimal 12.4% additional forwarding delay and a 5.46% throughput loss compared to traditional networks, establishing itself as a lightweight yet robust IoT security defense solution.

    Citation: Jingxu Xiao, Chaowen Chang, Yingying Ma, Chenli Yang, Lu Yuan. Secure multi-path routing for Internet of Things based on trust evaluation[J]. Mathematical Biosciences and Engineering, 2024, 21(2): 3335-3363. doi: 10.3934/mbe.2024148

    Related Papers:

  • In the realm of the Internet of Things (IoT), ensuring the security of communication links and evaluating the safety of nodes within these links remains a significant challenge. The continuous threat of anomalous links, harboring malicious switch nodes, poses risks to data transmission between edge nodes and between edge nodes and cloud data centers. To address this critical issue, we propose a novel trust evaluation based secure multi-path routing (TESM) approach for IoT. Leveraging the software-defined networking (SDN) architecture in the data transmission process between edge nodes, TESM incorporates a controller comprising a security verification module, a multi-path routing module, and an anomaly handling module. The security verification module ensures the ongoing security validation of data packets, deriving trust scores for nodes. Subsequently, the multi-path routing module employs multi-objective reinforcement learning to dynamically generate secure multiple paths based on node trust scores. The anomaly handling module is tasked with handling malicious switch nodes and anomalous paths. Our proposed solution is validated through simulation using the Ryu controller and P4 switches in an SDN environment constructed with Mininet. The results affirm that TESM excels in achieving secure data forwarding, malicious node localization, and the secure selection and updating of transmission paths. Notably, TESM introduces a minimal 12.4% additional forwarding delay and a 5.46% throughput loss compared to traditional networks, establishing itself as a lightweight yet robust IoT security defense solution.



    加载中


    [1] A. A. Laghari, K. Wu, R. A. Laghari, M. Ali, A. A. Khan, A review and state of art of Internet of Things (IoT), Arch. Comput. Methods Eng., 29 (2022), 1395–1413. https://doi.org/10.1007/s11831-021-09622-6 doi: 10.1007/s11831-021-09622-6
    [2] F. Guo, F. R. Yu, H. Zhang, X. Li, H. Ji, V. C. Leung, Enabling massive IoT toward 6G: A comprehensive survey, IEEE Int. Things J., 8 (2021), 11891–11915. https://doi.org/10.1109/JIOT.2021.3063686 doi: 10.1109/JIOT.2021.3063686
    [3] G. Abbas, A. Mehmood, M. Carsten, G. Epiphaniou, J. Lloret, Safety, Security and Privacy in Machine Learning Based Internet of Things, J. Sensor Actuator Networks, 11 (2022), 38. https://doi.org/10.3390/jsan11030038 doi: 10.3390/jsan11030038
    [4] B. Costa, J. Bachiega, L. R. de Carvalho, A. P. Araujo, Orchestration in fog computing: A comprehensive survey, ACM Comput. Surv., 55 (2022), 1–34. https://doi.org/10.1145/3486221 doi: 10.1145/3486221
    [5] Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu, W. Lv, Edge computing security: State of the art and challenges, Proc. IEEE, 107 (2019), 1608–1631. https://doi.org/10.1109/JPROC.2019.2918437 doi: 10.1109/JPROC.2019.2918437
    [6] A. M. Alwakeel, An overview of fog computing and edge computing security and privacy issues, Sensors, 21 (2021), 8226. https://doi.org/10.3390/s21248226 doi: 10.3390/s21248226
    [7] P. Ranaweera, A. D. Jurcut, M. Liyanage, Survey on multi-access edge computing security and privacy, IEEE Commun. Surv. Tutorials, 23 (2021), 1078–1124. https://doi.org/10.1109/COMST.2021.3062546 doi: 10.1109/COMST.2021.3062546
    [8] J. J. Kang, K. Fahd, S. Venkatraman, R. Trujillo-Rasua, P. Haskell-Dowland, Hybrid routing for Man-in-the-Middle (MITM) attack detection in IoT networks, in 2019 29th International Telecommunication Networks and Applications Conference (ITNAC), (2019), 1–6. https://doi.org/10.1109/ITNAC46935.2019.9077977
    [9] N. Mckeown, Software-defined networking, in IEEE International Conference on Computer Communications, (2009), 30–32. https://doi.org/10.1145/1530748.1530749
    [10] S. Javanmardi, M. Shojafar, R. Mohammadi, M. Alazab, A. M. Caruso, An SDN perspective IoT-Fog security: A survey, Comput. Networks, 229 (2023), 109732. https://doi.org/10.1016/j.comnet.2023.109732 doi: 10.1016/j.comnet.2023.109732
    [11] M. Z. Hussain, Z. M. Hanapi, Efficient secure routing mechanisms for the low-powered IoT network: A literature review, Electronics, 12 (2023), 482. https://doi.org/10.3390/electronics12030482 doi: 10.3390/electronics12030482
    [12] K. Ramezanpour, J. Jagannath, Intelligent zero trust architecture for 5G/6G networks: Principles, challenges, and the role of machine learning in the context of O-RAN, Comput. Networks, 217 (2022), 109358. https://doi.org/10.1016/j.comnet.2022.109358 doi: 10.1016/j.comnet.2022.109358
    [13] F. Kamoun-Abid, A. Meddeb-Makhlour, F. Zarai, M. Guizani, DVF-fog: distributed virtual firewall in fog computing based on risk analysis, Int. J. Sensor Networks, 4 (2019), 30. https://doi.org/10.1504/IJSNET.2019.101242 doi: 10.1504/IJSNET.2019.101242
    [14] K. A. Sadiq, A. F. Thompson, O. A. Ayeni, Mitigating DDoS attacks in cloud network using fog and SDN: A conceptual security framework, Int. J. Appl. Inf. Syst., 32 (2020), 11–16. https://doi.org/10.5120/ijais2020451877 doi: 10.5120/ijais2020451877
    [15] M. Dhawan, R. Poddar, K. Mahajan, V. Mann, Sphinx: detecting security attacks in software-defined networks, in Ndss, (2015), 8–11. https://doi.org/10.14722/ndss.2015.23064
    [16] T. G. Nguyen, T. V. Phan, B. T. Nguyen, C. So-In, Z. A. Baig, S. Sanguanpong, Search: A collaborative and intelligent nids architecture for sdn-based cloud iot networks, IEEE Access, 7 (2019), 107678–107694. https://doi.org/10.1109/ACCESS.2019.2932438 doi: 10.1109/ACCESS.2019.2932438
    [17] M. Pourvahab, G. Ekbatanifard, An efficient forensics architecture in Software-Defined Networking-IoT using blockchain technology, IEEE Access, 7 (2019), 99573–99588. https://doi.org/10.1109/ACCESS.2019.2930345 doi: 10.1109/ACCESS.2019.2930345
    [18] S. Wang, Q. Li, Y. Zhang, LPV: Lightweight packet forwarding verification in SDN, J. Comput., 42 (2019), 176–189.
    [19] L. Xie, Y. Ding, H. Yang, X. Wang, Blockchain-based secure and trustwor-thy internet of things in SDN-enabled 5G-VANETs, IEEE Access, 7 (2019), 56656–56666. https://doi.org/10.1109/ACCESS.2019.2913682 doi: 10.1109/ACCESS.2019.2913682
    [20] D. Li, E. Zhang, M. Lei, C. Song, Zero trust in edge computing environment: a blockchain based practical scheme, Math. Biosci. Eng., 19 (2022), 4196–4216. https://doi.org/10.3934/mbe.2022194 doi: 10.3934/mbe.2022194
    [21] Z. Zuo, C. Chang, Y. Zhang, R. He, X. Qin, K. L. Yung, P4Label: packet forwarding control mechanism based on P4 for software-defined networking, J. Ambient Intell. Human. Comput., 2020 (2020), 1–14. https://doi.org/10.1007/s12652-020-01719-3 doi: 10.1007/s12652-020-01719-3
    [22] T. Sasaki, C. Pappas, T. Lee, T. Hoefler, A. Perrig, SDNsec: Forwarding accountability for the SDN data plane, in 2016 25th International Conference on Computer Communication and Networks (ICCCN), 2016. https://doi.org/10.1109/ICCCN.2016.7568569
    [23] S. A. Latif, F. B. X. Wen, C. Iwendi, F. W. Li, S. M. Mohsin, Z. Han, et al., AI-empowered, blockchain and SDN integrated security architecture for IoT network of cyber physical systems, Comput. Commun., 181 (2022), 274–283. https://doi.org/10.1016/j.comcom.2021.09.029 doi: 10.1016/j.comcom.2021.09.029
    [24] Z. Zeng, X. Zhang, Z. Xia, Intelligent blockchain-based secure routing for multidomain SDN-enabled IoT networks, Wireless Commun. Mob. Comput., 2022 (2022), 1–10. https://doi.org/10.1155/2022/5693962 doi: 10.1155/2022/5693962
    [25] J. Yan, H. Zhang, Q. Shuai, B. Liu, X. Guo, HiQoS: An SDN-based multipath QoS solution, China Commun., 12 (2015), 123–133. https://doi.org/10.1109/CC.2015.7112035 doi: 10.1109/CC.2015.7112035
    [26] S. Alqahtani, A. Alotaibi, A route stability-based multipath QoS routing protocol in cognitive radio ad hoc networks, Wireless Networks, 25 (2019). https://doi.org/10.1007/s11276-019-02014-6 doi: 10.1007/s11276-019-02014-6
    [27] Q. De Coninck, O. Bonaventure, C. Multipathtester, Comparing mptcp and mpquic in mobile environments, in 2019 Network Traffic Measurement and Analysis Conference (TMA), IEEE, (2019), 221–226. https://doi.org/10.23919/TMA.2019.8784653
    [28] C. Pu, Jamming-resilient multipath routing protocol for flying ad hoc networks, IEEE Access, 6 (2018), 68472–68486. https://doi.org/10.1109/ACCESS.2018.2879758 doi: 10.1109/ACCESS.2018.2879758
    [29] D. Jin, Z. Li, C. Hannon, C. Chen, J. Wang, M. Shahidehpour, C. W. Lee, Toward a cyber resilient and secure microgrid using software-defined networking, IEEE Trans. Smart Grid, 8 (2017), 2494–2504. https://doi.org/10.1109/TSG.2017.2703911 doi: 10.1109/TSG.2017.2703911
    [30] T. Li, C. Hofmann, E. Franz, Secure and reliable data transmission in SDN-based backend networks of industrial IoT, in 2020 IEEE 45th Conference on Local Computer Networks (LCN), 2020. https://doi.org/10.1109/LCN48667.2020.9314854
    [31] Q. Ren, T. Hu, J. Wu, Y. Hu, L. He, J. Lan, Multipath resilient routing for endogenous secure software defined networks, Comput. Networks, 194 (2021), 108134. https://doi.org/10.1016/j.comnet.2021.108134 doi: 10.1016/j.comnet.2021.108134
    [32] X. Guo, H. Lin, Z. Li, M. Peng, Deep-reinforcement-learning-based QoS-aware secure routing for SDN-IoT, IEEE Int. Things J., 7 (2019), 6242–6251. https://doi.org/10.1109/JIOT.2019.2960033 doi: 10.1109/JIOT.2019.2960033
    [33] J. Clifton, E. Laber, Q-learning: Theory and applications, Ann. Rev. Stat. Appl., 7 (2020), 279–301. https://doi.org/10.1146/annurev-statistics-031219-041220 doi: 10.1146/annurev-statistics-031219-041220
    [34] P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, et al., P4: Programming protocol-independent packet processors, ACM SIGCOMM Comput. Commun. Rev., 44 (2014), 87–95. https://doi.org/10.1145/2656877.2656890 doi: 10.1145/2656877.2656890
    [35] H. Krawczyk, M. Bellare, R. Canetti, HMAC: Keyed-hashing for message authentication, 1997. https://doi.org/10.17487/rfc2104
  • Reader Comments
  • © 2024 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)
通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

Metrics

Article views(727) PDF downloads(35) Cited by(1)

Article outline

Figures and Tables

Figures(15)  /  Tables(5)

/

DownLoad:  Full-Size Img  PowerPoint
Return
Return

Catalog