Methods to strengthen cyber-security and privacy in a deterministic internet of things

摘要

Methods to strengthen the cyber-security and privacy in a proposed deterministic Internet of Things (IoT) network are described. The proposed deterministic IoT consists of a network of simple deterministic packet switches under the control of a low-complexity ‘Software Defined Networking’ (SDN) control-plane. The network can transport ‘Deterministic Traffic Flows’ (DTFs), where each DTF has a source node, a destination node, a fixed path through the network, and a deterministic or guaranteed rate of transmission. The SDN control-plane can configure millions of distinct interference-free ‘Deterministic Virtual Networks’ (DVNs) into the IoT, where each DVN is a collection of interference-free DTFs. The SDN control-plane can configure each deterministic packet switch to store several deterministic periodic schedules, defined for a scheduling-frame which comprises F time-slots. The schedules of a network determine which DTFs are authorized to transmit data over each fiber-optic link of the network. These schedules also ensure that each DTF will receive a deterministic rate of transmission through every switch it traverses, with full immunity to congestion, interference and Denial-of-Service (DoS) attacks. Any unauthorized transmissions by a cyber-attacker can also be detected quickly, since the schedules also identify unauthorized transmissions. Each source node and destination node of a DTF, and optionally each switch in the network, can have a low-complexity private-key encryption/decryption unit. The SDN control-plane can configure the source and destination nodes of a DTF, and optionally the switches in the network, to encrypt and decrypt the packets of a DTF using these low-complexity encryption/decryption units. To strengthen security and privacy and to lower the energy use, the private keys can be very large, for example several thousands of bits. The SDN control-plane can configure each DTF to achieve a desired level of security well beyond what is possible with existing schemes such as AES, by using very long keys. The encryption/decryption units also use a new serial permutation unit the very low hardware cost, which allows for exceptional security and very-high throughputs in FPGA hardware.