1

Security Function Virtualization for IoTApplications in 6G Networks

Muhammad Naveed Aman∗, Member, IEEE , Uzair Javaid†, Student Member, IEEE ,and Biplab Sikdar†, Senior Member, IEEE

∗School of Computing, National University of Singapore†Department of Electrical and Computer Engineering, National University of Singapore

Abstract—One of the important characteristics envisioned for 6G is Security Function Virtualization (SFV). Similar to NetworkFunction Virtualization (NFV) in 5G networks, SFV provides new opportunities for improving security while reducing the securityoverhead. In particular, it provides an attractive way of solving compatibility issues related to security. Malware in Internet of Things(IoT) systems is gaining popularity among cyber-criminals because of the expected number of IoT devices in 5G and 6G networks. Tosolve this issue, this paper proposes a security framework which exploits softwarization of security functions via SFV to improve trust inIoT systems and contain the propagation of malware. IoT devices are categorized into trusted, vulnerable, and compromised levelsusing remote attestation. To isolate the devices in the three distinct categories, NFV is used to create separate networks for eachcategory and a distributed ledger is used to store the state of each device. Virtualized remote attestation routines are employed toavoid any compatibility issues among heterogeneous IoT devices and effectively contain malware propagation. The results show thatthe proposed framework can reduce the number of infected devices by 66% in only 10 seconds.

Index Terms—Security Function Virtualization (SFV); Network Function Virtualization (NFV); Malware; Internet of Things (IoT)

F

1 INTRODUCTION

INTERNET of Things (IoT) devices are capable of gatheringand transmitting data with and without human interven-

tion. IoT is expected to play a critical role in automationstrategies to perform various tasks locally with dynamiccontrol strategies for future information networks, wherethe fundamental advantage of IoT devices lies in their abilityto connect with relatively modest hardware specifications.6G is envisioned as a move from connected things to con-nected intelligence [1]. This means that IoT devices wouldneed to share large amounts of information with each otherthat will lead to different security concerns [2]. As 6G IoTexploits high-density Internet connected heterogeneous de-vices (e.g., sensors, smart phones, CCTV cameras, actuators,etc.) that support more robust system architectures, involvehigh capacity, and power Artificial Intelligence (AI) basedsmart algorithms, security concerns are further catalysedwhich make IoT even more vulnerable to cyber attacks.Among these, malware is a growing concern and therefore,trust is crucial for IoT systems in 6G networks.

Infrastructure links or device-to-device (D2D) links maybe used to propagate malware in IoT systems [3]. Addressspace scanning, Telnet, and brute-force password crackingmay be used to compromise IoT devices using Infrastructurelinks [4]. Examples of malware propagation through D2Dlinks include the Cabir and Commwarror mobile wormsthat used Bluetooth to spread among Symbian based mobilephones. IoT devices may use different wireless standards(e.g., Zigbee) to communicate with each other. Therefore,researchers have shown the feasibility of malware prop-agation through proximity-based wireless interfaces [5].

Corresponding author: B. Sikdar (email: bsikdar@nus.edu.sg)

Regardless of how malware propagates, vulnerable andunpatched IoT devices amplify the risk of self-replicatingmalware.. Although some IoT devices may have securitypatches available, patching remains extremely costly andfar from effective practice. This is evident from a recentstudying showing that 95% of vulnerabilities in IoT de-vices stem from firmware [6]. IoT device firmware maybe tampered or even used to propagate malware to otherentities in the network. In addition, emerging vulnerabilitiesreported about specific devices are also exposed to hackers[7], [8]. However, due to no active maintenance and the longlife-span of these devices, they are typically not protectedagainst such vulnerabilities. The lack of awareness andexcessive downtime associated with installing security up-dates or patches, results in many IoT devices not receivingtimely firmware updates or security patches. This allowsmalware to spread in IoT networks without identification.

The process of verifying the integrity of the softwarerunning on embedded devices and detect any malware isknown as attestation. The existing techniques for attestationare either too computationally complex for IoT devices orrely on specialized architectures. Thus, it is not feasibleto accommodate the wide array of heterogeneous deviceswith hardware based solutions [9]. One of the highlightsof 5G is Network Function Virtualization (NFV), enablinga system to partition its resources and services by usingvirtualization to virtualize entire classes of network nodefunctions into building blocks that may connect, or chain to-gether, to create different communication services as shownin Figure 1. Some of the advantages of softwarization ofnetwork functions include simplifying network operations,reducing maintenance costs, better utilization of resources,and lengthening hardware network cycles by eliminating

2

the need for dedicated hardware and equipment. This leadsto higher scalability to support a larger number of devicesconnected to the network. However, with 6G, the scalabilityneeds to be extended even further. Therefore, to solve thisissue, this paper proposes a security framework based onsoftwarization of the security function to enable virtualremote attestation, i.e., in addition to virtualizing networkfunctions, we propose to virtualize security functions aswell. Note that SFV is an emerging NFV offshoot technologyin 6G networks that uses the same NFV principles to offersecurity services at scale.

Operations Support System (OSS)/Business Support System (BSS)

Nonvirtualized

networkfunctions

Virtual Network Function (VNF) domain

NFV Infrastructure (NFVI)

VNF

Hardware

Compute, Storage, Networking

Hypervisor

VNF VNF

Managementand NetworkOrchestration

(MANO)

VirtualInfrastructure

Manager (VIM)

NFVOrchestrator

VNF Manager

Fig. 1. A depiction of NFV architecture with its interfaces.

1.1 Motivation and contribution

With recent advances towards ubiquitous communication,malware spread in 6G networks is a security concern that isgrowing at an alarming pace. This paper addresses this issueby proposing a security framework that uses NFV with SFVto install software across network locations and effectivelycontain malware propagation. It also eliminates the needfor any hardware infrastructure by offering the followingproperties.

1.1.1 Scalability

There is a constant need for a more responsive approachto service provisioning in next-generation communicationnetworks as user demands have a rapidly shifting dynamiclandscape. Therefore, there must be flexibility in commu-nication infrastructures that offers network operators theability to scale their networks across servers with ease ofconvenience.

1.1.2 Security

Direct service providers are normally concerned about secu-rity as they prefer and thus, seek greater control in their net-work management. SFV grants end users the ability to usea virtual machine beside firewalls within these networks.

1.1.3 Flexibility

For telecommunication operators, a prerequisite is seam-less deployment of new services. Thus, future informationnetworks need to be relatively more adaptable, with thebenefits of simple installation and provisioning in networkswith seamless integration to different features.

1.1.4 Cost

Network operators and service providers alike have to en-sure optimal pricing for user retention as well as increasingtheir user base. To achieve this, data centers need to bedeployed with the support of off-the-shelf vendors.

Related work is discussed in the following section. Then,an overview of the network model is presented that de-scribes the dynamics of IoT devices with NFV and SFV.Next, a security framework for containing malware spreadin IoT networks is explained. To demonstrate the effective-ness of the proposed framework, a performance analysis isdiscussed that shows how the framework can effectivelycontain malware propagation. Finally, the concluding re-marks to this paper are summarized.

2 RELATED WORK

The propagation of malware across IoT networks canbe characterized similarly to the spread of epidemicsamong people. Thus, the current literature constructs mal-ware schemes and frameworks on the basis of a homo-geneous infection pathway by taking into account theidea of epidemiological models [10]. Malware in cur-rently well-established susceptible-infection-recover (SIR)and Susceptible-Exposed-Infected-Recovered (SEIR) mitiga-tion models is assumed to be simultaneously detected andrepaired at each device or node in a network [11]. Thisessentially reflects the state transition from “infected” to“recovered” state. However, it is usually infeasible to patcha compromised IoT device directly due to the unavailabilityof security patches. Therefore, it is much more feasibleto patch it on the infrastructure side, i.e., restricting itscommunications. This results in restricting malware fromfurther spread. Thus, using the SIR model principles, theinfrastructure links in the IoT system can be consideredas “recovered/diagnosed”, while the compromised deviceremains “infected”. This is an effective solution since itlocks and isolates the malware, which limits its impact.However, it exposes intermediate nodes to different attacks,e.g., physical attacks. It also results in extra reliance tointermediate nodes. Moreover, the deduction that malwarerestriction in IoT environments can be considered as a “linkrecovery” problem instead of a “node recovery” one, moti-vates a different development of modeling and formulationfor malware mitigation models in IoT.

A traffic-aware patching scheme for mobile IoT networksis discussed in [3]. Unlike traditional methods where adevice is directly patched, they propose patching the impor-tant intermediate nodes instead. Using the traffic volumesgenerated by the mobile IoT devices, they demonstratedsuccessfully restricting the malware spread to direct device-to-device connection, thereby reducing the malware impact.However, the dependence on intermediate nodes leading tolonger times for patching makes this proposition less attrac-tive. The authors in [12] proposed a machine learning basedtechnique to detect malware in IoT networks. They furthersupport their proposal by integrating their scheme with adevice patching model to provide a distributed securityarchitecture by using a network function virtualization tech-nique. Although The authors assert that their framework

3

compute nodes

device

client

user

miners/servers

storage

compute nodes IoT security detail- scalability challenge

- malware spread- hardware constraint- transparency issue

diverse data typesIIoT applications

smart contracts

Virtual Appliances

Data Center

Virtual Machines

switchesstoragegeneral servers

router

cloud-basedVM ware

Network Function Virtualization (NFV)

load balancer

Security Function Virtualization (SFV)

Fig. 2. An overview of the proposed blockchain based network model with SFV and NFV. The distributed compute nodes host the blockchain andprovide NFV services to end users along with SFV.

is scalable in terms of network size, it is inherently time-consuming due to the function virtualization techniquesand vulnerable to physical attacks. Guizani et al. [13] dis-cuss an intriguing formulation in which they examine thestructure of social networks in order to determine how itaffects the dynamics of epidemic disease propagation withapplications to ad-hoc networks. They discuss an epidemicspread model based on SEIR for various levels of popula-tion aggregation. They then analyze and apply the model’sdynamics to mobile ad-hoc networks (MANETs) in order togain a better understanding of the dynamics of malwarepropagation in these networks. Additionally, the authorsin [14] present another intriguing patching mechanism toevaluate automatic patching in systems using an analyticalframework. Their mechanism enables timely sending of a“clear update” message to infected devices. Thus, they claimthat this timely response can avoid the patch/virus racecondition, which contributes to better patching of devices ingeneral. Although such updates can be of vital importance,sending updates each time a device gets infected or compro-mised increases time cost. Therefore, lightweight patchingframeworks are needed that require low time cost for theiroperation.

Hence, majority of existing frameworks suffer from twoproblems, first, a lengthy time period, i.e., a high cost interms of time spent patching a malware-infected device,and second, limited control of malware spread, i.e., noisolation of compromised from non-compromised devices.

As a result of this challenge, this paper proposes a low-costsecurity framework for IoT environments that is capable ofeffectively containing malware propagation through the def-inition of three network isolation categories using networkslicing.

3 NETWORK MODEL

The network model for the proposed security framework isshown in Figure 2 with the following major entities:

1) IoT devices: These represent end users that can eitherbe a device or a sensor. Note that each device is as-sumed to be an embedded System-on-Chip (SoC).

2) Server: The trusted server responsible for registration,management, control, and patching of IoT devices.

3) Infrastructure based links: IoT devices may be con-nected to infrastructure-based communication tech-nologies such as GSM/GPRS/UMTS/LTE via cellularbase stations and WiFi via WLAN access points (AP).However, most IoT devices do not implement the fullTCP/IP stack. Therefore, they need to be connectedto cellular base stations and WLAN APs via gatewayssuch as 6LoWPAN based (or similar) router elements.These border router elements act as gateways for IoTdevices to connect them to the Internet.

4) Device-to-device links: IoT devices may communicatewith one another via proximity-based wireless inter-faces such as WiFi Direct, Bluetooth Low Energy (BLE),and near field communication (NFC).

4

5) Compute nodes: These represent the devices (dis-tributed servers) that function to provide NFV and SFVbased features/services to the end users.

YesYes

No

Yes

YesYesYes

Yes new deviceregistration

No

attestationsuccessful?

BEGIN

trusted?

registereddevice?

YesSFV basedattestation

routine

Yes

Trusted

device {ID_1}

device {ID_2}

. . .

Vulnerable

device {ID_1}

device {ID_2}

. . .

No

compromised?

Yes

Compromised

device {ID_1}

device {ID_2}

. . .

Fig. 3. The flow diagram of the proposed framework.

4 PROPOSED FRAMEWORK

This section discusses the details the proposed securityframework and the role of NFV for 6G IoT systems. A flowdiagram of the proposed framework is shown in Figure 3. Itcan be seen that before an IoT device can begin to interfacewith the proposed framework, it has to be registered first.Once it is registered, the framework checks if it is trusted.For a device to be trusted, the framework employs a SFVbased remote attestation routine as follows.

4.1 Remote attestationAttestation is the process of detecting unintentional andmalicious modifications to a software running on an em-bedded device by ensuring the integrity of its internal state.Alternatively, the process in which a trusted entity (usuallyreferred to as the verifier) starts the attestation routineremotely is called remote attestation, whereas the embeddeddevice (usually referred to as the prover) authenticates itsinternal state. To start the attestation process, the verifierissues a challenge to the prover. Using this challenge, theprover calculates a hash digest of its memory contents andreturns a response called the checksum, to the verifier. Then,the verifier checks the checksum to determine if the proverhas been compromised or not.

In this paper, we use the HAtt [6] routine, which is arecently proposed remote attestation technique for IoT de-vices. We chose this routine due to its extremely low down-time and security overhead. Concretely, HAtt partitionsthe memory of an IoT device into blocks, and detects anymalicious change to the software of the IoT device throughrandom sampling of memory bits. HAtt is a lightweightroutine that can easily be virtualized via SFV to run on anIoT device without interfering with its normal operation.

Once a device is attested successfully, it is listed in the‘Trusted’ device category. Otherwise, it is listed in the ‘Vul-nerable’ category. Devices in the ‘Vulnerable’ category needto go through the attestation routine and gain the trustedstatus. If a device listed in either category, is compromisedby malware, the framework relegates it to the ‘Compro-mised’ device category. This way, the malware cannot prop-agate and is contained within the ‘Compromised’ category.The three network categories are designed as follows.

4.2 Network isolation levelsIn the proposed framework, we use NFV based networkslicing to partition the network into three different isolationlevels. Note that these levels are defined by the distinctivebehaviour of IoT devices.

1) Trusted Slice: IoT devices that are not compromisedand malware-free, are added to the trusted level ofnetwork isolation. In this category, IoT devices are ableto communicate with one another via any availablecommunication interface.

2) Vulnerable Slice: The strict network is used to add IoTdevices that are new to the user network or may becompromised. The traffic generated by these devicesis filtered to prevent malicious packets or connectionrequests to the external network or other IoT devicesfrom being transmitted.

3) Compromised Slice: The compromised IoT devices arelisted in the isolated level. Note that the IoT devicesmay use different communication interfaces, includingBluetooth, LTE, and WiFi. In this category, IoT devicesare limited to a single basic communication interface,such as WiFi. Additionally, all messages and connectionrequests generated from these devices are blocked/-dropped.

It is worth noting here that throughout the routine ofthe proposed framework, the state of the IoT devices keepson changing. It is important to keep track of these stateupdates, which help in identifying malware. The proposedframework uses a blockchain with a modified version ofProof-of-Work (PoW) consensus, i.e., dynamic PoW (dPoW)to mine new blocks, as discussed in [15]. This allows theblockchain to scale and accommodate the increasing num-ber of IoT devices within a system.

4.3 Framework operationFigure 2 illustrates an overview of NFV and its componentsfor a blockchain based 6G network. It can be seen that SFVacts as a virtual appliance that provides different securityfunctionalities such as malware detection and mitigation.This is where the proposed framework operates, whereFigure 3 shows its functions.

5

(a) (b)

(c)

Fig. 4. Malware control using the proposed security framework: (a) 70% malicious devices, (b) 50% malicious devices, and (c) 30% maliciousdevices

To explain the operation of the framework, let us assumean IoT device that we refer to as idi. For any message thatidi sends in the network, the framework first checks if itis registered. A request to get registered with the serversis generated if idi is not registered. Next, the frameworkchecks if idi is trusted (i.e., if it has been attested) andproceeds as follows.

a. If idi is not attested, it generates the HAtt [6] basedattestation routine for idi.

i. If it passes the routine, the framework lists it in theTrusted isolation level.

ii. If it fails, the framework lists it in the Vulnerableisolation level.

b. If idi is attested, it lists it in the Trusted network isolationlevel.

Finally, after idi is listed either in Trusted or Vulnerablelevel, the framework constantly monitors its behaviour. Ifidi exhibits malicious behavior, it is declared as compro-mised and then relegated to the Compromised networkisolation level. At this stage, all messages that idi sends

are blocked until it gets attested following the same routinefrom the start. Note that attestation is done on a virtualmachine which implies SFV in the proposed scheme.

5 PERFORMANCE ANALYSIS

This section discusses the proposed framework in terms ofachieving its aforementioned objectives (see Section 1.1) andcontrolling the spread of malware.

5.1 Objectives

The proposed framework achieves the following objectives.

5.1.1 ScalabilityFigure 2 shows that not only network functions but alsosecurity functions are virtualized and deployed on virtualmachines instead of dedicated hardware. Thus, as the net-work becomes more complex and heterogeneous, networksoftwarization is not sufficient for beyond 5G networks. Inthe proposed framework this issue is solved by deploying

6

virtual security functions (VSFs) on virtual machines. Thus,multiple security functions (supporting heterogeneous de-vices) can run on a single server. Moreover, having multipledistributed servers in the blockchain increases the scalabilityeven further.

5.1.2 SecurityIn the proposed framework, the service provider is host-ing the virtual machines for various network and securityfunctions. Therefore, he/she has greater control over theimplementation and maintenance of these services. Onesuch example is that if the service provider identifies anyvulnerability in a security function, he/she can apply apatch and/or update the security function easily. Moreover,as many IoT devices are constrained in terms of resources,the proposed framework is used to offload the computa-tional complexity from the edge devices to the cloud. In thiscase, we virtualized the attestation routine to achieve twomajor objectives, firstly, to provide more control on securityfunctions to the service provider, and secondly, to supporta wide range of heterogeneous devices including resourceconstrained simple IoT devices.

5.1.3 FlexibilityWith SFV in the proposed framework, service providers canrun VSFs across different servers or move them around asneeded when demand changes. This not only lets serviceproviders deliver services and apps faster but may also beused as a low-risk way to test the value of a potential newservice.

5.1.4 CostService providers can now run security functions on com-modity hardware rather than dedicated hardware usingSFV. Additionally, due to the virtualization of security func-tions, multiple functions can be run on a single server. Thisresults in a reduction in the amount of physical hardwarerequired, allowing for resource consolidation, which resultsin physical space, power, and overall cost savings.

Fig. 5. Number of infected devices over time with an attestation fre-quency of 8/gateway.

5.2 Malware controlTo evaluate the effectiveness of the proposed framework, Weran simulations using a Python-based discrete event sim-ulator. Additionally, we evaluated three scenarios startingwith a fixed percentage of compromised devices. All thesimulations are run for 10 seconds, using a 5 − 7 secondsan attestation time period ta, indicating that the IoT devicesare scanned for malware once every 5 to 7 seconds. Theresults for each scenario were obtained using an average of100 simulations. Nota bene, in these simulations, we assumethat 10% of devices are supported by security patches, whilethe remaining 90% of devices (if infected) require virtualpatching. According to the findings, if a device is virtuallypatched, it is not considered infected.

5.2.1 Case 1

For the first scenario, we assumed that 70% of devices wereinfected with malware, or 35 devices out of the total of50 devices. Figure 4(a) demonstrates that our frameworkis capable of significantly reducing malware distributionamong devices in a relatively short period of time (10s).As can be seen, the number of infected devices drops to 0from 35 when ta = 5s. Similarly, at ta = 6s, the number ofinfected devices decreased to 0 from 35, while at ta = 7s,the number of infected devices decreased to just 2 from 35in just 10 seconds.

5.2.2 Case 2

In the second scenario, we assumed that 50% of devices, or25 devices were initially infected with malware. Figure 4(b)demonstrates that our framework is capable of significantlyreducing malware distribution across devices in a shortperiod of time. As can be seen, the number of infecteddevices decreased to 0 from 25 when ta = 5s. Similarly,at ta = 6s, this number decreased to zero from 25, while atta = 7s, the number of infected devices decreased to justone from 25 in just ten seconds.

5.2.3 Case 3

The third scenario considers 30% of devices to be initiallyinfected with malware, i.e., 15 devices. Figure 4(c) demon-strates the effective reduction in number of infected devicesby our secure patching framework. It can be seen that atta = 5s, the number of infected devices reduced to 0 from15. Similarly, for ta = (6, 7)s, the number of infected devicesreduced to 0 from 15 in 10 seconds.

By keeping the attestation frequency constant at8/gateway, the reduction of number of infected devicesversus time is shown in Figure 5. We can observe that theproposed framework is able to effectively control, contain,and reduce the propagation of malware. The results showthat even in the case of 70% of initially infected IoT deviceswith an attestation rate of once per eight seconds, the frame-work effectively contained the malware from propagatingand restricted the number of infected devices, which wasreduced to only 4% in a short time period of 10 seconds.

6 CONCLUSION

SFV is an emerging concept that offers new opportunitiesfor improving security in 6G networks while reducing the

7

associated overhead. It addresses the compatibility issues ofsecurity by providing a security virtualization layer betweenend users and systems. With the increasing number of IoTdevices in 5G and 6G networks, malware in IoT systemshas become one of the major security concerns. This paperaddressed this issue by proposing a security framework thatexploits softwarization of security functions via SFV to con-tain the propagation of malware and isolate the IoT devicesinto trusted, vulnerable, and compromised network isola-tion levels via remote attestation. To isolate the devices, NFVis used to create separate networks for each category and adistributed ledger is used to store the state of each device.To avoid any compatibility issues among the heterogeneousgroup of IoT devices, virtualized remote attestation routinesare employed. We showed that the proposed framework notonly results in better security, but also leads to improvedscalability, flexibility, cost, and malware control. The resultsdemonstrated that the proposed framework reduced thenumber of infected devices by 66% in only 10 seconds.

REFERENCES

[1] M. B. Mollah, J. Zhao, D. Niyato, Y. L. Guan, C. Yuen, S. Sun, K.-Y.Lam, and L. H. Koh, “Blockchain for the internet of vehicles to-wards intelligent transportation systems: A survey,” IEEE Internetof Things Journal, vol. 8, no. 6, pp. 4157–4185, 2021.

[2] N. Ul Hassan, C. Yuen, and D. Niyato, “Blockchain technologiesfor smart energy systems: Fundamentals, challenges, and solu-tions,” IEEE Industrial Electronics Magazine, vol. 13, no. 4, pp. 106–118, 2019.

[3] S. Cheng, P. Chen, C. Lin, and H. Hsiao, “Traffic-aware patchingfor cyber security in mobile iot,” IEEE Communications Magazine,vol. 55, no. 7, pp. 29–35, 2017.

[4] Y. M. P. Pa, S. Suzuki, K. Yoshioka, T. Matsumoto, T. Kasama, andC. Rossow, “Iotpot: Analysing the rise of iot compromises,” in 9thUSENIX Workshop on Offensive Technologies (WOOT 15). Washing-ton, D.C.: USENIX Association, Aug. 2015. [Online]. Avail-able: https://www.usenix.org/conference/woot15/workshop-program/presentation/pa

[5] E. Ronen and A. Shamir, “Extended functionality attacks on iot de-vices: The case of smart lights,” in 2016 IEEE European Symposiumon Security and Privacy (EuroS P), 2016, pp. 3–12.

[6] M. N. Aman, M. H. Basheer, S. Dash, J. W. Wong, J. Xu, H. W. Lim,and B. Sikdar, “Hatt: Hybrid remote attestation for the internetof things with high availability,” IEEE Internet of Things Journal,vol. 7, no. 8, pp. 7220–7233, 2020.

[7] M. N. Aman, M. H. Basheer, and B. Sikdar, “Two-factor authen-tication for iot with location information,” IEEE Internet of ThingsJournal, vol. 6, no. 2, pp. 3335–3351, 2019.

[8] M. N. Aman and B. Sikdar, “Att-auth: A hybrid protocol forindustrial iot attestation with authentication,” IEEE Internet ofThings Journal, vol. 5, no. 6, pp. 5119–5131, 2018.

[9] N. Chen and M. Okada, “Towards 6g internet of things and theconvergence with rof system,” IEEE Internet of Things Journal, pp.1–1, 2020.

[10] S. Peng, S. Yu, and A. Yang, “Smartphone malware and itspropagation modeling: A survey,” IEEE Communications SurveysTutorials, vol. 16, no. 2, pp. 925–941, 2014.

[11] C. L. Barrett, K. R. Bisset, S. G. Eubank, Xizhou Feng, and M. V.Marathe, “Episimdemics: An efficient algorithm for simulating thespread of infectious disease over large realistic social networks,”in SC ’08: Proceedings of the 2008 ACM/IEEE Conference on Super-computing, 2008, pp. 1–12.

[12] N. Guizani and A. Ghafoor, “A network function virtualizationsystem for detecting malware in large iot based networks,” IEEEJournal on Selected Areas in Communications, vol. 38, no. 6, pp. 1218–1228, 2020.

[13] N. Guizani, A. Elghariani, J. Kobes, and A. Ghafoor, “Effects ofsocial network structure on epidemic disease spread dynamicswith application to ad hoc networks,” IEEE Network, vol. 33, no. 3,pp. 139–145, 2019.

[14] M. Vojnovic and A. J. Ganesh, “On the race of worms,alerts, and patches,” IEEE/ACM Trans. Netw., vol. 16,no. 5, p. 1066–1079, Oct. 2008. [Online]. Available:https://doi.org/10.1109/TNET.2007.909678

[15] U. Javaid, M. N. Aman, and B. Sikdar, “A scalable protocol fordriving trust management in internet of vehicles with blockchain,”IEEE Internet of Things Journal, vol. 7, no. 12, pp. 11 815–11 829,2020.

Muhammad Naveed Aman (S’12-M’17) re-ceived the B.Sc. degree in Computer SystemsEngineering from KPK UET, Peshawar, Pakistan,M.Sc. degree in Computer Engineering from theCenter for Advanced Studies in Engineering, Is-lamabad, Pakistan, M.Engg. degree in Indus-trial and Management Engineering and Ph.D. inElectrical Engineering from the Rensselaer Poly-technic Institute, Troy, NY, USA in 2006, 2008,and 2012 respectively.

He is currently working as a Senior ResearchFellow with the Department of Computer Science at the National Univer-sity of Singapore, Singapore. Dr. Aman previously served on the facultyof National University of Computer and Emerging Sciences Pakistan asan Assistant Professor. His research interests include IoT and networksecurity, wireless and mobile networks, and secure embedded systems.

Uzair Javaid (S’19) received the B.Sc. degree(magna cum laude) in electrical engineeringfrom the FAST-National University of Computerand Emerging Sciences, Peshawar, Pakistan.He is currently pursuing the Ph.D. degree withthe Department of Electrical and Computer En-gineering, National University of Singapore, Sin-gapore.

His research interests include blockchain,cryptography, cyber physical systems, networksecurity, and privacy-preserving technologies.

Biplab Sikdar (S’98-M’02-SM’09) is an Asso-ciate Professor in the Department of Electricaland Computer Engineering at the National Uni-versity of Singapore, where he serves as a ViceDean in the Faculty of Engineering. He receivedthe B. Tech. degree in electronics and com-munication engineering from North Eastern HillUniversity, Shillong, India, in 1996, the M.Tech.degree in electrical engineering from the IndianInstitute of Technology, Kanpur, India, in 1998,and the Ph.D. degree in electrical engineering

from the Rensselaer Polytechnic Institute, Troy, NY, USA, in 2001.He was an Assistant Professor from 2001 − 2007 and Associate

Professor from 2007 − 2013 in the Department of Electrical, Computer,and Systems Engineering at Rensselaer Polytechnic Institute from 2001to 2013. His research interests include IoT and cyber-physical systemsecurity, network security, and network performance evaluation. Dr.Sikdar is a member of Eta Kappa Nu and Tau Beta Pi.

Dr. Sikdar served as an Associate Editor for the IEEE TRANSACTIONSON COMMUNICATIONS from 2007 to 2012 and as an Associate Editor forthe IEEE TRANSACTIONS ON MOBILE COMPUTING from 2014− 2017..