SUBMITTED TO THE IEEE, PROF. T. SZYMANSKI, AUG.
8, 2023, CONFIDENTIAL
A Software-Defined Deterministic Internet of
Things (IoT) with Artificial Intelligence (AI) for
Quantum-Safe Cyber-Security
Ted H. Szymanski, Dept. ECE, McMaster University, Canada (email: teds@mcmaster.ca)
Abstract—The next-generation Internet of Things (IoT) will
enable Industry 4.0 and Smart Cyber-Physical Systems, including
Smart Cities and Smart Manufacturing. These Smart Systems
require ultra-low latencies, and immunity from cyber-attacks.
This paper explores a ”Software-Defined Deterministic IoT”,
with Artificial Intelligence (AI) for Cyber-Security. It introduces
a new sub-layer (3a) of ”Software Defined Deterministic Wide
Area Networks” (SDD-WANs), using authenticated deterministic
packet switches (i.e., low-cost FPGAs). A ”Software Defined
Networking” (SDN) control-plane uses collaborative AI systems
to implement Zero Trust Architectures (ZTAs) and Guaranteed
Intrusion Detection Systems, to control access to all critical
resources. The approach has many benefits: (i) All interference,
congestion, and ”Distributed Denial-of-Service” (DDoS) attacks
are eliminated; (ii) End-to-end delays are reduced to the speed of
light in fiber; (iii) The SDD-WANs provide hardware support for
the US NIST ZTA and ”Post Quantum Cryptography” (PQC);
(iv) Deterministic traffic flows are encrypted and authenticated
with Quantum-Safe ciphers, to be immune to attacks from
Quantum Computers; (v) The expected number of a successful
cyber-attacks per year against a nation’s critical infrastructure
from external cyber-attackers is zero; (vi) The introduction of
SDN, FPGAs and determinism into layer-3 can save potentially
$100s of billions USD per year globally.
Index Terms—Deterministic, Internet of Things (IoT), cyber-
security, Industry 4.0, Artificial Intelligence (AI), Cyber Physical
Systems, Software Defined Networking (SDN), FPGAs, Zero
Trust Architecture, Post Quantum Cryptography, Quantum
Computing, Industrial/Tactile IoT
I. I NTRODUCTION
The next-generation ”Internet of Things” (IoT) will enable
the 4th wave of the Industrial Revolution, called Industry 4.0.
It will control the smart Cyber-Physical Systems of the 21-
st century, including Smart Cities, and Smart Manufacturing.
According to General Electric, the future Industrial IoT will
enable ≈ 50% of global economic activity by the year 2030.
In 2008, the US ”National Academy of Engineering” (NAE)
identified 14 ”Grand Challenge” problems for the 21st century,
including achieving: (i) Fusion Energy, (ii) Carbon Seques-
tration, and (iii) Security in Cyberspace [1]. Unfortunately,
in 2023 the world is in the midst of a cyber-security crisis,
and each year it deploys vast amounts of insecure ”Best-
Effort Internet-Protocol” (BE-IP) hardware, further deepening
the crisis. This paper proposes a solution to the NAE grand-
challenge problem of Security in Cyberspace for critical
infrastructure, i.e., a network architecture to eliminate external
cyber-attacks against critical infrastructure, such as nuclear
reactors and the Smart Power Grid.
1
Cyber-attacks against critical infrastructures can have severe
consequences. In May 2021, the USA’s Colonial Pipeline
suffered a ransomware cyber-attack. This pipeline supplies
about 45% of the east coast’s energy needs. In response,
a US Executive Order 14028 entitled ”Improving the Na-
tion’s Cybersecurity” directed US industries to adopt a ”Zero
Trust Architecture” (ZTA). In a ZTA, access to any resource,
however small, requires user authentication. According to the
firms Cybersecurity Ventures and Statistica, the global costs
of cyber-crime will reach $10.5 trillion and $17.6 trillion USD
per year by 2025. Clearly, the cyber-security crisis is deep and
deepening every year.
The prospect of Quantum Computers poses new threats
to cyber-security, not considered by the NAE [2]. In 2019,
Google claimed to achieve ”Quantum Supremacy”, by demon-
strating a Quantum Computer to solve a specialized problem
in minutes, which would otherwise take 1,000s of years to
solve. Google’s claim initiated a race to build a programmable
Quantum Computer. Both IBM and Google are developing
super-conducting Quantum Computers, which can achieve
exponential speedups over traditional silicon supercomputers.
They can employ Shor’s algorithm to crack the ”Public Key
Cryptography” (PKC) used to secure communications in the
IoT, and throw the world into disarray.
According to the US government, Quantum Computers may
soon be able to ”jeopardize civilian and military communi-
cations, undermine the supervisory and control systems of
critical infrastructure, and defeat the security of the global
Internet-based financial markets”. To address this threat, the
US NIST (”National Institute for Standards and Technology”)
has adopted ”Post Quantum Cryptography” (PQC). In 2022 it
announced 4 ”Quantum-Safe” algorithms to be standardized.
These algorithms will be incorporated into the BE-IP infras-
tructure to ensure that communications in the Transport Layer
(layer-4) are Quantum-Safe. However, layer-4 is subjected to
layer-3 problems and cyber-attacks, i.e., interference, conges-
tion, DoS and DDoS attacks. Hence, the original NAE problem
of Security in Cyberspace, focussing on layer-3 vulnerabilities,
must still be solved [3].
This paper explores a ”Software Defined Deterministic
IoT”, based upon the ”Cyber-Security via Determinism”
paradigm proposed in [3]. It achieves strict cyber-security,
by exploiting the properties of determinism. It eliminates
3 major cyber-security vulnerabilities, that have existed in
IP layer-3 for decades, i.e., the use of: (i) unencrypted IP
packet headers, (ii) unauthenticated IP packet headers, and
SUBMITTED TO THE IEEE, PROF. T. SZYMANSKI, AUG. 8, 2023, CONFIDENTIAL
Fig. 1. Layer-3 and sub-layer-3a. The top half illustrates a ”Best-Effort” IP
network in layer-3, which consists of many BE-IP routers and one middle-
box. The bottom-half illustrates sub-layer-3a, with an SDN Control-plane, and
one (or more) SDD-WANs. The SDD-WAN consists of many FPGAs.
(iii) middle-boxes. It can create millions of programmable
authenticated ”deterministic traffic flows” (D-flows), through
a network of 1000s of authenticated ”deterministic packet
switches” (D-switches), to support critical infrastructure.
The approach offers several key benefits [3]: (a) Each
nation can significantly strengthen its national security; The
expected number of successful cyber-attacks per year, by an
external cyber-attacker against a nation’s critical infrastructure,
is zero. (An external cyber-attacker cannot access a secured
machine.) This benefit can have geo-political implications
world-wide, i.e., the USA, EU, China, Russia, Iran, Israel and
Ukraine could achieve immunity to cyber-attacks against crit-
ical infrastructure (i.e., nuclear reactors) from external cyber-
attackers, relatively quickly. (b) It introduces a forwarding
layer for authenticated D-flows (i.e., sub-layer-3a), comprising
an SDN control-plane, and many authenticated D-switches,
realized with FPGAs. The introduction of SDN, FPGAs and
determinism into layer-3 can improve security, and reduce
global costs by $100s of billions USD per year (see section
IV). (c) It provides hardware support in layers 3 and 4 for the
US NIST ZTA and PQC, for compliance with US Executive
Order 14028; (d) It can reduce the costs to society of cyber-
crime, estimated to exceed $10 trillion USD per year by 2025.
Section II reviews relevant technologies. Section III presents
the key features. Section IV addresses cost savings. Sections
V and VI conclude the paper and list acronyms.
II. S UPPORTING T ECHNOLOGIES
A. The Need for Innovation in Layer 3
According to Cisco, the layer-3 BE-IP network will support
about 30 billion devices and 30 billion traffic flows by 2023
[5]. It carried about 9.1 billion Gigabytes of traffic each day
in 2021, with IP video accounting for 82% of all traffic. The
average global Internet traffic rate was ≈ 847 Tbps (Terabits
per second) in 2021.
Unfortunately, the BE-IP network suffers from interference
and congestion. Congestion causes ”BufferBloat” with large
2
end-to-end delays, typically 100s of milliseconds [4], and poor
link utilization, typically <= 30%. Layer-3 is also vulnerable
to many cyberattacks. According to Cisco, there will be 15.4
million DDoS attacks in layer-3 in 2023 alone [5].
According to Akamai, a global Internet which operates
at the ”Speed-of-Light” would be truly transformational [4].
According to Cisco, BE-IP routers are manually configured
to improve cyber-security, with operational costs equalling
2...3 times the capital costs [5]. There is an immense need
to ”Transform the Infrastructure”, to include SDN technology,
to simply network control [5]. According to Meta, the world
needs ”vast enhancements in capacity and fundamental shifts
in how networks are architected and deployed”. According
to Huawei, layer-3 must evolve to support cyber-security,
ultra-low-latency, flexibility and deterministic services. The
ETSI (European Telecommunications Standards Institute) has
a ”Non-IP Networking” group exploring new infrastructure
for the 21st century, and a ”Next Generation Protocols”
group exploring a large-scale deterministic network. The ITU
(International Telecommunication Union) is exploring a future
”Network 2030” that supports determinism, reliability and in-
telligence [6]. Clearly, many of the world’s largest corporations
are highlighting the urgent need for innovation in layer-3.
B. Layer 3 Cyber-Security Vulnerabilities and Features
The global IoT is composed of the union of many ”Wide
Area Networks” (WANs), distributed world-wide. Major firms
such as Microsoft and Google often deploy their own WANs.
Fig. 1 illustrates a layer-3 BE-IP network, which consists
of many BE-IP routers, and a ”middle-box”. Middle-boxes
perform essential functions, such as ”Network Address Trans-
lation” (NAT), firewalls and load-balancing, and they may
modify unencrypted IP packet headers ”on-the-fly”. A new
sub-layer-3a is shown below layer-3, consisting of an SDN
Control-plane, and one SDD-WAN (”Software Defined Deter-
ministic Wide Area Network”). The SDD-WAN implements a
forwarding-layer for authenticated D-flows, consisting of many
authenticated D-switches (i.e., FPGAs).
MPLS WANs have been widely deployed since year 2000.
A MPLS (”Multi-Protocol-Label-Switching”) WAN introduces
an MPLS control-plane and a forwarding-plane with many
MPLS switches. The MPLS WAN is typically deployed in
a separate sub-layer, similar to Fig. 1. MPLS WANs can
achieve high link utilizations and very low delays, i.e., 1-10
milliseconds, and they are quite secure, as they are isolated
from the BE-IP WANs. However, they are expensive, con-
tributing to the very high capital costs of $100s of billions
USD per year (see section IV). The recent IETF DetNet
(”Deterministic Networking”) WAN introduces ”Converged-
Routers” into layer-3, which support both Best-Effort and
Deterministic services [7]. The IETF DetNet WANs can also
achieve higher link utilizations and low delays, i.e., 1-10
milliseconds. However, they are subject to cyber-attacks and
also quite expensive.
BE-IP WANs forward packets using IP versions 4 or 6 (IPv4
or IPv6), and suffer from three serious cyber-security vul-
nerabilities: (i) They use unencrypted packet headers, which
SUBMITTED TO THE IEEE, PROF. T. SZYMANSKI, AUG. 8, 2023, CONFIDENTIAL
TABLE I
C YBER -S ECURITY V ULNERABILITIES AND F EATURES (T RUE /FALSE )
Network (horizontally) BE-IP MPLS DNET SDD
Criterion (vertically) WAN WAN WAN WAN
Avoids Unencrypted headers F F F T
Avoids Unauthenticated headers F T F T
Avoids IP Middle-Boxes F T F T
Immunity to DoS,DDoS Attacks F T F T
Guaranteed Deterministic Service F F F T
Guaranteed Intrusion Detection F F F T
Customized Services via SDN F F F T
Exploits Low-Cost FPGAs F F F T
they must process to make layer-3 routing decisions [8]; (ii)
They use unauthenticated packet headers: There is no means
to authenticate the sender, i.e., to verify that it is who it claims
to be. Hence, cyber-attackers can easily masquerade as trusted
peers in layer-3, by inserting malicious packets claiming to be
from a different sender; (iii) They use middle-boxes to perform
various functions, which are often insecure.
Table 1 illustrates cyber-security vulnerabilities and fea-
tures, for four types of layer-3 WANs (please note DNET
denotes DetNet). The SDD-WAN can be viewed as a
highly-optimized software-programmable version of the well-
established MPLS WAN, that uses low-cost FPGAs.
1) Packet Headers: The BE-IP, MPLS and DetNet WANs
use unencrypted packet headers. The BE-IP and the DetNet
WANs also use unauthenticated packet headers. These ma-
jor cyber-security vulnerabilities have existed in layer-3 for
decades. A cyber-attacker with access to fiber can read and
modify unencrypted layer-3 packet headers, to masquerade as
a trusted peer [3]. These vulnerabilities are so entrenched into
BE-IP layer-3, that even the latest IETF DetNet WAN still
relies upon them [7]. In contrast, the SDD-WAN eliminates
processing packet headers in switches, to eliminate these
vulnerabilities.
2) Middle-Boxes: The traffic in the BE-IP and DetNet
WANs may pass through ”middle-boxes”. Middle-boxes are
unregulated, and represent a major cyber-security vulnerabil-
ity, that has also existed in layer-3 for decades. A cyber-
attacker can compromise a middle-box, and thereby read and
modify all traffic passing through it. In contrast, the SDD-
WAN eliminates middle-boxes, to eliminate this vulnerability.
3) DoS and DDoS Attacks: In a DoS or DDoS attack, a
cyber-attacker will attempt to overwhelm a target (i.e., a web-
server, or a router) with a large volume of malicious traffic. For
example, a cyber-attacker in a compromised middle-box can
generate a DoS attack against a DetNet Converged-Router, by
generating a large volume of malicious DetNet packets. The
targeted Converged-Router will then reduce or deny service
to legitimate DetNet packets. In contrast, the SDD-WAN
eliminates middle-boxes, to eliminate these vulnerabilities.
4) Guaranteed Deterministic Service: Middle-boxes do not
provide guaranteed deterministic-service. Hence, the IETF
acknowledges that the DetNet WAN may not provide true
guaranteed deterministic service, when DetNet traffic flows
pass through middle-boxes [7].
3
5) Guaranteed Intrusion Detection: The BE-IP and Det-
Net WANs do not provide any ”Intrusion Detection Sys-
tem” (IDS). Malicious traffic from a compromised middle-
box may traverse the network undetected. In contrast, the
SDD-WAN provides a hardware-based ”Guaranteed Intrusion
Detection System”, where every malicious packet is detected.
6) Customized Services using SDN: The BE-IP, MPLS and
DetNet WANs do not provide a programmable environment,
where services can be customized. In contrast, the SDD-WAN
relies upon SDN, and is completely programmable.
7) Exploits Low-Cost FPGAs: Finally, the BE-IP, MPLS
and DetNet WANs rely upon expensive hardware, where
global capital costs exceed $100s of billions USD per year (see
section IV). In contrast, the SDD-WANs use SDN and FPGAs,
to achieve a significant cost-reduction. These techniques can
also be used to secure optical, electrical and wireless networks,
in Wide Area, Regional Area, and Local Area Networks.
C. Authentication and Privacy via Cryptography
1) Symmetric (Secret) Key Cryptography (SKC): In SKC,
the sender and receiver share a secret symmetric key, to
encrypt and decrypt messages using Quantum-Safe ciphers.
SKC also achieves authentication of each end. The need to
share a secret key is a drawback, and motivates the ”Public Key
Cryptography” (PKC) described ahead. SKC is more efficient
than PKC; it typically uses smaller key sizes, the security is
stronger, and the computations are faster. Popular SKC ciphers
are the US Advanced Encryption Standard (AES) block cipher,
and the Chacha20 stream cipher.
The US NIST defines several security levels for ciphers.
The AES-256 security-level implies that a cipher is at least as
hard to crack, as the AES cipher with a 256-bit key. Grover’s
quantum-search algorithm can crack AES, with a quadratic
speedup. To crack AES with a 256-bit key, a brute force
search requires 2256 ≈ 1077 √ evaluations of the AES function.
Grover’s algorithm requires 1077 = 1038.5 quantum-queries
of the AES function. The minimum time for a quantum-gate
operation is ≈ 10−9 seconds. The minimum time to crack
this cipher, using a super-conducting Quantum Computer, is
≈ 1029.5 seconds. The life of the universe is ≈ 13.8 billion
years, or 1021 seconds. Hence, there is not enough time in the
life of the universe, to crack the NIST AES-256 security level,
with a super-conducting Quantum Computer [3].
2) Public Key Cryptography (PKC): Currently, PKC is
used to secure most internet communications. In PKC, keys
are generated in pairs, with a Public Key and a Private Key. A
web-site may generate a pair of keys, and advertise its Public
Key to the world, on a Web-Certificate. The Web-Certificate
contains a Digital Signature, to ensure it cannot be tampered
with. Any user wishing to connect to the web-site uses the
Public Key to encrypt its data. The web-site uses its Private-
Key to decrypt the data. Unfortunately, Quantum Computers
are expected to crack PKC by about 2030.
3) Post-Quantum Cryptography (PQC): In 2017, NIST
started a PQC Standardization Process, to standardize (i)
public-key encryption algorithms, and (ii) digital signature
algorithms. The final selections were made after 3 rounds of
SUBMITTED TO THE IEEE, PROF. T. SZYMANSKI, AUG. 8, 2023, CONFIDENTIAL 4

TABLE II
F IBER VS . Q UEUING D ELAYS , ON S ELECTED D- FLOWS ( IN µ- SEC )

dst Seattle Los New Miami

src Angeles York
Seattle -na- (8,957 (20,831 (23,794
vs. 4.8) vs. 3.3) vs. 3.1)
Los (8,957 -na- (21,140 (22,726
Angeles vs. 6.1) vs. 4.6 ) vs. 5.2)
New (22,207 (21,140 -na- (1,587
York vs. 4.2) vs. 4.3) vs. 3.4)
Miami (23,794 (22,726 (1,587 -na-
vs. 4.4) vs. 4.5) vs. 2.5)

III. T HE SDD-WAN - K EY F EATURES

Fig. 2. An SDD-WAN supporting 26 cities in the USA. 2 DVPNs are shown,
each with 26 D-flows, originating at Seattle (red lines) or Miami (blue lines).
competition, in July 2022. In the class of public-key encryption
algorithms, the Crystals-Kyber submission was selected. In
the class of digital signature algorithms, 3 submissions were
selected: (i) Crystals-Dilithium, (ii) Falcon, and (iii) Sphincs+.
These PQC algorithms will be integrated into the BE-IP
protocol suite, into the ”Best-Effort VPNs” (BE-VPNs) used
in the Transport Layer (4), over the next several years [9]. Typ-
ically, a BE-VPN in layer 4 will be adapted to use both PQC
and traditional PKC, and will thus be immune to cryptography-
based attacks from Quantum Computers [9]. However, a
Quantum-Safe BE-VPN in layer-4 is still vulnerable to all
layer-3 problems and cyber-attacks, i.e., interference, conges-
tion, DoS and DDoS attacks [3]. Hence, the original NAE
problem of achieving ”Security in Cyberspace”, focussing on
layer-3 vulnerabilities, must still be addressed.
D. FPGAs with Tbps of IO Capacity
It is impossible to fit a BE-IP router with Tbps capacity on
an FPGA, as it experiences ”BufferBloat” [4], and requires
buffers for 10s of millions of packets. However, determinism
can reduce buffer sizes by ≈ 100,000 times [3][10]. Hence,
a simple authenticated D-switch, with buffers for 100s of
packets, can realized on a single low-cost FPGA.
The Intel Stratix 10 TX FPGA is fabricated with a 14
nanometer tri-gate CMOS technology. One FPGA supports
computations at 9 TeraFlops/sec, and 60 electrical transceivers
operating at 57.8 Gbps, for a peak IO bandwidth of ≈ 3.5
Tbps. The price is ≈ $7,500 USD per FPGA. A D-switch with
≈ 3.5 Tbps capacity can fit on a single FPGA, and consume
≤ 225 watts.
For comparison purposes, a Cisco CRS-3 (Carrier Router
System) BE-IP router chassis that was commercially-available
in 2015 had a capacity of 4.5 Tbps, occupied 56 cubic feet
of volume, weighed 1,630 pounds, and used 7.66 kW of
power. These FPGAs have only been available since 2018,
and provide an unprecedented opportunity for innovation and
cost-reduction.
As shown in Fig. 1, a BE-IP WAN in layer-3 represents
an ”Open System”, with billions of traffic flows, transmitting
billions of Gigabytes of data per day, all using unencrypted
and unauthenticated IP packet headers. There is considerable
research into AI-based ”Machine Learning and Deep Learn-
ing” algorithms, to implement ”Intrusion Detection Systems”
to detect cyber-attackers in this environment [11][12][13]. The
task of detecting intrusions by cyber-attackers from such a
vast amount of unauthenticated data is extremely difficult, and
requires vast amounts of computing power, time and energy.
Fig. 1 also illustrates an SDD-WAN in sub-layer-3a [3],
which uses 3 types of secured (authenticated) components:
(i) the SDN Control-Plane; (ii) the D-switches; and (iii) the
”Deterministic Transceivers” (D-transceivers). The commu-
nications between the SDN control-plane and the secured
components use Quantum-Safe ciphers, for both authentication
and privacy (see ahead).
Each D-switch is connected to one D-transceiver (not
shown in Fig. 1), which transmits data into (and receives
data from) the network. The D-switches do not process any
unencrypted and unauthenticated IP packet headers, to per-
form routing or scheduling functions. In contrast, the SDN
control-plane precomputes the routing and scheduling for D-
flows in advance, and downloads ”Deterministic Schedules”
(D-schedules) to the D-switches and D-transceivers [3]. Rout-
ing information is contained in a D-schedule, based upon a
packet’s arrival time within a periodic (repeating) scheduling
frame [3]. Each D-switch and D-transceiver maintain a D-
schedule for each incident link that specifies which D-flow has
a reservation for data transmission/reception, for each time-slot
within the scheduling-frame. The D-schedule also identifies
the desired output link for each incoming packet to a D-switch.
The use of pre-computed D-schedules removes the need to
process unencrypted and unauthenticated IP packet headers,
and the need for middle-boxes, which thus eliminates 3 major
cyber-security vulnerabilities that have existed in layer-3 for
decades. (Please see [3][10] for more details.)
A ”Deterministic Virtual Private Network” (DVPN) is a
collection of D-flows, under the control of a single enterprise
(analogous to a ”VPN” in the BE-IP). DVPNs are logically
isolated, interference-free and secure. When a new D-flow in
a DVPN is created, the D-transceivers are assigned a secret
Quantum-Safe cipher, from the SDN control-plane, over a
highly-encrypted control channel. The cipher provides both
SUBMITTED TO THE IEEE, PROF. T. SZYMANSKI, AUG. 8, 2023, CONFIDENTIAL
encryption and authentication, for every D-flow in a DVPN
(please see [3] for details).
Sub-layer-3a represents a ”Closed System”. The SDD-WAN
can create thousands (or millions) of programmable, authenti-
cated D-flows, through 100s (or 1000s) of authenticated D-
switches. The task of identifying cyber-attacks within this
closed system is relatively easy, as every D-flow is authen-
ticated.
Fig. 2 illustrates an SDD-WAN for the USA, with 26
cities and 82 links [3]. The bold lines represent fiber-optic
links between cities, and the dotted lines represent ”ultra-
low-latency links” (i.e., D-flows). (Our technologies work
with fiber-optic, electrical or wireless links.) To test the SDN
control-plane, an SDD-WAN with 26 D-switches for the USA
topology shown in Fig. 2 was implemented on a single Altera
FPGA, and the system worked perfectly [3][10].
The SDN control-plane can program millions of authen-
ticated D-flows into the SDD-WAN. Each D-flow receives
deterministic service, and is immune to interference, conges-
tion, and cyber-attacks from external cyber-attackers. Table II
compares the fiber-delay versus the experimental deterministic
queuing-delay, for selected D-flows. Assume each fiber-optic
link operates at 800 Gbps, packets have 1K bytes, and the
network is heavily loaded (98% utilization) [3]. The D-
flow from Seattle to Miami has an end-to-end fiber-delay of
23.8 milliseconds, and a queueing-delay of 3.1 microseconds.
Observe that for all D-flows, the end-to-end delay is deter-
mined by the ”speed-of-light” in fiber, as the queuing-delay is
negligible. The SDD-WAN supports an ”Internet at the Speed
of Light” as envisioned by Akamai [4]. (Please see [3][10] for
additional experimental results.)
The scheduling algorithms in the SDN control-plane are
highly-optimized to achieve 100% throughput with near-
minimal delay; please see [3] for details. For example, the
D-transceivers split large IP packets into smaller fragments
(i.e., 1 Kbytes), to achieve very low delays in sub-layer-3a.
A. The Collaborative AI Controllers
According to the US NIST, an ”Attribute-Based Access
Control System” (AB-ACS) comprises: (a) A set of objects,
where each object is associated with a list of attributes; (b)
A set of requestors, where requestors can request access to
objects; (c) A set of rules, in the form of ”if...then” clauses; (d)
A ”Policy-Engine”, to process the rules, perform logical infer-
ences and determine the decisions / outcomes, i.e., ultimately
grant (or deny) a requestor’s requests for access to objects;
and (e) A set of ”Policy Enforcement Points”, i.e., devices
which enforce the policy decisions [14]. The AB-ACS is an
AI rule-based ”Expert System”, which is used to implement
Zero Trust Architectures [15], in the proposed SDD-WANs.
The sets (a), (b) and (c) comprise the ”Knowledge Base” of
the Expert System.
The SDN Control-Plane is organized hierarchically into
three types of Collaborative AI rule-based Controllers:
• the IoT, WAN, and Enterprise Controllers
The IoT-Controller stores the Knowledge Base (i.e., all the
rules, objects, and attributes), needed to maintain secure D-
5
flows between different SDD-WANs. The IoT-Controller is
managed by industry or government.
Each WAN-Controller stores the Knowledge Base needed to
maintain secure D-flows between different enterprises within
one SDD-WAN. It is managed by the WAN service-provider.
Each Enterprise-Controller stores the Knowledge Base that
each enterprise uses to manage its own resources. It typically
includes the following objects, each with its associated at-
tributes:
• Employees; Secured Computers; Databases;
• D-Transceivers; DVPNs
For example, each employee may have a list of attributes in-
cluding: a name, a unique employee number, an address, a cell-
phone number for dual-factor authentication, other biometric
data, i.e., a picture for facial recognition; a ”finger-print”, a
”voice-print” for voice-recognition; a traditional password, a
longer Quantum-Safe password, a hash of each password, the
employee’s speciality, bits denoting permissions to read or
write the Knowledge Base; and a list of secured computers
and databases which the employee can access. Similarly, a
secured machine and secured data-bases have many attributes,
which can be used in rules to control access. The use of AI-
based ZTAs with biometric data will also significantly reduce
the number of successful internal cyber-attacks. (Please see
[3] for details.)
B. Security Properties
Property 1 - Parallel AI Controllers with Majority Voting:
Copies of each AI controller execute in several data-centers,
and majority voting is used to make decisions. For example,
5 copies of a controller may exist, and 3+ copies must agree
on each decision. This parallelism provides immunity from
cyber-attacks (or catastrophes, terrorist attacks or earthquakes)
against any one AI controller or data-center.
Property 2 - Packet Headers & Middle-Boxes are Elimi-
nated: The SDN control-plane pre-computes the routing and
scheduling of D-flows, and it downloads D-schedules to the D-
switches and D-transceivers. This property eliminates: (i) the
need to process unencrypted and un-authenticated IP packet
headers, (ii) the need for middle-boxes. Middle-boxes are a
major cause of the ”ossification” of layer-3. This property
eliminates 3 major cyber-security vulnerabilities, that have
existed in IP layer-3 for decades. This property also eliminates
DoS and DDoS attacks in layer-3.
Property 3 - Only Authorized D-flows are Delivered: Only
authorized and authenticated D-flows are routed and sched-
uled by the SDN control-plane. Each Enterprise-Controller
requests a D-flow from the WAN-Controller. If the request
is granted, the D-switches and D-transceivers will receive
updated D-schedules, which define the precise time-slots in a
periodic scheduling frame, in which authorized data transmis-
sions/receptions may occur. Data transmitted at any other times
are un-authorized, and are immediately detected in hardware.
Property 4 - The Guaranteed Intrusion Detection System:
The D-switches and D-transceivers implement a ”Guaran-
teed Intrusion Detection System”, where any un-authorized
transmission by a cyber-attacker is detected in real-time. A
SUBMITTED TO THE IEEE, PROF. T. SZYMANSKI, AUG. 8, 2023, CONFIDENTIAL 6

TABLE III Consider an SDD-WAN for the USA as shown in Fig. 2a,
R EVENUE FOR G LOBAL BE-IP E QUIPMENT S ALES (B ILLIONS OF USD) with 26 D-switches. Let each D-switch use 8 Intel Stratix
FPGAs, operating in parallel, for a peak capacity of 28
Company 2018 2019 2020 2021
Tbps. The cost of the 208 FPGAs is ≈ $1.6 million USD.
Arista 2.15 2.41 2.32 2.95
Ciena 3.09 3.57 3.53 3.62 The network also requires D-transceivers, transducers (i.e.,
Cisco 49.3 51.9 49.3 49.8 electrical-to-optical) and power supplies (costing ≈ $100K per
Ericsson 24.23 24.03 25.23 27.07 FPGA). The total capital cost is ≈ $23 million USD. The peak
Huawei 105.19 122.97 136.7 99.89
Juniper 4.65 4.45 4.45 4.74
capacity is ≈ 728 Tbps, nearly equal to the average global
Nokia 26.61 26.11 24.92 26.24 Internet traffic rate of 847 Tbps (in 2021). The SDD-WAN
Total 215.22 235.44 246.55 214.31 offers a considerable increase in capacity, for a negligible cost.
The same technology can achieve cyber-security in smaller
Regional Area Networks, Metro Area Networks and Local
malicious packet that arrives during a time-slot in which no Area Networks. If ten times as many FPGAs are introduced
arrival is scheduled is clearly an anomaly, i.e., a cyber-attack. into the USA (i.e., 2080 FPGAs), then the peak capacity is
The packet is not forwarded, and the SDN control-plane is ≈ 7,280 Tbps, and the capital cost is ≈ $230 million USD
immediately informed. A malicious packet that overwrites a (which is very small).
legitimate packet is handled in Property 7. According to Cisco, the operational costs of manually
Property 5 - Zero Trust Architectures: In the older ”Trusted- configuring BE-IP routers for cyber-security are ≈ 2.5 times
Zone” security model, which is now considered insecure, a the capital costs [5]. Hence, the combined global capital and
user is authenticated once when it enters a ”Trusted-Zone”, and operational costs of the layer-3 BE-IP network were ≈ $430
thereafter it can access all resources within the zone without billion USD, in 2020. (This figure is less than 1% of global
further authentication. In the proposed SDD-WAN, the AI economic output, so it seems reasonable [3].)
Controllers implement many ZTAs; The AI controllers will According to Cisco, about 82% of layer-3 BE-IP traffic
authenticate a user for every request to any resource, however was IP video in 2021. Let this IP video traffic be migrated
small. There is no Trusted-Zone. down to sub-layer-3a, where it is transported by D-flows. This
Property 6 - D-flows use Quantum-Safe Ciphers: The D- migration will lower the capital and operational costs in layer-3
flows do not use unencrypted and unauthenticated IP packet by ≈ 82% each. The global savings in capital and operational
headers, to perform layer-3 routing. Hence, packets in a costs together can reach $100s of billions USD per year.
D-flow can be completely encrypted from end-to-end with
Quantum-Safe ciphers. The ciphers provide both encryption V. C ONCLUSIONS
and authentication, for every packet in a D-flow. The Internet has used an inefficient Best-Effort commu-
Property 7 - Authorization-Checks at D-sinks: Every legit- nications paradigm for the last 40 years. Akamai, Cisco,
imate packet in a D-flow must pass an Authorization Check Meta, Huawei, the ETSI and the ITU have all highlighted
when received at a D-transceiver. The packet will be decrypted the urgent need to innovate the layer-3 BE-IP. This paper
and thereby authenticated. The minimum requirements for an explores a ”Software-Defined Deterministic IoT”, to address
external cyber-attacker to successfully insert an undetected the NAE grand-challenge problem of Security in Cyberspace,
malicious packet are: (a) it over-writes an authorized packet for critical infrastructure. A new forwarding sub-layer-3a is
with a malicious packet (to avoid detection), and (b) it has proposed, with an SDN control-plane and many SDD-WANs.
cracked the Quantum-Safe cipher used to encode the packet Each SDD-WAN consists of many authenticated D-switches,
(i.e., with AES-256 security). There is not enough time in i.e., low-cost FPGAs. It exploits several collaborative AI-
the life of the universe, for a Quantum Computer to crack based Zero Trust Architectures, to control access to critical
AES-256. Therefore, the probability that a cyber-attacker can resources. Each SDD-WAN supports many ”speed-of-light”
successfully insert a malicious packet into a D-flow using programmable, authenticated and encrypted D-flows, over a
AES-256 ciphers is zero. All cyber-attacks by external cyber- network of authenticated D-switches. (These innovations are
attackers are thereby eliminated. also described in more depth in several US patents by the
author.) The approach eliminates cyber-security vulnerabilities
IV. C APITAL AND O PERATIONAL C OSTS OF L AYER -3 IP that have existed in layer-3 for decades, and offers several ben-
Table 2 shows the yearly revenue for several major BE- efits: (i) The expected number of successful cyber-attacks per
IP equipment manufacturers, from their annual reports. Table year against a nation’s critical infrastructure by external cyber-
2 is not exhaustive. Cisco reports revenues of $49.3 billion attackers is zero. This benefit can have geo-political implica-
USD in 2020. About 70% represents BE-IP products, and 30% tions world-wide, as every nation, rich or poor, can achieve
represents services. The combined global revenue in 2020 is immunity to cyber-attacks against critical infrastructure from
≈ $246.55 billion USD. Assuming that 50% represents layer- external cyber-attackers. (ii) The introduction of SDN, FPGAs
3 BE-IP hardware, then the global capital costs of layer-3 and determinism into layer-3 can save potentially $100s of
hardware were ≈ $123 billion USD, in 2020. billions per year in reduced costs. (iii) It can reduce the costs
Reference [10] explored the cost savings for IP video of cyber-crime to society, estimated at over $10 trillion USD
distribution over a Deterministic Industrial Internet. A similar per year by 2025. (iv) It can support the ”Metaverse”, by
methodology is used next, using recent statistics. significantly increasing IoT capacity.
SUBMITTED TO THE IEEE, PROF. T. SZYMANSKI, AUG. 8, 2023, CONFIDENTIAL 7

R EFERENCES IETF : Internet Engineering Task Force

IP : Internet Protocol (equivalent to BE-IP)
[1] US National Academy of Engineering, ”NAE Grand Challenges for
Engineering: Secure Cyberspace”. http://www.engineeringchallenges.org
ITU : International Telecommunication Union
[2] M. Mosca, ”Cybersecurity in an Era with Quantum Computers: Will MPLS : Multi-Protocol Label Switching
We Be Ready?,” IEEE Security and Privacy, Vol. 16, No. 5, pp. 38-41, NAE : National Academy of Engineering
Sept./Oct. 2018, NAT : Network Address Translation
[3] T.H. Szymanski, ”The ”Cyber Security via Determinism” Paradigm for NIST : National Institute of Standards and Technology
a Quantum Safe Zero Trust Deterministic Internet of Things (IoT) ”, PKC : Public Key Cryptography
IEEE Access, Vol. 10, pp. 43586-45930, April 2022. PQC : Post Quantum Cryptography
[4] A. Singla, B. Chandrasekaran, P.B. Godfrey, and B. Maggs, ”The SDD : Software Defined Deterministic
Internet at the Speed of Light”, Proc. 13th ACM Workshop on Hot SDN : Software Defined Networking
Topics in Networks, Oct. 2014, pp. 1-7.
[5] Cisco, ”Cisco Annual Internet Report (2018-2023)”, https://cisco.com
SKC : Symmetric Key Cryptography
[6] ITU (International Telecommunications Union), “FG-NET2030 - Arch TBPS : Terabits per second
: Network 2030 Architecture Framework”, June 2020, pp. 1-165. USD : US Dollars
[7] N. Finn, P. Thubert, B. Varga, J. Farkas, ”Deterministic Networking VPN : Virtual Private Network
Architecture”, IETF RFC 8655, Oct. 2019. WAN : Wide Area Network
[8] S. Goldberg, ”Why is it Taking So Long to Secure Internet Routing?”, ZTA : Zero Trust Architecture
CACM, Vol. 57, No. 10, pp. 56-63, Oct. 2014.
[9] ETSI (European Telecommunications Standards Institute), Technical
Report, ”Quantum Safe Virtual Private Networks”, ETSI TR 103 617
v1.1.1, Aug. 2018
[10] T.H. Szymanski, ”Supporting Consumer Services in a Deterministic
Industrial Internet Core Network”, IEEE Communications Magazine,
Vol. 54, No. 6, pp. 110-117, June 2016.
[11] Z. Zhang, H. Ning, F. Shi, et al., ”Artificial Intelligence in Cyber
Security: Research Advances, Challenges, and Opportunities”, Artif.
Intell. Rev., 55, pp. 1029–1053, 2022
[12] AL Buczak, E. Guven, ”A Survey of Data Mining and Machine Learning
Methods for Cyber Security Intrusion Detection”, IEEE Comm. Surveys
and Tutorials, Vol. 18, No. 2, pp. 1153-1176, Oct. 2015.
[13] F. Liang, W. G. Hatcher, W. Liao, W. Gao and W. Yu, ”Machine Learning
for Security and the Internet of Things: The Good, the Bad, and the
Ugly,”, IEEE Access, Vol. 7, pp. 158126-158147, 2019.
[14] V. Hu, D. Feraiolo, R. Kuhn, et-al, “Guide to Attribute Based Access
Control (ABAC) Definitions and Considerations”, US NIST Pub. SP
800-162, Jan. 2014 (updated Aug. 2019).
[15] S. Rose, O. Borchert, S. Mitchell, S. Connelly, ”Zero Trust Architec-
ture”, US NIST Publication SP-800-207, Aug. 2020.

Biography
T.H. Szymanski completed a PhD degree at the University of Toronto.
From 1987-1998, he was at Columbia and McGill universities. From
1999-2023, he was at McMaster University. From 2001...2011, he
held the Bell Canada Chair in Data Communications at McMaster.
From 1993-2003, he led the Optical Architectures project within a
10-year national research program funded by the Networks of Centers
of Excellence (NCE) of Canada. Collaborators included Nortel Net-
works (now Ericsson), Newbridge Networks (now Nokia), Lockheed-
Martin/Sanders, and 4 universities. His research group demonstrated
the first photonic FPGA, fabricated through the US ARPA/Lucent
Technologies foundry service. He holds 16 US patents on determinis-
tic internet technologies, covering deterministic switches, scheduling,
wireless networks, the SDN control-plane, and ultra-strong cyber-
security, which have been cited as Prior Art several hundred times in
subsequent US patents. He is listed in the top 2% of researchers in the
field of Networking and Telecommunications, according to Stanford
University.

VI. A PPENDIX : ACRONYMS

AB-ACS: Attribute-Based Access Control System
AES : Advanced Encryption Standard
AI : Artificial Intelligence
BE-IP : Best-Effort Internet Protocol (equivalent to IP)
BE-VPN : Best-Effort Virtual Private Network
D (as in D-switch, D-flow): Deterministic
DetNet (DNET) : the IETF Deterministic Networking group
DoS,DDoS : Denial of Service, Distributed DoS
DVPN : Deterministic Virtual Private Network
ETSI : European Technology Standards Association
FPGA : Field Programmable Gate Array
IDS : Intrusion Detection System