Zero trust management of data flow between IoT edge nodes based on SDN

Aiming at the lack of effective means for detecting and localizing malicious nodes in the data flow transmission link in Internet of things (IoT), a zero trust management method of data flow between IoT edge nodes based on software defined network (SDN) was proposed. This method applied the architecture of SDN to the process of data flow transmission between edge nodes. A fixed-length header overhead was used for zero trust management of data flow, nodes, and paths to achieve lightweight packet forwarding verification and malicious node localization functions. In the forwarding path, the security verification of packets was performed by the switching node, and the verification information was counted to ensure the security of the data flow transmission and the consistency of the path. Based on the type of abnormal packets, the controller adopted dichotomous method to mark the switching node that performed the verification operation to gradually narrow down the scope of malicious nodes, and realized the localization of multiple types of malicious nodes. Finally, the proposed method was simulated and evaluated. The experimental results show that the method introduces a forwarding delay of less than 10% and a throughput loss of less than 8%.