IEEE Access (Jan 2022)
The “Cyber Security via Determinism” Paradigm for a Quantum Safe Zero Trust Deterministic Internet of Things (IoT)
Abstract
The next-generation Internet of Things (IoT) will control the critical infrastructure of the 21st century, including the Smart Power Grid and Smart Cities. It will also support Deterministic Communications, where ‘deterministic traffic flows’ (D-flows) receive strict Quality-of-Service (QoS) guarantees. A ‘Cybersecurity via Determinism’ paradigm for the next-generation ‘Industrial and Tactile Deterministic IoT’ is presented. A forwarding sub-layer of simple and secure ‘deterministic packet switches’ (D-switches) is introduced into layer-3. This sub-layer supports many deterministic Software Defined Wide Area Networks (SD-WANs), along with 3 new tools for improving cyber security: Access Control, Rate Control, and Isolation Control. A Software Defined Networking (SDN) control-plane configures each D-switch (ie FPGA) with multiple deterministic schedules to support D-flows. The SDN control-plane can embed millions of isolated Deterministic Virtual Private Networks (DVPNs) into layer 3. This paradigm offers several benefits: 1) All congestion, interference, and Distributed Denial-of-Service (DDOS) attacks are removed; 2) Buffer sizes in D-switches are reduced by 1000+ times; 3) End-to-end IoT delays can be reduced to ultra-low latencies, i.e., the speed-of-light in fiber; 4) The D-switches do not require Gigabytes of memory to store large IP routing tables; 5) Hardware support is provided in layer 3 for the US NIST Zero Trust Architecture; 6) Packets within a DVPN can be entirely encrypted using Quantum Safe encryption, which is impervious to attacks by Quantum Computers using existing quantum algorithms; 7) The probability of an undetected cyberattack targeting a DVPN can be made arbitrarily small by using long Quantum Safe encryption keys; and 8) Savings can reach $\$ $ 10s of Billions per year, through reduced capital, energy and operational costs.
Keywords
