Zero Trust Management Over Consumer Technology-Based IoT Edge Node for SDN Communication and Control of Cyber–Physical Systems

In response to the lack of effective means for detecting and locating malicious exchange nodes in data flow transmission links within the Internet of Things (IoT), this paper proposes a zero-trust management method for data flow between edge nodes based on software defined networking (SDN) communication and control of cyber-physical systems (CPS). To detect and prevent anomalous behaviors like data tampering, forwarding path anomalies, and malicious packet drops through forwarding verification by exchange nodes, SDN-ZTM applies SDN to the data transmission process between IoT edge nodes. This approach applies the SDN architecture to the transmission process of data flows between edge nodes, utilizing a fixed length header overhead for zero-trust management of data flows, nodes, and paths, thereby enabling lightweight packet forwarding verification and malicious exchange node localization. Simulation studies and theoretical research show that SDN-ZTM offers more extensive security features than similar methods. Additionally, SDN-ZTM is a lightweight, useful solution appropriate for IoT application scenarios since it introduces a fixed-length header and has a smaller performance overhead. Experimental results show that the method introduces less than 10% forwarding delay and less than 8% throughput loss.