Zero Trust IoT library
Loading...
Searching...
No Matches
Zero Trust IoT Security Library for NS-3

Overview

This library introduces Zero Trust security principles into NS-3 simulations of IoT and Edge networks. It is designed to model and demonstrate protocol-level security mechanisms based on identity, risk, and policy enforcement rather than implicit trust based on network location.

Purpose

The primary goal is to simulate deployable, real-world security features such as:

  • Certificate-based identity
  • Mutual authentication (DTLS/TLS)
  • Encrypted payload transmission
  • Policy-driven access control
  • Attack detection and prevention mechanisms

These components align with the Zero Trust model of "never trust, always verify", particularly in resource-constrained, insecure environments such as IoT and Edge deployments.

Library Architecture

The library is modular and consists of the following key components:

  • Certificate Authority Module: Issues and validates certificates to establish identity.
  • Policy Engine: Enforces communication policies based on roles, device types, and trust scores.
  • Encrypted Payload Module: Secures application-level data using symmetric encryption.
  • Logger Module: Records communication attempts, policy violations, and attack logs.
  • TLS/DTLS Handshake Module: Simulates the process of session key negotiation and mutual authentication.
Zero Trust IoT Architecture

Supported Use Cases

  • Secure CoAP/MQTT simulations over DTLS/TLS
  • Identity-based device access
  • Unauthorized access and MitM attack prevention
  • Simulated risk-based session rejection

Usage

To use the Zero Trust IoT Security Library in your NS-3 simulations, include the relevant modules in your simulation script under scratch/.

Example usage:

// Include Zero Trust modules
#include "zt-certificate.h"
#include "zt-policy-engine.h"
#include "zt-encryption-utils.h"
#include "zt-tls-handshake.h"
#include "zt-logger.h"
// Instantiate and configure modules
Ptr<ZtCertificate> ca = CreateObject<ZtCertificate>();
ca->GenerateRootCertificate();
Ptr<ZtPolicyEngine> policy = CreateObject<ZtPolicyEngine>();
policy->AddAllowRule("sensor", "gateway");
Ptr<ZtTlsHandshake> tls = CreateObject<ZtTlsHandshake>();
tls->StartHandshake(sensorNode, gatewayNode, sensorId, gatewayId);
Ptr<ZtEncryptedPayload> payload = CreateObject<ZtEncryptedPayload>();
std::string encrypted = payload->Encrypt("Temperature:25C", gatewayId);
Ptr<ZtLogger> logger = CreateObject<ZtLogger>();
logger->LogEvent("Encrypted payload sent from sensor to gateway");
ca
CertificateAuthority ca
Certificate authority for signing identity certificates.
Definition mitm-mitigation.cc:28

Development Status

This library is under active development. Future versions will include:

  • Fine-grained trust scoring
  • Support for additional protocols
  • Real-time policy updates and revocation lists

License

This library is open for academic and non-commercial use.

Authors

Developed by Arun Santhosh R A under the guidance of Dr. T. Subbulakshmi, Vellore Institute of Technology, Chennai, India