Blockchain-Aided Flow Insertion and Verification in Software Defined Networks

The Internet of Things (IoT) connected by Software Defined Networking (SDN) promises to bring great benefits to cyber-physical systems. However, the increased attack surface offered by the growing number of connected vulnerable devices and complex nature of SDN control plane applications could overturn the huge benefits of such a system. This paper addresses the vulnerability of some unspecified security flaw in the SDN control plane application (such as a zero-day software vulnerability) which can be exploited to insert malicious flow rules in the switch that do not match network policies. Specifically, we propose a blockchain-as-a-service (BaaS) based framework that supports switch flow verification and insertion; and additionally provides straightforward deployment of blockchain technology within an existing SDN infrastructure. While use of an external BaaS brings straightforward deployment, it obscures knowledge of the blockchain agents who are responsible for flow conformance testing through a smart blockchain contract, leading to potential exploitation. Thus, we design a strategy to prevent the blockchain agents from acting arbitrarily, as this would result in what is termed a “moral hazard”. We achieve this by developing a novel mathematical model of the fair reward scheme based on game theory. To understand the performance of our system, we evaluate our model using a Matlab based simulation framework. The simulation results demonstrate that the proposed algorithm balances the needs of the blockchain agents to maximise the overall social welfare, i.e. the sum of profits across all parties

Federated Machine Learning for Resource Allocation in Multi-domain Fog Ecosystems

The proliferation of the Internet of Things (IoT) has incentivised extending cloud resources to the edge in what is deemed fog computing. The latter is manifesting as an ecosystem of connected clouds, geo-dispersed and of diverse capacities. In such ecosystem, workload allocation to fog services becomes a non-trivial challenge. Users' demand at the edge is diverse, which does not lend to straightforward resource planning. Conversely, running services at the edge may leverage proximity, but it comes at higher operational cost let alone increasing risk of resource straining. Consequently, there is a need for intelligent yet scalable allocation solutions that counter the adversity of demand, while efficiently distributing load between the edge and farther clouds. Machine learning is increasingly adopted in resource planning. This paper proposes a federated deep reinforcement learning system, based on deep Q-learning network (DQN), for workload distribution in a fog ecosystem. The proposed solution adapts a DQN to optimize local workload allocations, made by single gateways. Federated learning is incorporated to allow multiple gateways in a network to collaboratively build knowledge of users' demand. This is leveraged to establish consensus on the fraction of workload allocated to different fog nodes, using lower data supply and computation resources. System performance is evaluated using realistic demand from Google Cluster Workload Traces 2019. Evaluation results show over 50% reduction in failed allocations when spreading users over larger number of gateways, given fixed number of fog nodes. The results further illustrate the trade-offs between performance and cost under different conditions

Intent-based Decentralized Orchestration for Green Energy-aware Provisioning of Fog-native Workflows

The cloud native paradigm is emerging as a pathway to developing applications for intrinsic operation on the cloud. This prompted application modularity, leveraging the adoption of the microservices architecture. Meanwhile, fog computing is emerging as a geo-dispersed cloud, bringing services closer to the end-user for localization and improved responsiveness. Transitioning to fog-native applications, i.e. managing microservice workflows over the fog, is a non-trivial challenge. On one hand, engineering workflows require awareness of the dependencies across microservices, as they impact the perceived quality of service. On the other hand, the heterogeneity of capacities, energy prices and supply, introduce challenges that can negate the sought advantages of the fog. This work proposes a novel algorithm based on Alternating Direction Method of Multipliers for intent-based workflow mapping and admission, iADMM. The performance of the algorithm is evaluated analytically and experimentally and compared to a baseline compute-network cost minimization alternative. Evaluation results show that iADMM achieves near optimal decisions in minimizing operational costs without violating workflow intents

Securing SDN controlled IoT Networks Through Edge-Blockchain

The Internet of Things (IoT) connected by Software Defined Networking (SDN) promises to bring great benefits to cyber-physical systems. However, the increased attack surface offered by the growing number of connected vulnerable devices and separation of SDN control and data planes could overturn the huge benefits of such a system. This paper addresses the vulnerability of the trust relationship between the control and data planes. To meet this aim, we propose an edge computing based blockchain-as-a-service (BaaS), enabled by an external BaaS provider. The proposed solution provides verification of inserted flows through an efficient, edge-distributed, blockchain solution. We study two scenarios for the blockchain reward purpose: (a) information symmetry, in which the SDN operator has direct knowledge of the real effort spent by the BaaS provider; and (b) information asymmetry, in which the BaaS provider controls the exposure of information regarding spent effort. The latter yields the so called “moral hazard”, where the BaaS may claim higher than actual effort. We develop a novel mathematical model of the edge BaaS solution; and propose an innovative algorithm of a fair reward scheme based on game theory that takes into account moral hazard. We evaluate the viability of our solution through analytical simulations. The results demonstrate the ability of the proposed algorithm to maximize the joint profits of the BaaS and the SDN operator, i.e. maximizing the social welfare

Hybrid Blockchain for IoT—Energy Analysis and Reward Plan

Blockchain technology has brought significant advantages for security and trustworthiness, in particular for Internet of Things (IoT) applications where there are multiple organisations that need to verify data and ensure security of shared smart contracts. Blockchain technology offers security features by means of consensus mechanisms; two key consensus mechanisms are, Proof of Work (PoW) and Practical Byzantine Fault Tolerance (PBFT). While the PoW based mechanism is computationally intensive, due to the puzzle solving, the PBFT consensus mechanism is communication intensive due to the all-to-all messages; thereby, both may result in high energy consumption and, hence, there is a trade-off between the computation and the communication energy costs. In this paper, we propose a hybrid-blockchain (H-chain) framework appropriate for scenarios where multiple organizations exist and where the framework enables private transaction verification and public transaction sharing and audit, according to application needs. In particular, we study the energy consumption of the hybrid consensus mechanisms in H-chain. Moreover, this paper proposes a reward plan to incentivize the blockchain agents so that they make contributions to the H-chain while also considering the energy consumption. While the work is generally applicable to IoT applications, the paper illustrates the framework in a scenario which secures an IoT application connected using a software defined network (SDN). The evaluation results first provide a method to balance the public and private parts of the H-chain deployment according to network conditions, computation capability, verification complexity, among other parameters. The simulation results demonstrate that the reward plan can incentivize the blockchain agents to contribute to the H-chain considering the energy consumption of the hybrid consensus mechanism, this enables the proposed H-chain to achieve optimal social welfare

Warrens: Decentralized Connectionless Tunnels for Edge Container Networks

In recent years, workload containerisation has been extended to the edge, bringing with it the need for flexible overlay networking. However, current container networking solutions are generally designed for the cloud, aimed at relatively static clusters with centralized generation of container subnet addresses and assigning them to nodes. Added to that existing tunneling solutions, such as Virtual Private Networks (VPN), also have centralized components. Conversely, the network edge is geo-dispersed and has a volatile topology,with edge nodes typically hidden behind routers, in private networks. To enable large-scale networking at the edge, there is need for decentralized self-management of container network addresses and overlay tunnels. This manuscript presents Warrens, a framework for fully decentralized and self-organizing cloud-edge container networks. Warrens enables communication between edge nodes in different private networks by enabling connectionless tunnels, supported by decentralized self-assignment of container IP addresses, with the assignment scheme minimizing address conflict to a negligible level. Warrens has been implemented in two variants using kernel-level eBPF for processing speed, and user-level Golang for wider compatibility. Warrens is shown to be highly scalable compared to a typical VPN solution, and performance evaluations demonstrate it can handle a full network load on both x64 devices and a Raspberry Pi with ≈0.5% to 5% total CPU load, depending on traffic direction and protocols used

A Dynamic Service Trading in a DLT-Assisted Industrial IoT Marketplace

With the increasing demand for digitalization and participation in Industry 4.0, new challenges have emerged concerning the market of digital services to compensate for the lack of processing, computation, and other resources within Industrial Internet of Things (IIoTs). At the same time, the complexity of interplay among stakeholders has grown in size, granularity, and variation of trust. In this paper, we consider an IIoT resource market with heterogeneous buyers such as manufacturer owners. The buyers interact with the resource supplier dynamically with specific resource demands. This work introduces a broker between the supplier and the buyers, equipped with Distributed Ledger Technologies (DLT) providing a service for market security and trustworthiness. We first model the DLT-assisted IIoT market analytically to determine an offline solution and understand the selfish interactions among different entities (buyers, supplier, broker). Considering the non-cooperative heterogeneous buyers in the dynamic market, we then follow an independent learners framework to determine an online solution. In particular, the decision-making procedures of buyers are modeled as a Partially Observable Markov Decision Process which is solved using independent Q-learning. We evaluate both the offline and online solutions with analytical simulations, and the results show that the proposed approaches successfully maximize players’ satisfaction. The results further demonstrate that independent Q-learners achieve equilibrium in a dynamic market even without the availability of complete information and communication, and reach a better solution compared to that of centralized Q-learning