Description:FIELD OF THE INVENTION
This invention relates to trust based identity mode: improving secure data transmission in wireless fog networks using software-defined networking solutions.
BACKGROUND OF THE INVENTION
There are a number of products and practices available today to address the challenges of securely managing wireless fog networks. One significant solution is the SDN-FIoT-HDL system, which combines software-defined networking with deep learning techniques to improve data transmission security and optimize network management. This system uses centralized controllers to manage network resources, ensuring secure routing paths and enhancing traffic management efficiency. Other commercial solutions employ cryptosystems such as Public Key Infrastructure, Secure Sockets Layer, and Transport Layer Security to safeguard data transfers. Static forms of authentication and authorization-combined with key techniques-often employed include role-based access control and attribute-based access control toward managing user and device access.
Another widespread business practice is edge computing platforms like Cisco and Microsoft, which offer localized data processing to minimize latency and improve the quality of services in fog networks. Similarly, IoT-specific platforms such as Amazon AWS IoT Core and Google Cloud IoT offer capabilities for fog computing with secure data transmission and central management. These advancements notwithstanding, many of the currently commercial solutions remain based on static and rigid security models that hinder their ability to respond to dynamic and real-time security threats typical of distributed fog environments.
There exist several significant shortcomings in the currently available solutions to manage the security of fog networks. Traditional systems almost solely depend upon cryptographic keys and digital certificates for authenticating users [1], but they have failed to view the behavior and interactions of nodes in the network. This generally increases the risk of insider threats and unauthorized access [2]. Moreover, the techniques often create high latency and high resource utilization [3] that are often inapplicable to real-time applications that should be low latency and resource utilization [6].
A more significant limitation in traditional security models is the unavailability of dynamic trust mechanisms. Such systems fail to evaluate the trustworthiness of nodes and adapt to changes in real-time, which consequently reduces their strength in countering internal threats as well as meeting the changing dynamics of security concerns [4]. Traditional methods fail to detect intrusions in such dynamic environments due to the inability to utilize complex techniques like anomaly detection based on deep learning [19, 20]. Scalability is a fundamental problem that is inherent in them, with handling and safeguarding large-scale, flexible fog networks that continues its path inefficiency along with the network growth becomes increasingly complex [5, 7]. There is yet another inefficiency issue that is caused by the intensifying sophistication of interconnected IoT devices needing reliable and adaptive security frameworks [23, 30].
The Current security management techniques in fog networks have some limitations. TbI-IoT-FN (Trust-Based Identity Model for IoT Fog Networks) is one of the pioneering models that could help to break the current barrier. The dynamic trust-based approach of this model improves the security of fog networks by considering nodes' behavior and interactions in evaluating their trustworthiness. By integrating adaptive access control and secure data communication, TbI-IoT-FN advances an adaptable and robust security architecture. The relevant prior art includes the systems related to fog and edge computing, which aim to bring cloud-like capabilities closer to end-users, thereby reducing latency and improving the quality of service. Many edge computing frameworks include security capabilities but frequently fail to support dynamic evaluation of trust mechanisms. Further, SDN-based network optimization tools are widely used to enhance traffic engineering and resource allocation in fog networks. These tools provide centralized control and increase data transmission rates but often fail to effectively handle real-time security threats and dynamic threat management. Hybrid deep learning models, SDN-FIoT-HDL, apply the technique of deep learning for anomaly detection and prediction of threats; however, computational overhead may bring latency in the case of resources. These prior art examples also point out ongoing efforts to reduce security and efficiency issues in the case of a fog network.
The Trust-Based Identity Model for IoT-Fog Networks (TbI-IoT-FN) offers several advantages over existing frameworks, particularly in terms of security, efficiency, and performance. Its key aspect on its security mechanism is a strong trust-based identity verification system intended to facilitate safe data transmission. Unlike the earlier models like SDN-FIoT-HDL that primarily depend on deep learning techniques to identify cyber threats, this model adopts a proactive measure by classifying unauthorized access through the identification of the malicious nodes in the network. Secondly, between the fog nodes and cloud servers, the implementation of asymmetrical encryption enhances data protection as it does not offer anything that traditional SDN-based solutions provide. From a resource utilization point of view, the proposed model significantly enhances routing efficiency by utilizing a power-aware fog-based routing protocol that reduces energy consumption and minimizes network latency. As opposed to existing SDN-based methods that adhere to standard routing protocols, TbI-IoT-FN dynamically adjusts thresholds based on network conditions, which helps lower transmission costs and cut down on unnecessary data overhead. This strategy promotes a more effective distribution of workloads, easing congestion and enhancing overall network reliability. Moreover, the model demonstrates improved network performance compared to current alternatives, achieving higher accuracy in node registration to ensure that only authenticated and verified nodes participate in data transmission. It also reduces data transmission loss rates, leading to more effective communication within the fog network. Central control mechanisms provided through SDN promote real-time management of traffic in a network to enhance route optimization and increase transmission speed for faster data. While in the context of traditional models, data packets get lost significantly more often along with poor routes being detected thereby hampering overall performance.
A major difference is achieved in the adaptive and intelligent methods that traffic and routes are managed. Unlike previous SDN-fog frameworks, which were based on simple hop-by-hop routing protocols, the TbI-IoT-FN model employs a central SDN control to provide a holistic view of the network to achieve more precise and effective routing decisions. The inclusion of multiple QoS parameters also optimizes data flows as a function of the current conditions in the network for enhanced reliability in service.
Overall, the TbI-IoT-FN framework surpasses past methods with this better solution providing greater security and efficiency while increasing scalability for use in wireless fog networks. Such an amalgamation of trust-based security, optimal routing, and adaptive traffic management has been instrumental in providing high performance compared with other existing architectures for SDN-fog to make way towards more robust, energy-efficient management of networks.
SUMMARY OF THE INVENTION
This summary is provided to introduce a selection of concepts, in a simplified format, that are further described in the detailed description of the invention.
This summary is neither intended to identify key or essential inventive concepts of the invention and nor is it intended for determining the scope of the invention.
To further clarify advantages and features of the present invention, a more particular description of the invention will be rendered by reference to specific embodiments thereof, which is illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail with the accompanying drawings.
When looking at the subject of security frameworks for fog computing networks, particularly overcoming existing challenges, we realize that TbI-IoT-FN has a dynamic trust management system under its garb. This trust management system evaluates the trust scores of every node following an adaptive change in the trust parameters, affecting current interactions as well as historical interactions. This trust score thus becomes crucial in deciding a competent level of access privileges of that node in real time, hence presenting the possible risks of malicious or compromised nodes to be less. Unlike static systems of cryptography, it turns out to be a much more flexible and adaptive paradigm. Such adaptive security can take cognizance of changing conditions in the network almost in real time and so provide a workable security mechanism.
BRIEF DESCRIPTION OF THE DRAWINGS
The illustrated embodiments of the subject matter will be understood by reference to the drawings, wherein like parts are designated by like numerals throughout. The following description is intended only by way of example, and simply illustrates certain selected embodiments of devices, systems, and methods that are consistent with the subject matter as claimed herein, wherein:
FIGURE 1: SYSTEM ARCHITECTURE
The figures depict embodiments of the present subject matter for the purposes of illustration only. A person skilled in the art will easily recognize from the following description that alternative embodiments of the structures and methods illustrated herein may be employed without departing from the principles of the disclosure described herein.
DETAILED DESCRIPTION OF THE INVENTION
The detailed description of various exemplary embodiments of the disclosure is described herein with reference to the accompanying drawings. It should be noted that the embodiments are described herein in such details as to clearly communicate the disclosure. However, the amount of details provided herein is not intended to limit the anticipated variations of embodiments; on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the scope of the present disclosure as defined by the appended claims.
It is also to be understood that various arrangements may be devised that, although not explicitly described or shown herein, embody the principles of the present disclosure. Moreover, all statements herein reciting principles, aspects, and embodiments of the present disclosure, as well as specific examples, are intended to encompass equivalents thereof.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments. As used herein, the singular forms “a",” “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises,” “comprising,” “includes” and/or “including,” when used herein, specify the presence of stated features, integers, steps, operations, elements and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components and/or groups thereof.
It should also be noted that in some alternative implementations, the functions/acts noted may occur out of the order noted in the figures. For example, two figures shown in succession may, in fact, be executed concurrently or may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
In addition, the descriptions of "first", "second", “third”, and the like in the present invention are used for the purpose of description only, and are not to be construed as indicating or implying their relative importance or implicitly indicating the number of technical features indicated. Thus, features defining "first" and "second" may include at least one of the features, either explicitly or implicitly.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which example embodiments belong. It will be further understood that terms, e.g., those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
Trust Based Identity Model
When looking at the subject of security frameworks for fog computing networks, particularly overcoming existing challenges, we realize that TbI-IoT-FN has a dynamic trust management system under its garb. This trust management system evaluates the trust scores of every node following an adaptive change in the trust parameters, affecting current interactions as well as historical interactions. This trust score thus becomes crucial in deciding a competent level of access privileges of that node in real time, hence presenting the possible risks of malicious or compromised nodes to be less. Unlike static systems of cryptography, it turns out to be a much more flexible and adaptive paradigm. Such adaptive security can take cognizance of changing conditions in the network almost in real time and so provide a workable security mechanism.
TbI-IoT-FN offers a multi-layered security approach that considers both preventive and detective mechanisms to deliver strong protection. The preventive layer uses trust-based access control to restrict unauthorized access proactively, while detective mechanisms like anomaly detection identify and neutralize threats as they emerge. This strengthens the security capability of the entire framework in adaptive environments.
In addition, the resource allocation for the priority data streams is made less congested and prone to data loss because of the centralized control feature of the Software-Defined Networking (SDN) and the proximity of fog computing to lowering the latency.
The TbI-IoT-FN model is built for graceful scalability so that management of node trust and access can dynamically change as the network grows in size and complexity. It begins with the registration of nodes whereby a unique identifier is assigned to each node. Continuous monitoring of the behavior and interaction of nodes then follows, and trust scores are computed with regard to transaction honesty, reputation, and context. Trust-based secure routing algorithms work on the trust scores to choose the reliable nodes to transfer data. Anomaly detection methods help identify malicious nodes, and suspicious activities are flagged for further review and action.
The centralized control in SDN enables real-time traffic analysis and resource allocation for the optimization of network performance with reduced delays. The model was implemented using NS-simulation tools and TCL scripts, and the performance of the model was assessed using metrics like node registration accuracy, trust level computation, data transmission loss rate, and route detection time.
NOVELTY:
The proposed model demonstrated significant improvements in the node registration accuracy and computation of trust levels while reducing data transmission loss and improving routing efficiency. In addition, it reduced latency during route detection to allow for real-time adaptability in network operations. In a nutshell, the TbI-IoT-FN model presents a strong and flexible solution to secure wireless fog networks by addressing the limitations of current systems and fulfilling the evolving needs of today's IoT-driven environments.
REFERENCES
1. P. Mell and T. Grance. (Jun. 3, 2009). Draft NIST Working Definition of Cloud Computing. [Online]. Available: http://csrc.nist.gov/groups/SNC/cloud-computing/index.html

2. https://cloudsecurityalliance.org/download/the-treacherous-twelvecloud-computing-top-threats-in-2016/

3. M. Blum, W. Evans, P. Gemmell, S. Kannan, and M. Naor, “Checking the correctness of memories,” Algorithm ica, vol. 12, no. 2, pp. 225–244, Sep. 1994.

4. G. Ateniese et al., “Provable data possession at untrusted stores,” in Proc. 14th ACM Conf. Comput. Commun. Security, 2007, pp. 598–609.

5. G. Ateniese et al., “Remote data checking using provable data possession,” ACM Trans. Inf. Syst. Security, vol. 14, no. 1, May 2011, art. no. 12.

6. H. Shacham and B. Waters, “Compact proofs of retrievability,” in Proc. Adv. Cryptol.—ASIACRYPT, 2008, pp. 90–107

7. D. Boneh, B. Lynn, and H. Shacham, “Short signatures from the weil pairing,” J. Cryptol., vol. 17, no. 4, pp. 297–319, 2004

8. G. Ateniese, R. Di Pietro, L. V. Mancini, and G. Tsudik, “Scalable and efficient provable data possession,” in Proc. SecureComm, 2008, art. no. 9.

9. Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li, “Enabling public auditability and data dynamics for storage security in cloud computing,” IEEE Trans. Parallel Distrib. Syst., vol. 22, no. 5, pp. 847–859, May 2011.

10. Y. Yu et al., “Enhanced privacy of a remote data integrity-checking protocol for secure cloud storage,” Int. J. Inf. Security, vol. 14, no. 4, pp. 307–318, 2015.

11. D. Boneh and M. Franklin, “Identity-based encryption from the weil pairing,” in Proc. CRYPTO, vol. 2139. 2001, pp. 213–229.

12. J. Zhao, C. Xu, F. Li, and W. Zhang, “Identity-based public verification with privacy-preserving for data storage security in cloud computing,” IEICE Trans. Fundam. Electron., Commun. Comput. Sci., vol. E96-A, pp. 2709–2716, Dec. 2013.

13. Yu, Y., Au, M. Ho., Ateniese, G., Huang, X., Susilo, W., Dai, Y. & Min, G. (2016). Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage. IEEE Transactions on Information Forensics and Security, Online First 1-11.
 
, Claims:1. A system for securing data transmission in wireless fog networks, comprising:
a trust-based identity framework (TbI-IoT-FN) that dynamically evaluates trust scores of network nodes based on both current and historical interactions using adaptive trust parameters;
wherein the trust scores determine real-time access privileges of the nodes to reduce risks from malicious or compromised nodes;
and wherein the system employs Software-Defined Networking (SDN) for centralized control to enable real-time traffic analysis and resource allocation, thereby minimizing data loss and latency.
2. The system as claimed in claim 1, wherein the trust-based identity framework includes a multi-layered security approach comprising a preventive layer for trust-based access control and a detective layer for anomaly detection to identify and mitigate emerging threats.
3. The system as claimed in claim 1, wherein the trust scores are computed based on metrics including transaction honesty, node reputation, and contextual behavior, with continuous monitoring of node interactions for scalable network management.
4. The system as claimed in claim 1, wherein node registration includes assignment of a unique identifier to each node, followed by monitoring and trust evaluation to enable secure and adaptive routing using trust-based algorithms.
5. The system as claimed in claim 1, wherein the implementation using NS-simulation tools and TCL scripts demonstrates improved node registration accuracy, enhanced trust level computation, reduced data transmission loss, and decreased route detection time.