Secure multi-path routing for Internet of Things based on trust evaluation.

In the realm of the Internet of Things (IoT), ensuring the security of communication links and evaluating the safety of nodes within these links remains a significant challenge. The continuous threat of anomalous links, harboring malicious switch nodes, poses risks to data transmission between edge nodes and between edge nodes and cloud data centers. To address this critical issue, we propose a novel trust evaluation based secure multi-path routing (TESM) approach for IoT. Leveraging the software-defined networking (SDN) architecture in the data transmission process between edge nodes, TESM incorporates a controller comprising a security verification module, a multi-path routing module, and an anomaly handling module. The security verification module ensures the ongoing security validation of data packets, deriving trust scores for nodes. Subsequently, the multi-path routing module employs multi-objective reinforcement learning to dynamically generate secure multiple paths based on node trust scores. The anomaly handling module is tasked with handling malicious switch nodes and anomalous paths. Our proposed solution is validated through simulation using the Ryu controller and P4 switches in an SDN environment constructed with Mininet. The results affirm that TESM excels in achieving secure data forwarding, malicious node localization, and the secure selection and updating of transmission paths. Notably, TESM introduces a minimal 12.4% additional forwarding delay and a 5.46% throughput loss compared to traditional networks, establishing itself as a lightweight yet robust IoT security defense solution.

Attribute identification based IoT fog data security control and forwarding.

As Internet of Things (IoT) applications continue to proliferate, traditional cloud computing is increasingly unable to meet the low-latency demands of these applications. The IoT fog architecture solves this limitation by introducing fog servers in the fog layer that are closer to the IoT devices. However, this architecture lacks authentication mechanisms for information sources, security verification for information transmission, and reasonable allocation of fog nodes. To ensure the secure transmission of end-to-end information in the IoT fog architecture, an attribute identification based security control and forwarding method for IoT fog data (AISCF) is proposed. AISCF applies attribute signatures to the IoT fog architecture and uses software defined network (SDN) to control and forward fog layer data flows. Firstly, IoT devices add attribute identifiers to the data they send based on attribute features. The ingress switch then performs fine-grained access control on the data based on these attribute identifiers. Secondly, SDN uses attribute features as flow table matching items to achieve fine-grained control and forwarding of fog layer data flows based on attribute identifiers. Lastly, the egress switch dynamically samples data flows and verifies the attribute signatures of the sampled data packets at the controller end. Experimental validation has demonstrated that AISCF can effectively detect attacks such as data tampering and forged matching items. Moreover, AISCF imposes minimal overhead on network throughput, CPU utilization and packet forwarding latency, and has practicality in IoT fog architecture.