Professional Documents
Culture Documents
8, 2023, CONFIDENTIAL 1
Abstract—The next-generation Internet of Things (IoT) will Cyber-attacks against critical infrastructures can have severe
enable Industry 4.0 and Smart Cyber-Physical Systems, including consequences. In May 2021, the USA’s Colonial Pipeline
Smart Cities and Smart Manufacturing. These Smart Systems suffered a ransomware cyber-attack. This pipeline supplies
require ultra-low latencies, and immunity from cyber-attacks.
This paper explores a ”Software-Defined Deterministic IoT”, about 45% of the east coast’s energy needs. In response,
with Artificial Intelligence (AI) for Cyber-Security. It introduces a US Executive Order 14028 entitled ”Improving the Na-
a new sub-layer (3a) of ”Software Defined Deterministic Wide tion’s Cybersecurity” directed US industries to adopt a ”Zero
Area Networks” (SDD-WANs), using authenticated deterministic Trust Architecture” (ZTA). In a ZTA, access to any resource,
packet switches (i.e., low-cost FPGAs). A ”Software Defined however small, requires user authentication. According to the
Networking” (SDN) control-plane uses collaborative AI systems
to implement Zero Trust Architectures (ZTAs) and Guaranteed firms Cybersecurity Ventures and Statistica, the global costs
Intrusion Detection Systems, to control access to all critical of cyber-crime will reach $10.5 trillion and $17.6 trillion USD
resources. The approach has many benefits: (i) All interference, per year by 2025. Clearly, the cyber-security crisis is deep and
congestion, and ”Distributed Denial-of-Service” (DDoS) attacks deepening every year.
are eliminated; (ii) End-to-end delays are reduced to the speed of The prospect of Quantum Computers poses new threats
light in fiber; (iii) The SDD-WANs provide hardware support for
the US NIST ZTA and ”Post Quantum Cryptography” (PQC); to cyber-security, not considered by the NAE [2]. In 2019,
(iv) Deterministic traffic flows are encrypted and authenticated Google claimed to achieve ”Quantum Supremacy”, by demon-
with Quantum-Safe ciphers, to be immune to attacks from strating a Quantum Computer to solve a specialized problem
Quantum Computers; (v) The expected number of a successful in minutes, which would otherwise take 1,000s of years to
cyber-attacks per year against a nation’s critical infrastructure solve. Google’s claim initiated a race to build a programmable
from external cyber-attackers is zero; (vi) The introduction of
SDN, FPGAs and determinism into layer-3 can save potentially Quantum Computer. Both IBM and Google are developing
$100s of billions USD per year globally. super-conducting Quantum Computers, which can achieve
exponential speedups over traditional silicon supercomputers.
Index Terms—Deterministic, Internet of Things (IoT), cyber-
security, Industry 4.0, Artificial Intelligence (AI), Cyber Physical They can employ Shor’s algorithm to crack the ”Public Key
Systems, Software Defined Networking (SDN), FPGAs, Zero Cryptography” (PKC) used to secure communications in the
Trust Architecture, Post Quantum Cryptography, Quantum IoT, and throw the world into disarray.
Computing, Industrial/Tactile IoT According to the US government, Quantum Computers may
soon be able to ”jeopardize civilian and military communi-
cations, undermine the supervisory and control systems of
I. I NTRODUCTION
critical infrastructure, and defeat the security of the global
The next-generation ”Internet of Things” (IoT) will enable Internet-based financial markets”. To address this threat, the
the 4th wave of the Industrial Revolution, called Industry 4.0. US NIST (”National Institute for Standards and Technology”)
It will control the smart Cyber-Physical Systems of the 21- has adopted ”Post Quantum Cryptography” (PQC). In 2022 it
st century, including Smart Cities, and Smart Manufacturing. announced 4 ”Quantum-Safe” algorithms to be standardized.
According to General Electric, the future Industrial IoT will These algorithms will be incorporated into the BE-IP infras-
enable ≈ 50% of global economic activity by the year 2030. tructure to ensure that communications in the Transport Layer
In 2008, the US ”National Academy of Engineering” (NAE) (layer-4) are Quantum-Safe. However, layer-4 is subjected to
identified 14 ”Grand Challenge” problems for the 21st century, layer-3 problems and cyber-attacks, i.e., interference, conges-
including achieving: (i) Fusion Energy, (ii) Carbon Seques- tion, DoS and DDoS attacks. Hence, the original NAE problem
tration, and (iii) Security in Cyberspace [1]. Unfortunately, of Security in Cyberspace, focussing on layer-3 vulnerabilities,
in 2023 the world is in the midst of a cyber-security crisis, must still be solved [3].
and each year it deploys vast amounts of insecure ”Best- This paper explores a ”Software Defined Deterministic
Effort Internet-Protocol” (BE-IP) hardware, further deepening IoT”, based upon the ”Cyber-Security via Determinism”
the crisis. This paper proposes a solution to the NAE grand- paradigm proposed in [3]. It achieves strict cyber-security,
challenge problem of Security in Cyberspace for critical by exploiting the properties of determinism. It eliminates
infrastructure, i.e., a network architecture to eliminate external 3 major cyber-security vulnerabilities, that have existed in
cyber-attacks against critical infrastructure, such as nuclear IP layer-3 for decades, i.e., the use of: (i) unencrypted IP
reactors and the Smart Power Grid. packet headers, (ii) unauthenticated IP packet headers, and
SUBMITTED TO THE IEEE, PROF. T. SZYMANSKI, AUG. 8, 2023, CONFIDENTIAL 2
TABLE II
F IBER VS . Q UEUING D ELAYS , ON S ELECTED D- FLOWS ( IN µ- SEC )
encryption and authentication, for every D-flow in a DVPN flows between different SDD-WANs. The IoT-Controller is
(please see [3] for details). managed by industry or government.
Sub-layer-3a represents a ”Closed System”. The SDD-WAN Each WAN-Controller stores the Knowledge Base needed to
can create thousands (or millions) of programmable, authenti- maintain secure D-flows between different enterprises within
cated D-flows, through 100s (or 1000s) of authenticated D- one SDD-WAN. It is managed by the WAN service-provider.
switches. The task of identifying cyber-attacks within this Each Enterprise-Controller stores the Knowledge Base that
closed system is relatively easy, as every D-flow is authen- each enterprise uses to manage its own resources. It typically
ticated. includes the following objects, each with its associated at-
Fig. 2 illustrates an SDD-WAN for the USA, with 26 tributes:
cities and 82 links [3]. The bold lines represent fiber-optic • Employees; Secured Computers; Databases;
links between cities, and the dotted lines represent ”ultra- • D-Transceivers; DVPNs
low-latency links” (i.e., D-flows). (Our technologies work For example, each employee may have a list of attributes in-
with fiber-optic, electrical or wireless links.) To test the SDN cluding: a name, a unique employee number, an address, a cell-
control-plane, an SDD-WAN with 26 D-switches for the USA phone number for dual-factor authentication, other biometric
topology shown in Fig. 2 was implemented on a single Altera data, i.e., a picture for facial recognition; a ”finger-print”, a
FPGA, and the system worked perfectly [3][10]. ”voice-print” for voice-recognition; a traditional password, a
The SDN control-plane can program millions of authen- longer Quantum-Safe password, a hash of each password, the
ticated D-flows into the SDD-WAN. Each D-flow receives employee’s speciality, bits denoting permissions to read or
deterministic service, and is immune to interference, conges- write the Knowledge Base; and a list of secured computers
tion, and cyber-attacks from external cyber-attackers. Table II and databases which the employee can access. Similarly, a
compares the fiber-delay versus the experimental deterministic secured machine and secured data-bases have many attributes,
queuing-delay, for selected D-flows. Assume each fiber-optic which can be used in rules to control access. The use of AI-
link operates at 800 Gbps, packets have 1K bytes, and the based ZTAs with biometric data will also significantly reduce
network is heavily loaded (98% utilization) [3]. The D- the number of successful internal cyber-attacks. (Please see
flow from Seattle to Miami has an end-to-end fiber-delay of [3] for details.)
23.8 milliseconds, and a queueing-delay of 3.1 microseconds.
Observe that for all D-flows, the end-to-end delay is deter-
mined by the ”speed-of-light” in fiber, as the queuing-delay is B. Security Properties
negligible. The SDD-WAN supports an ”Internet at the Speed Property 1 - Parallel AI Controllers with Majority Voting:
of Light” as envisioned by Akamai [4]. (Please see [3][10] for Copies of each AI controller execute in several data-centers,
additional experimental results.) and majority voting is used to make decisions. For example,
The scheduling algorithms in the SDN control-plane are 5 copies of a controller may exist, and 3+ copies must agree
highly-optimized to achieve 100% throughput with near- on each decision. This parallelism provides immunity from
minimal delay; please see [3] for details. For example, the cyber-attacks (or catastrophes, terrorist attacks or earthquakes)
D-transceivers split large IP packets into smaller fragments against any one AI controller or data-center.
(i.e., 1 Kbytes), to achieve very low delays in sub-layer-3a. Property 2 - Packet Headers & Middle-Boxes are Elimi-
nated: The SDN control-plane pre-computes the routing and
A. The Collaborative AI Controllers scheduling of D-flows, and it downloads D-schedules to the D-
switches and D-transceivers. This property eliminates: (i) the
According to the US NIST, an ”Attribute-Based Access need to process unencrypted and un-authenticated IP packet
Control System” (AB-ACS) comprises: (a) A set of objects, headers, (ii) the need for middle-boxes. Middle-boxes are a
where each object is associated with a list of attributes; (b) major cause of the ”ossification” of layer-3. This property
A set of requestors, where requestors can request access to eliminates 3 major cyber-security vulnerabilities, that have
objects; (c) A set of rules, in the form of ”if...then” clauses; (d) existed in IP layer-3 for decades. This property also eliminates
A ”Policy-Engine”, to process the rules, perform logical infer- DoS and DDoS attacks in layer-3.
ences and determine the decisions / outcomes, i.e., ultimately Property 3 - Only Authorized D-flows are Delivered: Only
grant (or deny) a requestor’s requests for access to objects; authorized and authenticated D-flows are routed and sched-
and (e) A set of ”Policy Enforcement Points”, i.e., devices uled by the SDN control-plane. Each Enterprise-Controller
which enforce the policy decisions [14]. The AB-ACS is an requests a D-flow from the WAN-Controller. If the request
AI rule-based ”Expert System”, which is used to implement is granted, the D-switches and D-transceivers will receive
Zero Trust Architectures [15], in the proposed SDD-WANs. updated D-schedules, which define the precise time-slots in a
The sets (a), (b) and (c) comprise the ”Knowledge Base” of periodic scheduling frame, in which authorized data transmis-
the Expert System. sions/receptions may occur. Data transmitted at any other times
The SDN Control-Plane is organized hierarchically into are un-authorized, and are immediately detected in hardware.
three types of Collaborative AI rule-based Controllers: Property 4 - The Guaranteed Intrusion Detection System:
• the IoT, WAN, and Enterprise Controllers The D-switches and D-transceivers implement a ”Guaran-
The IoT-Controller stores the Knowledge Base (i.e., all the teed Intrusion Detection System”, where any un-authorized
rules, objects, and attributes), needed to maintain secure D- transmission by a cyber-attacker is detected in real-time. A
SUBMITTED TO THE IEEE, PROF. T. SZYMANSKI, AUG. 8, 2023, CONFIDENTIAL 6
TABLE III Consider an SDD-WAN for the USA as shown in Fig. 2a,
R EVENUE FOR G LOBAL BE-IP E QUIPMENT S ALES (B ILLIONS OF USD) with 26 D-switches. Let each D-switch use 8 Intel Stratix
FPGAs, operating in parallel, for a peak capacity of 28
Company 2018 2019 2020 2021
Tbps. The cost of the 208 FPGAs is ≈ $1.6 million USD.
Arista 2.15 2.41 2.32 2.95
Ciena 3.09 3.57 3.53 3.62 The network also requires D-transceivers, transducers (i.e.,
Cisco 49.3 51.9 49.3 49.8 electrical-to-optical) and power supplies (costing ≈ $100K per
Ericsson 24.23 24.03 25.23 27.07 FPGA). The total capital cost is ≈ $23 million USD. The peak
Huawei 105.19 122.97 136.7 99.89
Juniper 4.65 4.45 4.45 4.74
capacity is ≈ 728 Tbps, nearly equal to the average global
Nokia 26.61 26.11 24.92 26.24 Internet traffic rate of 847 Tbps (in 2021). The SDD-WAN
Total 215.22 235.44 246.55 214.31 offers a considerable increase in capacity, for a negligible cost.
The same technology can achieve cyber-security in smaller
Regional Area Networks, Metro Area Networks and Local
malicious packet that arrives during a time-slot in which no Area Networks. If ten times as many FPGAs are introduced
arrival is scheduled is clearly an anomaly, i.e., a cyber-attack. into the USA (i.e., 2080 FPGAs), then the peak capacity is
The packet is not forwarded, and the SDN control-plane is ≈ 7,280 Tbps, and the capital cost is ≈ $230 million USD
immediately informed. A malicious packet that overwrites a (which is very small).
legitimate packet is handled in Property 7. According to Cisco, the operational costs of manually
Property 5 - Zero Trust Architectures: In the older ”Trusted- configuring BE-IP routers for cyber-security are ≈ 2.5 times
Zone” security model, which is now considered insecure, a the capital costs [5]. Hence, the combined global capital and
user is authenticated once when it enters a ”Trusted-Zone”, and operational costs of the layer-3 BE-IP network were ≈ $430
thereafter it can access all resources within the zone without billion USD, in 2020. (This figure is less than 1% of global
further authentication. In the proposed SDD-WAN, the AI economic output, so it seems reasonable [3].)
Controllers implement many ZTAs; The AI controllers will According to Cisco, about 82% of layer-3 BE-IP traffic
authenticate a user for every request to any resource, however was IP video in 2021. Let this IP video traffic be migrated
small. There is no Trusted-Zone. down to sub-layer-3a, where it is transported by D-flows. This
Property 6 - D-flows use Quantum-Safe Ciphers: The D- migration will lower the capital and operational costs in layer-3
flows do not use unencrypted and unauthenticated IP packet by ≈ 82% each. The global savings in capital and operational
headers, to perform layer-3 routing. Hence, packets in a costs together can reach $100s of billions USD per year.
D-flow can be completely encrypted from end-to-end with
Quantum-Safe ciphers. The ciphers provide both encryption V. C ONCLUSIONS
and authentication, for every packet in a D-flow. The Internet has used an inefficient Best-Effort commu-
Property 7 - Authorization-Checks at D-sinks: Every legit- nications paradigm for the last 40 years. Akamai, Cisco,
imate packet in a D-flow must pass an Authorization Check Meta, Huawei, the ETSI and the ITU have all highlighted
when received at a D-transceiver. The packet will be decrypted the urgent need to innovate the layer-3 BE-IP. This paper
and thereby authenticated. The minimum requirements for an explores a ”Software-Defined Deterministic IoT”, to address
external cyber-attacker to successfully insert an undetected the NAE grand-challenge problem of Security in Cyberspace,
malicious packet are: (a) it over-writes an authorized packet for critical infrastructure. A new forwarding sub-layer-3a is
with a malicious packet (to avoid detection), and (b) it has proposed, with an SDN control-plane and many SDD-WANs.
cracked the Quantum-Safe cipher used to encode the packet Each SDD-WAN consists of many authenticated D-switches,
(i.e., with AES-256 security). There is not enough time in i.e., low-cost FPGAs. It exploits several collaborative AI-
the life of the universe, for a Quantum Computer to crack based Zero Trust Architectures, to control access to critical
AES-256. Therefore, the probability that a cyber-attacker can resources. Each SDD-WAN supports many ”speed-of-light”
successfully insert a malicious packet into a D-flow using programmable, authenticated and encrypted D-flows, over a
AES-256 ciphers is zero. All cyber-attacks by external cyber- network of authenticated D-switches. (These innovations are
attackers are thereby eliminated. also described in more depth in several US patents by the
author.) The approach eliminates cyber-security vulnerabilities
IV. C APITAL AND O PERATIONAL C OSTS OF L AYER -3 IP that have existed in layer-3 for decades, and offers several ben-
Table 2 shows the yearly revenue for several major BE- efits: (i) The expected number of successful cyber-attacks per
IP equipment manufacturers, from their annual reports. Table year against a nation’s critical infrastructure by external cyber-
2 is not exhaustive. Cisco reports revenues of $49.3 billion attackers is zero. This benefit can have geo-political implica-
USD in 2020. About 70% represents BE-IP products, and 30% tions world-wide, as every nation, rich or poor, can achieve
represents services. The combined global revenue in 2020 is immunity to cyber-attacks against critical infrastructure from
≈ $246.55 billion USD. Assuming that 50% represents layer- external cyber-attackers. (ii) The introduction of SDN, FPGAs
3 BE-IP hardware, then the global capital costs of layer-3 and determinism into layer-3 can save potentially $100s of
hardware were ≈ $123 billion USD, in 2020. billions per year in reduced costs. (iii) It can reduce the costs
Reference [10] explored the cost savings for IP video of cyber-crime to society, estimated at over $10 trillion USD
distribution over a Deterministic Industrial Internet. A similar per year by 2025. (iv) It can support the ”Metaverse”, by
methodology is used next, using recent statistics. significantly increasing IoT capacity.
SUBMITTED TO THE IEEE, PROF. T. SZYMANSKI, AUG. 8, 2023, CONFIDENTIAL 7
Biography
T.H. Szymanski completed a PhD degree at the University of Toronto.
From 1987-1998, he was at Columbia and McGill universities. From
1999-2023, he was at McMaster University. From 2001...2011, he
held the Bell Canada Chair in Data Communications at McMaster.
From 1993-2003, he led the Optical Architectures project within a
10-year national research program funded by the Networks of Centers
of Excellence (NCE) of Canada. Collaborators included Nortel Net-
works (now Ericsson), Newbridge Networks (now Nokia), Lockheed-
Martin/Sanders, and 4 universities. His research group demonstrated
the first photonic FPGA, fabricated through the US ARPA/Lucent
Technologies foundry service. He holds 16 US patents on determinis-
tic internet technologies, covering deterministic switches, scheduling,
wireless networks, the SDN control-plane, and ultra-strong cyber-
security, which have been cited as Prior Art several hundred times in
subsequent US patents. He is listed in the top 2% of researchers in the
field of Networking and Telecommunications, according to Stanford
University.