A Highly Compatible Verification Framework with Minimal Upgrades to Secure an Existing Edge Network

Abstract

Edge networks are providing services for an increasing number of companies, and they can be used for communication between edge devices and edge gateways. However, the performance of edge devices varies greatly, and it is not easy to upgrade low-performance edge devices. Therefore, cyber attackers can use the vulnerability of edge devices to implement advanced persistent threat attacks. This article proposes a network verification framework for edge networks that can minimize the upgrades needed to strengthen edge network security. First, the communication parties use the data transmitted by the given edge network. Our method uses our proposed PacketVerifier to attach verification information to the packet after it is sent and to verify and restore the packet before it reaches the receiver. Second, due to the performance requirements of edge networks, we design a new data processing structure, namely, a sliding window double ring, to improve the performance of strict sequential protocols in parallel validation. Finally, experimental simulations show that our parallel processing algorithm has good performance in terms of network bandwidth compared with two existing packet processing algorithms. Furthermore, the proposed packet with verification information is compatible with the existing network topology, which helps PacketVerifier establish trustworthy transmission in a zero-trust environment.