TY - JOUR
T1 - Securing edge based smart city networks with software defined Networking and zero trust architecture
AU - Iftikhar, Abeer
AU - Hussain, Faisal Bashir
AU - Qureshi, Kashif Naseer
AU - Shiraz, Muhammad
AU - Sookhak, Mehdi
N1 - Publisher Copyright:
© 2025 Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies.
PY - 2025/12
Y1 - 2025/12
N2 - Smart cities are rapidly evolving by adopting Internet of Things (IoT) devices, edge and cloud computing, and mobile connectivity. While these advancements enhance urban efficiency and connectivity, they also significantly increase the risk of cyber threats targeting critical infrastructure. Modern interdependent systems require flexible resilience, allowing them to adapt to changing conditions while maintaining core functions. Smart city networks, however, face unique security vulnerabilities due to their scale and heterogeneity. Altered to industry expectations and requirements, traditional security models are generally restrictive. With its "never trust, always verify' motto, the Zero Trust (ZT) security model starkly differs from traditional models. ZT builds on network design by mandating real time identity verification, giving minimum access permission and mandating respect for the principle of least privilege. Software Defined Networking (SDN) extends one step further by offering central control over the network, policy based autonomous application and immediate response to anomalies. To address these challenges, our proposed Trust-based Resilient Edge Networks (TREN) framework integrates ZT principles to enhance smart city security. Under the umbrella of SDN controllers, SPP, the underpinning component of TREN, performs real time trust analysis and autonomous policy enforcement, for instance, applying high level threat defense mechanisms. TREN dynamically defends against advanced threats like DDoS and Sybil attacks by isolating malicious nodes and adapting defense tactics based on real-time trust and traffic analysis. Trust analysis and policy control modules provide dynamic adaptive coverage, permitting effective proactive defense. Mininet-based simulations demonstrate TREN's efficacy, achieving 95 % detection accuracy, a 20 % latency reduction, and a 25 % increase in data throughput when compared to baseline models.
AB - Smart cities are rapidly evolving by adopting Internet of Things (IoT) devices, edge and cloud computing, and mobile connectivity. While these advancements enhance urban efficiency and connectivity, they also significantly increase the risk of cyber threats targeting critical infrastructure. Modern interdependent systems require flexible resilience, allowing them to adapt to changing conditions while maintaining core functions. Smart city networks, however, face unique security vulnerabilities due to their scale and heterogeneity. Altered to industry expectations and requirements, traditional security models are generally restrictive. With its "never trust, always verify' motto, the Zero Trust (ZT) security model starkly differs from traditional models. ZT builds on network design by mandating real time identity verification, giving minimum access permission and mandating respect for the principle of least privilege. Software Defined Networking (SDN) extends one step further by offering central control over the network, policy based autonomous application and immediate response to anomalies. To address these challenges, our proposed Trust-based Resilient Edge Networks (TREN) framework integrates ZT principles to enhance smart city security. Under the umbrella of SDN controllers, SPP, the underpinning component of TREN, performs real time trust analysis and autonomous policy enforcement, for instance, applying high level threat defense mechanisms. TREN dynamically defends against advanced threats like DDoS and Sybil attacks by isolating malicious nodes and adapting defense tactics based on real-time trust and traffic analysis. Trust analysis and policy control modules provide dynamic adaptive coverage, permitting effective proactive defense. Mininet-based simulations demonstrate TREN's efficacy, achieving 95 % detection accuracy, a 20 % latency reduction, and a 25 % increase in data throughput when compared to baseline models.
KW - DDoS
KW - Edge computing
KW - Malicious nodes
KW - Scalability
KW - Security
KW - Smart city networks
KW - Software defined networking
KW - Sybil
KW - Trust
UR - https://www.scopus.com/pages/publications/105017962711
U2 - 10.1016/j.jnca.2025.104341
DO - 10.1016/j.jnca.2025.104341
M3 - Article
AN - SCOPUS:105017962711
SN - 1084-8045
VL - 244
JO - Journal of Network and Computer Applications
JF - Journal of Network and Computer Applications
M1 - 104341
ER -
