Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/159416
|
| Title: | 零信任工業物聯網環境下基於優先佇列改善系統效率
Improving System Efficiency Using Priority Queue in Zero Trust IIoT Networks |
| Authors: | 林浩鉦
Lin, Hao-Cheng |
| Contributors: | 孫士勝
Sun, Shi-Sheng
林浩鉦
Lin, Hao-Cheng |
| Keywords: | 零信任
工業物聯網
優先佇列
異常偵測
時間敏感網路
Zero Trust Architecture (ZTA)
Industrial Internet of Things (IIoT)
Priority Queue
Abnormal Detection
Time-Sensitive Network (TSN) |
| Date: | 2025 |
| Issue Date: | 2025-09-01 16:57:53 (UTC+8) |
| Abstract: | 工業物聯網(IIoT)部署規模的不斷擴大,伴隨而來的是日益嚴峻的安全風險,促使企業採用零信任架構(ZTA),ZTA是一種「永不信任、始終驗證」的模型,將每個使用者和裝置視為潛在的惡意來源。雖然 ZTA 大幅增強了防禦能力,但同時也引入因為不斷驗證造成的處理延遲,與 IIoT 嚴格的即時需求發生衝突。為了解決此問題,我們提出了一種根據動態信任分數的優先佇列框架,根據封包的即時信任分數將其分配到不同的服務層級,高信任流量能夠較快取得服務,並將此推導至時間敏感網路(TSN)的八階優先佇列中。透過將篩選後的流量建模為 G/D/1 排隊系統,我們即使在非泊松到達下也能預估系統等候時間。結果顯示,程式模擬能使系統等待時間降低 13%,原型架構能使系統等待時間降低 16%,且相同原理可直接擴展至 TSN 的完整八階佇列層級,以保證關鍵 IIoT 訊息的延遲上限。
The ever-growing scale of Industrial Internet of Things (IIoT) deployments has heightened security risks, motivating the adoption of Zero Trust Architecture (ZTA), a “never trust, always verify” model, that treats every user and device as potentially malicious. While ZTA significantly strengthens system defenses, it can also introduce non-negligible processing delays that conflict with IIoT’s stringent real-time requirements. To address this, we introduce a dynamic, trust-driven priority-queueing framework that assigns packets to service tiers based on their real-time trust scores and seamlessly maps high-trust flows into Time-Sensitive Network (TSN)’s eight-level priority scheduling. By modeling the post-filter traffic as a G/D/1 queue, we obtain closed-form delay bounds even under non-Poisson arrivals. Through simulation, our two-tier model demonstrates a 13% reduction in average waiting time. Furthermore, our prototype architecture which is implemented using the MQTT protocol, achieves a 16% reduction in average waiting time. The same principles can be directly extended to TSN’s full eight-tier queuing hierarchy to guarantee bounded latency for critical IIoT messages. |
| Reference: | [1]Daniel Young et al., “The Industrial Internet Reference Architecture,” Industrial Internet Consortium, 1.10, Nov. 2022. [Online]. Available: https://www.iiconsortium.org/wp-content/uploads/sites/2/2022/11/IIRA-v1.10.pdf
[2]A. Atieh, P. Nanda, and M. Mohanty, “A Zero-Trust Framework for Industrial Internet of Things,” in 2023 International Conference on Computing, Networking and Communications (ICNC), Feb. 2023, pp. 331–335. doi: 10.1109/ICNC57223.2023.10074295.
[3]J. Wang, H. Wang, H. Zhang, and N. Cao, “Trust and Attribute-Based Dynamic Access Control Model for Internet of Things,” in 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), Oct. 2017, pp. 342–345. doi: 10.1109/CyberC.2017.47.
[4]S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero Trust Architecture,” National Institute of Standards and Technology, Aug. 2020. doi: 10.6028/NIST.SP.800-207.
[5]Y. Ashibani, D. Kauling, and Q. H. Mahmoud, “Design and Implementation of a Contextual-Based Continuous Authentication Framework for Smart Homes,” Appl. Syst. Innov., vol. 2, no. 1, Art. no. 1, Mar. 2019, doi: 10.3390/asi2010004.
[6]Z. Xu, B. Di, and L. Song, “Design of Cloud-Edge-Gateway Collaborative Zero-Trust Architecture and Workflow for Smart Factories,” in 2024 IEEE International Workshop on Radio Frequency and Antenna Technologies (iWRF&AT), May 2024, pp. 335–339. doi: 10.1109/iWRFAT61200.2024.10594530.
[7]M. Fahim and A. Sillitti, “Anomaly Detection, Analysis and Prediction Techniques in IoT Environment: A Systematic Literature Review,” IEEE Access, vol. 7, pp. 81664–81681, 2019, doi: 10.1109/ACCESS.2019.2921912.
[8]M. Vukadinovic, B. Reiterer, M. Rathmair, and C. G. Schuetz, “Anomaly Detection in Robot Applications: Comparison of Rule-Based and Machine Learning Methods,” in 2024 9th International Conference on Control, Robotics and Cybernetics (CRC), Jan. 2024, pp. 1–5. doi: 10.1109/CRC63701.2024.10949892.
[9]H. Peng, Z. Sun, X. Zhao, S. Tan, and Z. Sun, “A Detection Method for Anomaly Flow in Software Defined Network,” IEEE Access, vol. 6, pp. 27809–27817, 2018, doi: 10.1109/ACCESS.2018.2839684.
[10]“IoT Network Anomaly Detection in Smart Homes Using Machine Learning | IEEE Journals & Magazine | IEEE Xplore.” Accessed: Aug. 04, 2025. [Online]. Available: https://ieeexplore.ieee.org/document/10287977
[11]Donald Gross, John F. Shortle, James M. Thompson, Carl M. Harris, Fundamentals of Queueing Theory. 2008.
[12]Kleinrock, Leonard, Queueing Systems: Theory. 1975.
[13]J. F. C. Kingman, “The single server queue in heavy traffic,” Math. Proc. Camb. Philos. Soc., vol. 57, no. 4, pp. 902–904, Oct. 1961, doi: 10.1017/S0305004100036094.
[14]D. A. Chekired, L. Khoukhi, and H. T. Mouftah, “Industrial IoT Data Scheduling Based on Hierarchical Fog Computing: A Key for Enabling Smart Factory,” IEEE Trans. Ind. Inform., vol. 14, no. 10, pp. 4590–4602, Oct. 2018, doi: 10.1109/TII.2018.2843802.
[15]Z. Jin, C. Zhang, Y. Jin, L. Zhang, and J. Su, “A Resource Allocation Scheme for Joint Optimizing Energy Consumption and Delay in Collaborative Edge Computing-Based Industrial IoT,” IEEE Trans. Ind. Inform., vol. 18, no. 9, pp. 6236–6243, Sept. 2022, doi: 10.1109/TII.2021.3125376.
[16]S. Bhushan and M. Mat, “Priority-Queue based Dynamic Scaling for Efficient Resource Allocation in Fog Computing,” in 2021 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI), Feb. 2021, pp. 1–6. doi: 10.1109/SOLI54607.2021.9672442.
[17]M. Adhikari, M. Mukherjee, and S. N. Srirama, “DPTO: A Deadline and Priority-Aware Task Offloading in Fog Computing Framework Leveraging Multilevel Feedback Queueing,” IEEE Internet Things J., vol. 7, no. 7, pp. 5773–5782, July 2020, doi: 10.1109/JIOT.2019.2946426.
[18]“IEEE Standard for Local and Metropolitan Area Networks–Audio Video Bridging (AVB) Systems,” IEEE Std 8021BA-2021 Revis. IEEE Std 8021BA-2011, pp. 1–45, Feb. 2021, doi: 10.1109/IEEESTD.2021.9653970.
[19]“IEEE Standard for Local and metropolitan area networks – Bridges and Bridged Networks - Amendment 25: Enhancements for Scheduled Traffic,” IEEE Std 8021Qbv-2015 Amend. IEEE Std 8021Q-2014 Amend. IEEE Std 8021Qca-2015 IEEE Std 8021Qcd-2015 IEEE Std 8021Q-2014Cor 1-2015, pp. 1–57, Mar. 2016, doi: 10.1109/IEEESTD.2016.8613095.
[20]Y. Wang, L. Tian, and Z. Chen, “Game Analysis of Access Control Based on User Behavior Trust,” Information, vol. 10, no. 4, Art. no. 4, Apr. 2019, doi: 10.3390/info10040132.
[21]W. Han, Y. Gu, Y. Zhang, and L. Zheng, “Data driven quantitative trust model for the Internet of Agricultural Things,” in 2014 International Conference on the Internet of Things (IOT), Oct. 2014, pp. 31–36. doi: 10.1109/IOT.2014.7030111.
[22]R. A. Light, “Mosquitto: server and client implementation of the MQTT protocol,” J. Open Source Softw., vol. 2, no. 13, p. 265, May 2017, doi: 10.21105/joss.00265. |
| Description: | 碩士
國立政治大學
資訊科學系
112753137 |
| Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0112753137 |
| Data Type: | thesis |
| Appears in Collections: | [Department of Computer Science ] Theses
|
Files in This Item:
| File |
Description |
Size | Format | |
|---|
| 313701.pdf | | 1888Kb | Adobe PDF | 0 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|
