Abstract
When software-defined networks (SDN) are combined with the Internet of Things (IoT), the scalability of IoT devices is reduced since SDNs manage the network through a centralized controller that attackers easily manipulate. This makes SDNs more susceptible to attacks. The previous approaches had problems with trust management and controller scalability and focused primarily on protecting access control to the SDN controller. All users and apps are registered with characteristics using the Keccak-256 hashing approach in the recommended secure authentication and access control architecture. Digital certificates are issued using the Bliss-B approach that relies on the registration, therefore verifying the authenticity of the authentication. By taking qualities, permitted behaviors, and temporal aspects into account, Soft Actor-Critic (SAC) generates rules for authorized users to enhance network security. By confirming and keeping those rules in a database, the administrator minimizes policy disputes. The improved fuzzy-based decision-making algorithm (IFDA) is used to compute trust and provide access control for the generated policies. A non-cooperative game model calculates individual and general user and application policies for direct and indirect trust. Lastly, the forensic-based investigation algorithm (FBI), which speeds up reaction times and maximizes resource use, provides services to trusted users by quality service and SLA standards. The iFogSim tool is utilized to validate the proposed work, and multiple metrics are employed to validate the performance comparisons between the planned and existing works. The simulation results demonstrate that the suggested secure authentication and access control framework performs better than previous efforts.
Similar content being viewed by others
Data and Material Accessibility
Since no new data were generated or examined in thisstudy, data accessibility is not relevant to this publication.
References
J. Zhang, H. Chen, L. Gong, J. Cao, Z. Gu, The Current Research of IoT Security. 2019 IEEE Fourth International Conference on Data Science in Cyberspace (DSC), (Hangzhou, China, 2019), pp. 346-353, https://doi.org/10.1109/DSC.2019.00059
K. Ragothaman, Y. Wang, B. Rimal, M. Lawrence, Access control for IoT: a survey of existing research, dynamic policies and future directions. Sensors 23(4), 1805 (2023). https://doi.org/10.3390/s23041805
J. Zhao, H. Hu, F. Huang, Y. Guo, L. Liao, Authentication technology in internet of things and privacy security issues in typical application scenarios. Electronics 12(8), 1812 (2023). https://doi.org/10.3390/electronics12081812
A.K. Ranjan, S. Gaurav, Access Control and Authentication in the Internet of Things Environment, in Connectivity Frameworks for Smart Devices. ed. by Z. Mahmood (Springer, Cham, 2016), pp.283–305
P. Kumari, A.K. Jain, SDN-Enabled IoT to Combat the DDoS Attacks, in Communication and Intelligent Systems ICCIS Lecture Notes in Networks and Systems. ed. by H. Sharma, V. Shrivastava, K.K. Bharti, L. Wang (Springer, Singapore, 2022)
K. K. Karmakar, V. Varadharajan, S. Nepal, U. Tupakula SDN enabled secure IoT architecture. IFIP/IEEE Symposium on Integrated Network and Service Management (IM) Arlington VA USA pp. 581 585 (2019)
N. Kammoun et al. A new SDN architecture based on trust management and access control for IoT. Leonard Barolli, Flora Amato, Francesco Moscato, Tomoya Enokido, Makoto Takizawa (eds.) Web, Artificial Intelligence and Network Applications: Proceedings of the Workshops of the 34th International Conference on Advanced Information Networking and Applications (WAINA-2020) Springer International Publishing Cham pp. 245 254 (2020) https://doi.org/10.1007/978-3-030-44038-1_23
D. Bringhenti, J. Yusupov, A. Zarca, F. Valenza, R. Sisto, J.B. Bernabe, A. Skarmeta, Automatic, verifiable, and optimized policy-based security enforcement for SDN-aware IoT networks. Comput. Netw.. Netw. 213, 109123 (2022). https://doi.org/10.1016/j.comnet.2022.109123
A. Wani, S. Revathi Analyzing threats of IoT networks using SDN based intrusion detection system. Pushpak Bhattacharyya, Hanumat G. Sastry, Venkatadri Marriboyina, Rashmi Sharma (eds.) Smart and Innovative Trends in Next Generation Computing Technologies Springer Singapore 536 542 (2018) https://doi.org/10.1007/978-981-10-8660-1_41
J. Chen, Z. Tian, X. Cui et al., Trust architecture and reputation evaluation for internet of things. J. Ambient. Intell. Human Comput 10, 3099–3107 (2019). https://doi.org/10.1007/s12652-018-0887-z
A. Al Hayajneh, M.Z.A. Bhuiyan, I. McAndrew, Improving internet of things (IoT) Security with software-defined networking (SDN). Computers 9(1), 8 (2020). https://doi.org/10.3390/computers9010008
S. K. Tayyaba, M. A. Shah, O. A. Khan, A. W. Ahmed Software defined network (SDN) Based Internet of Things (IoT): A Road Ahead (2017) https://doi.org/10.1145/3102304.3102319
S. Sciancalepore et al. Oauth-iot: An access control framework for the internet of things based on open standards. Computers and Communications (ISCC) 2017 IEEE Symposium on, 676–681 (2017)
R. Mouha, Internet of things (IoT). J. Anal. Inf. Process. 9, 77–101 (2021). https://doi.org/10.4236/jdaip.2021.92006
P. V. Dudhe, N. V. Kadam, R. M. Hushangabade, M. S. Deshmukh Internet of things (IOT): an overview and its applications. 2017 International Conference on Energy, Communication, Data Analytics and Soft Computing (ICECDS) Chennai India 2650–2653 (2017) doi: https://doi.org/10.1109/ICECDS.2017.8389935
O. Flauzac, C. González, A. Hachani, F. Nolot SDN Based Architecture for IoT and Improvement of the Security. In: 2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops, Gwangju Korea (South) pp. 688–693 (2015) doi: https://doi.org/10.1109/WAINA.2015.110
F. Nife, Z. Kotulski New SDN-oriented authentication and access control mechanism. International Conference on Computer Networks springer International Publishing 74 88 (2018) https://doi.org/10.1007/978-3-319-92459-5_7
R. Aschoff, D. Rosendo, M. Machado, A. Santos, D. Sadok A network access control solution combining OrBAC and SDN. 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) Lisbon Portugal pp. 483-489 (2017) https://doi.org/10.23919/INM.2017.7987316
P. Krishnan, K. Jain, A. Aldweesh et al., OpenStackDP: a scalable network security framework for SDN-based OpenStack cloud infrastructure. J Cloud Comp 12, 26 (2023). https://doi.org/10.1186/s13677-023-00406-w
B. Alzahrani, S.A. Chaudhry, An identity-based encryption method for sdn-enabled source routing systems. Secur. Commun. Netw. 2022, 1–7 (2022). https://doi.org/10.1155/2022/1942097
X. J. Li, M. Ma, C. W. Hlaing Improved handshaking procedures for transport layer security in software defined networks. TENCON 2021 - 2021 IEEE Region 10 Conference (TENCON), Auckland New Zealand pp. 305–310 (2021) https://doi.org/10.1109/TENCON54134.2021.9707184.
S. Pradeep, Y.K. Sharma, U.K. Lilhore et al., Developing an SDN security model (EnsureS) based on lightweight service path validation with batch hashing and tag verification. Sci. Rep. 13, 17381 (2023). https://doi.org/10.1038/s41598-023-44701-7
B. Sousa, C. Gonçalves, FedAAA-SDN: federated authentication, authorization and accounting in SDN controllers. Comp. Netw. 239, 110130 (2024). https://doi.org/10.1016/j.comnet.2023.110130
D. T. Tuan, P. T. Duy, L. C. Hau, V. H. Pham A Blockchain-based authentication and access control for smart devices in SDN-enabled networks for metaverse. 2022 9th NAFOSTED Conference on Information and Computer Science (NICS) Ho Chi Minh City Vietnam pp. 123–128 (2022) doi: https://doi.org/10.1109/NICS56915.2022.10013416.
A. Bhattacharya, R. Rana, S. Datta, V. U. P4-sKnock: A two-level host authentication and access control mechanism in P4 based SDN. In: 2022 27th Asia Pacific Conference on Communications (APCC) Jeju Island Republic of Korea pp. 278–283 (2022) doi: https://doi.org/10.1109/APCC55198.2022.9943765.
W. Iqbal et al., ALAM: anonymous lightweight authentication mechanism for sdn-enabled smart homes. IEEE Internet Things J. 8(12), 9622–9633 (2021). https://doi.org/10.1109/JIOT.2020.3024058
A. Kumar, G. Ganapathy, A modified approach for Kerberos authentication protocol with secret image by using visual cryptography. Int. J. Appl. Eng. Res. 12, 11218–11223 (2017)
K.N. Ambili, J. Jose, A secure software defined networking based framework for IoT networks. J. Inf. Secur. Appl. 2020, 1–19 (2020)
O. Salman, I. H. Elhajj, A. Chehab, A. I. Kayssi Software Defined IoT security framework. 2017 Fourth International Conference on Software Defined Systems (SDS), 75-80 (2017)
F. Alqahtani, Z. Al-Makhadmeh, A. Tolba, O. Said, TBM: a trust-based monitoring security scheme to improve the service authentication in the internet of things communications. Comput. Commun.. Commun. (2020). https://doi.org/10.1016/j.comcom.2019.11.030
A. Al-Alaj, R. Krishnan, R. Sandhu ParaSDN: An access control model for SDN applications based on parameterized roles and permissions. 2020 IEEE 6th International Conference on Collaboration and Internet Computing (CIC) Atlanta GA USA pp. 107–116 (2020) doi: https://doi.org/10.1109/CIC50333.2020.00022.
D. Chang, W. Sun, Y. Yang, T. Wang An E-ABAC-based SDN access control method. 6th International Conference on Information Science and Control Engineering (ICISCE) Shanghai China pp. 668–672 (2019) doi: https://doi.org/10.1109/ICISCE48695.2019.00138.
A. Al-Alaj, R. Krishnan, R. Sandhu, SDN-RBAC: An access control model for SDN controller applications. 4th International Conference on Computing, Communications and Security (ICCCS) Rome Italy pp. 1–8 (2019) doi: https://doi.org/10.1109/CCCS.2019.8888031.
Y. Tseng, M. Pattaranantakul, R. He, Z. Zhang, F. Naït-Abdesselam Controller DAC: securing SDN controller with dynamic access control. 2017 IEEE International Conference on Communications (ICC) Paris France pp. 1–6 (2017) doi: https://doi.org/10.1109/ICC.2017.7997249.
X. Zhu, ChaoWen Chang, Q. Xi, ZhiBin Zuo, Attribute-guard: attribute-based flow access control framework in software-defined networking. Secur. Commun. Netw. 6302739, 18 (2020). https://doi.org/10.1155/2020/6302739
H. Kang, V. Yegneswaran, S. Ghoshz, P. Porras, S. Shin Automated permission model generation for securing SDN control-plane. In: IEEE Transactions on Information Forensics and Security 1–1 (2019) Doi: https://doi.org/10.1109/tifs.2019.2946928.
T. Hu, Z. Zhang, P. Yi, D. Liang, Z. Li, Q. Ren, Y. Hu, J. Lan, SEAPP: A secure application management framework based on REST API access control in SDN-enabled cloud environment. J. Parallel Distrib. Comput. 147, 108–123 (2021)
X. Leng, K. Hou, Y. Chen, K. Bu, L. Song, Y. Li, A lightweight policy enforcement system for resource protection and management in the SDN-based cloud. Comput. Networks 161, 68–81 (2019)
Funding
No funding available.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
There are no competing interests that the author has disclosed.
Ethical Approval
The paper accurately and thoroughly reflects the authors’ research and analysis.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Sahana, D.S., Brahmananda, S.H. Authentication-Centric and Access-Controlled Architecture for Edge-Empowered SDN-IoT Networks. J. Inst. Eng. India Ser. B (2024). https://doi.org/10.1007/s40031-024-01053-8
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s40031-024-01053-8