Quan Shen,Yanming Shen

DOI: https://doi.org/10.1016/j.cose.2023.103537

IF: 5.105

2023-01-01

Computers & Security

Abstract:In the rapidly evolving field of information technology, network security, especially enterprise endpoint security, has emerged as a major challenge. This paper presents a comprehensive and interactive method for network access and user authentication utilizing a zero-trust framework. This method integrates key elements, including the Network Access (NA) Agent, Identity and Access Management (IAM) Agent, Policy Enforcement Point (PEP) Agent, and Situational Awareness (SA) Agent, to mitigate security risks associated with critical business information exposure and unauthorized network access. Leveraging a zero-trust approach, the method dynamically controls user permissions, thereby enhancing endpoint security. It also introduces an efficient solution that coexists with legacy infrastructures, balancing security necessities with user accessibility, and offering a unified solution for both internal corporate networks and the Internet. We present a thorough analysis of potential risks associated with this method and propose preventative measures to minimize these threats. We conclude that our method provides a more secure and efficient approach to enterprise network security compared to traditional static rule-based systems, offering a promising direction for future research and implementation.

Priya Parameswarappa,

DOI: https://doi.org/10.55083/irjeas.2022.v10i03013

2022-09-04

Abstract:Model-based security metrics are an emerging topic of cyber security research that focuses on assessing an information system's risk exposure. We propose an end-to-end solution with the deployment of a zero-trust network utilising Artificial Intelligence in this article to understand the security posture of a system before it is rolled out and as it matures. The major part contains a discussion about the key methods and techniques which was utilized in the development process and simplified operation principles of each developed process. Some developed processes were tested practically to evaluate the problems in the processes. Modules for automatic processing and data analysis were also developed. These modules can be connected in case it is needed. The most important data collection methods were benchmarked to detect problematic situations in the operation in different realistic situations. With the perception from the benchmark test, the problematic parts of the data collection were discovered and proposals for the solution were made which could be developed and tested in the next iterations of the development process. Working Artificial intelligence-based detection and data enrichment methods were created. The results of the article allow multiple continuous research and development projects related to data collection and data analysis with statistical and artificial intelligence-based methods.

Zhiwei Liu,Xiaoyu Li,Dejun Mu

DOI: https://doi.org/10.1155/2022/8659428

2022-01-01

Wireless Communications and Mobile Computing

Abstract:In today's information society, network security is a crucial issue. Network security technology is changing as a result of the development of emerging technologies such as big data, cloud computing, and artificial intelligence. Data-driven (DD) security has emerged as a new network security technology development direction. The key technologies for DD network security are discussed in depth in this paper. A data security protection system is designed from the perspective of ZT, based on advanced security concepts and technologies developed by ZT, as well as a foreign data security governance framework. The number of alarms generated per hour is counted, removal rules are defined, and real-time rule matching is performed to eliminate false alarms based on different combinations of attributes. By analyzing the security data generation rules and internal relations, a security aggregation method can reduce redundant data and improve alarm quality.

Lampis Alevizos,Vinh Thong Ta,Max Hashem Eiza

DOI: https://doi.org/10.1002/spy2.191

2021-11-16

Abstract:With the purpose of defending against lateral movement in today's borderless networks, Zero Trust Architecture (ZTA) adoption is gaining momentum. With a full scale ZTA implementation, it is unlikely that adversaries will be able to spread through the network starting from a compromised endpoint. However, the already authenticated and authorised session of a compromised endpoint can be leveraged to perform limited, though malicious, activities ultimately rendering the endpoints the Achilles heel of ZTA. To effectively detect such attacks, distributed collaborative intrusion detection systems with an attack scenario-based approach have been developed. Nonetheless, Advanced Persistent Threats (APTs) have demonstrated their ability to bypass this approach with a high success ratio. As a result, adversaries can pass undetected or potentially alter the detection logging mechanisms to achieve a stealthy presence. Recently, blockchain technology has demonstrated solid use cases in the cyber security domain. In this paper, motivated by the convergence of ZTA and blockchain-based intrusion detection and prevention, we examine how ZTA can be augmented onto endpoints. Namely, we perform a state-of-the-art review of ZTA models, real-world architectures with a focus on endpoints, and blockchain-based intrusion detection systems. We discuss the potential of blockchain's immutability fortifying the detection process and identify open challenges as well as potential solutions and future directions.

Cryptography and Security

Abraham Itzhak Weinberg,Kelly Cohen

2024-01-18

Abstract:This paper presents a comprehensive analysis of the shift from the traditional perimeter model of security to the Zero Trust (ZT) framework, emphasizing the key points in the transition and the practical application of ZT. It outlines the differences between ZT policies and legacy security policies, along with the significant events that have impacted the evolution of ZT. Additionally, the paper explores the potential impacts of emerging technologies, such as Artificial Intelligence (AI) and quantum computing, on the policy and implementation of ZT. The study thoroughly examines how AI can enhance ZT by utilizing Machine Learning (ML) algorithms to analyze patterns, detect anomalies, and predict threats, thereby improving real-time decision-making processes. Furthermore, the paper demonstrates how a chaos theory-based approach, in conjunction with other technologies like eXtended Detection and Response (XDR), can effectively mitigate cyberattacks. As quantum computing presents new challenges to ZT and cybersecurity as a whole, the paper delves into the intricacies of ZT migration, automation, and orchestration, addressing the complexities associated with these aspects. Finally, the paper provides a best practice approach for the seamless implementation of ZT in organizations, laying out the proposed guidelines to facilitate organizations in their transition towards a more secure ZT model. The study aims to support organizations in successfully implementing ZT and enhancing their cybersecurity measures.

Cryptography and Security

Valentyn Sobchuk,Roman Pykhnivskyi,Oleg Barabash,Serhii Korotin,Shakhin Omarov

DOI: https://doi.org/10.20998/2522-9052.2024.3.11

2024-09-23

Advanced Information Systems

Abstract:Relevance. The Internet of Things (IoT) and the Industrial Internet of Things (IIoT) and their widespread application make them attractive targets for cyber attacks. Traditional cybersecurity methods such as firewalls and antivirus software are not always effective in protecting IoT/IIoT networks due to their heterogeneity and large number of connected devices. The zero-trust principle can be more effective in protecting IoT/IIoT networks. This principle assumes on no inherent trustworthiness of any user, device, or traffic, requiring authorization and verification before accessing any network resource. This article presents a zero-trust-based intrusion detection system (IDS) that uses machine learning to secure IoT/IIoT networks. The aim of this article is to develop a two-component IDS for detecting and classifying cyber-attacks. The study utilizes machine learning techniques, such as Decision Tree, Random Forest, and XGBoost, on the Edge-IIoTset dataset. The following results were obtained. The IDS structure proposed here employs a sequential approach that consists of two AI modules. The first module detects attacks using a simpler model like Decision Tree. The second module uses more complex models like Random Forest or XGBoost to classify attack types. Experimental evaluation on the Edge-IIoTset dataset demonstrates the system's effectiveness, with an overall accuracy of 95% and significantly reduced response time compared to single complex model systems. Conclusion. The proposed design for an Intrusion Detection System (IDS) achieves high accuracy in detecting attacks while maintaining optimal performance and minimizing additional computational costs. This is especially crucial for real-time network monitoring in IoT/IIoT environments. Further research can focus on the practical implementation of the proposed IDS structure for physical realization in securing IoT/IIoT networks based on the zero-trust principle.

Mahmud Hasan

2024-10-24

Abstract:Zero Trust Architecture (ZTA) represents a transformative approach to modern cybersecurity, directly addressing the shortcomings of traditional perimeter-based security models. With the rise of cloud computing, remote work, and increasingly sophisticated cyber threats, perimeter defenses have proven ineffective at mitigating risks, particularly those involving insider threats and lateral movement within networks. ZTA shifts the security paradigm by assuming that no user, device, or system can be trusted by default, requiring continuous verification and the enforcement of least privilege access for all entities. This paper explores the key components of ZTA, such as identity and access management (IAM), micro-segmentation, continuous monitoring, and behavioral analytics, and evaluates their effectiveness in reducing vulnerabilities across diverse sectors, including finance, healthcare, and technology. Through case studies and industry reports, the advantages of ZTA in mitigating insider threats and minimizing attack surfaces are discussed. Additionally, the paper addresses the challenges faced during ZTA implementation, such as scalability, integration complexity, and costs, while providing best practices for overcoming these obstacles. Lastly, future research directions focusing on emerging technologies like AI, machine learning, blockchain, and their integration into ZTA are examined to enhance its capabilities further.

Cryptography and Security

Saeid Ghasemshirazi,Ghazaleh Shirvani,Mohammad Ali Alipour

DOI: https://doi.org/10.48550/arXiv.2309.03582

2023-09-07

Cryptography and Security

Abstract:The escalating complexity of cybersecurity threats necessitates innovative approaches to safeguard digital assets and sensitive information. The Zero Trust paradigm offers a transformative solution by challenging conventional security models and emphasizing continuous verification and least privilege access. This survey comprehensively explores the theoretical foundations, practical implementations, applications, challenges, and future trends of Zero Trust. Through meticulous analysis, we highlight the relevance of Zero Trust in securing cloud environments, facilitating remote work, and protecting the Internet of Things (IoT) ecosystem. While cultural barriers and technical complexities present challenges, their mitigation unlocks Zero Trust's potential. Integrating Zero Trust with emerging technologies like AI and machine learning augments its efficacy, promising a dynamic and responsive security landscape. Embracing Zero Trust empowers organizations to navigate the ever-evolving cybersecurity realm with resilience and adaptability, redefining trust in the digital age.

Heng Zhang,Yinchu Wang,Yawen Xue,Ruilong Deng,Hongran Li,Jian Zhang

DOI: https://doi.org/10.23919/ccc63176.2024.10662787

2024-01-01

Abstract:Industrial network control systems (INCSs) are easy to be targeted by attackers due to their high economic value. Most of the existing defense methods are deployed at the network boundary, which causes high-security risks to INCS once an attacker enters the system. In addition, many existing intrusion detection systems (IDSs) build detection models based on historical data. When INCS lacks sufficient historical data, it is difficult to build detection models with high accuracy. In this paper, we propose a trust assessment model for INCS based on Fourier series fitting employing concept of zero trust to assess the real-time trust of INCS. The model alerts when INCS has low trust. We test two data injection attacks in the experiment to prove the effectiveness of our approach.

P. SumanPrakash,K. Seshadri Ramana,Renzon Daniel CosmePecho,M. Janardhan,Meryelem Tania Churampi Arellano,J. Mahalakshmi,M. Bhavsingh,K. Samunnisa

DOI: https://doi.org/10.1016/j.comcom.2024.04.007

IF: 5.047

2024-04-07

Computer Communications

Abstract:Zero-touch architecture (ZTA) is one of the emerging cybersecurity components used to secure organizational resource. The primary pillars of ZTA is users, devices, networks, applications, and analytics. As part of this architecture, several components are used to secure resources, including the policy engine, the administrator, and the enforcement points on control and data planes. In addition, it contains Continuous Diagnostics and Mitigation (CDM), active logs, database for user and compliances. Among them, CDM is one of the major components which enhance the system and network security. However, traditional architecture is static and does not learn from experiences, so it is not adaptive and autonomous. To improve the CDM program, we use learning models to identify and respond intelligently while securing networks and systems. In this context, we use a recurrent neural network (RNN) to diagnosis the problems based on the condition and mitigate them through efficient decision making within the systems autonomously. In our experiments, we found that the proposed RNN methods were able to achieve 96% accuracy while diagnosing and mitigating the problems with our learned CDM program. These results are superior to those obtained from the traditional CDM program used in ZTA.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shiva Raj Pokhrel,Luxing Yang,Sutharshan Rajasegarar,Gang Li

2024-06-25

Abstract:This paper introduces a robust zero-trust architecture (ZTA) tailored for the decentralized system that empowers efficient remote work and collaboration within IoT networks. Using blockchain-based federated learning principles, our proposed framework includes a robust aggregation mechanism designed to counteract malicious updates from compromised clients, enhancing the security of the global learning process. Moreover, secure and reliable trust computation is essential for remote work and collaboration. The robust ZTA framework integrates anomaly detection and trust computation, ensuring secure and reliable device collaboration in a decentralized fashion. We introduce an adaptive algorithm that dynamically adjusts to varying user contexts, using unsupervised clustering to detect novel anomalies, like zero-day attacks. To ensure a reliable and scalable trust computation, we develop an algorithm that dynamically adapts to varying user contexts by employing incremental anomaly detection and clustering techniques to identify and share local and global anomalies between nodes. Future directions include scalability improvements, Dirichlet process for advanced anomaly detection, privacy-preserving techniques, and the integration of post-quantum cryptographic methods to safeguard against emerging quantum threats.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Machine Learning

Mukhtar Hussain,Shantanu Pal,Zahra Jadidi,Ernest Foo,Salil Kanhere

DOI: https://doi.org/10.1109/mwc.001.2300405

IF: 12.777

2024-04-12

IEEE Wireless Communications

Abstract:Cloud computing services have become ubiquitous, and currently, every organization uses some form of cloud computing service. Furthermore, even if an organization does not allow BYOD for work, employees will still bring their own devices to manage their personal communication while at work. Moreover, in this post COVID-19 era, working from home has become common. These new trends have diminished the previously known boundary between the enterprise-owned trusted network and untrusted outside networks. Therefore, a new cybersecurity paradigm is emerging that is referred to as zero trust architecture (ZTA). A ZTA protects an enterprise infrastructure based on the principles of never trusting and always verifying. The core component of ZTA is a Zero Trust (ZT) algorithm which ensures dynamic access control and continuous monitoring to establish never trusting and always verifying principles. This article provides a novel research direction based on federated artificial intelligence to develop a ZT algorithm.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Lalitha Sravanti Dasu,Mannav Dhamija,Gurram Dishitha,Ajith Vivekanandan,V. Sarasvathi

DOI: https://doi.org/10.2478/cait-2023-0016

2023-06-01

Cybernetics and Information Technologies

Abstract:Abstract Defending against identity-based threats, which have predominantly increased in the era of remote access and working, requires non-conventional, dynamic, intelligent, and strategic means of authenticating and authorizing. This paper aims at devising detailed risk-scoring algorithms for five real-time use cases to make identity security adaptive and risk-based. Zero-trust principles are incorporated by collecting sign-in logs and analyzing them continually to check for any anomalies, making it a dynamic approach. Users are categorized as risky and non-risky based on the calculated risk scores. While many adaptive security mechanisms have been proposed, they confine identities only to users. This paper also considers devices as having an identity and categorizes them as safe or unsafe devices. Further, results are displayed on a dashboard, making it easy for security administrators to analyze and make wise decisions like multifactor authentication, mitigation, or any other access control decisions as such.

Poonam Dhiman,Neha Saini,Yonis Gulzar,Sherzod Turaev,Amandeep Kaur,Khair Ul Nisa,Yasir Hamid

DOI: https://doi.org/10.3390/s24041328

IF: 3.9

2024-02-19

Sensors

Abstract:The Zero Trust safety architecture emerged as an intriguing approach for overcoming the shortcomings of standard network security solutions. This extensive survey study provides a meticulous explanation of the underlying principles of Zero Trust, as well as an assessment of the many strategies and possibilities for effective implementation. The survey begins by examining the role of authentication and access control within Zero Trust Architectures, and subsequently investigates innovative authentication, as well as access control solutions across different scenarios. It more deeply explores traditional techniques for encryption, micro-segmentation, and security automation, emphasizing their importance in achieving a secure Zero Trust environment. Zero Trust Architecture is explained in brief, along with the Taxonomy of Zero Trust Network Features. This review article provides useful insights into the Zero Trust paradigm, its approaches, problems, and future research objectives for scholars, practitioners, and policymakers. This survey contributes to the growth and implementation of secure network architectures in critical infrastructures by developing a deeper knowledge of Zero Trust.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Britta Hale,Ryan Arlitt,Nikolaos Papakonstantinou,Douglas Van Bossuyt

DOI: https://doi.org/10.1115/1.4062597

IF: 2.3

2023-05-23

Journal of Computing and Information Science in Engineering

Abstract:Abstract In an age of worsening global threat landscape and accelerating uncertainty, the design and manufacture of systems must increase resilience and robustness across both the system itself and the entire systems design process. We generally trust our colleagues after initial clearance/background checks; and systems to function as intended and within operating parameters after safety engineering review, verification, validation, and/or system qualification testing. This approach has led to increased insider threat impacts; thus we suggest moving to the “trust, but verify” approach embodied by the Zero-Trust paradigm. Zero-Trust is increasingly adopted for network security but has not seen wide adoption in systems design and operation. Achieving the goal of Zero-Trust throughout the systems lifecycle will help to ensure that no single bad actor -- whether human or machine learning / artificial intelligence (ML/AI) -- can induce failure anywhere in a system's lifecycle. Additionally, while ML/AI and their associated risks are already entrenched within the operations phase of many systems' lifecycles, ML/AI is gaining traction during the design phase. For example, generative design algorithms are increasingly popular but there is less understanding of potential risks. Adopting the Zero-Trust philosophy helps ensure robust and resilient design, manufacture, operations, maintenance, upgrade, and disposal of systems. We outline the rewards and challenges of implementing Zero-Trust and propose the Framework for Zero-Trust for the System Design Lifecycle. The paper highlights several areas of ongoing research with focus on high priority areas where the community should focus efforts.

engineering, manufacturing,computer science, interdisciplinary applications

Leonard Bradatsch,Oleksandr Miroshkin,Natasa Trkulja,Frank Kargl

DOI: https://doi.org/10.48550/arXiv.2402.08299

2024-02-13

Abstract:Zero Trust security has recently gained attention in enterprise network security. One of its key ideas is making network-level access decisions based on trust scores. However, score-based access control in the enterprise domain still lacks essential elements in our understanding, and in this paper, we contribute with respect to three crucial aspects. First, we provide a comprehensive list of 29 trust attributes that can be used to calculate a trust score. By introducing a novel mathematical approach, we demonstrate how to quantify these attributes. Second, we describe a dynamic risk-based method to calculate the trust threshold the trust score must meet for permitted access. Third, we introduce a novel trust algorithm based on Subjective Logic that incorporates the first two contributions and offers fine-grained decision possibilities. We discuss how this algorithm shows a higher expressiveness compared to a lightweight additive trust algorithm. Performance-wise, a prototype of the Subjective Logic-based approach showed similar calculation times for making an access decision as the additive approach. In addition, the dynamic threshold calculation showed only 7% increased decision-making times compared to a static threshold.

Cryptography and Security

G. Nagarajan,Martin Margala,Siva Shankar S,Prasun Chakrabarti,RI Minu

DOI: https://doi.org/10.1016/j.compeleceng.2024.109129

IF: 4.152

2024-02-23

Computers & Electrical Engineering

Abstract:The Internet of Medical Things (IoMT) promises transformative benefits for patient care and remote monitoring but raises significant security and privacy concerns. Ensuring the trustworthiness and security of IoMT systems at the edge is a critical challenge. This research paper presents a novel framework to address the security and trust issues specific to IoMT environments. The primary objective of this framework is to establish a robust defense against intrusion attempts and to instill trust in edge networks, securing healthcare data and medical devices. To achieve this, the paper introduces an advanced Intrusion Detection System (IDS) optimized for edge networks in the context of IoMT. This paper emphasizes developing an evaluation methodology for appraising the trustworthiness of individual network components, developing an analytical technique for scrutinizing the participation of network entities in ongoing communications, establishing a means to quantify the trust level at the network's periphery or edge, and constructing an energy-efficient trust-based framework for the identification and mitigation of malicious entities operating within the IoMT. Through comprehensive testing, including real-world simulation scenarios, the paper evaluates the performance and effectiveness of the proposed framework, validating its ability to safeguard sensitive healthcare information and support the secure operation of IoMT devices.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Mengru Tsai,Shanhsin Lee,Shiuhpyng Winston Shieh

DOI: https://doi.org/10.1109/tr.2023.3345665

IF: 5.883

2024-03-09

IEEE Transactions on Reliability

Abstract:In recent years, due to the impact of the COVID-19 pandemic, enterprises have been forced to adapt their operation patterns to ensure resilience, transitioning from traditional office-based work to remote work from home. However, this sudden and unforeseen change has made enterprises unprepared, resulting in a dramatic increase in cybersecurity threats. The most significant challenge arises from the adjustment from working in previously trusted areas to that beyond the boundaries of protection. While employees used to work within the company's defense perimeter, malicious attacks were blocked and detected by boundary security gateways. Shifting to remote work moves employees out of the protective environment, thereby their devices connecting to the internal resources of a company become exploitable targets for threat actors, and weaknesses in the internal authentication, authorization, and access control mechanisms become evident. The zero trust architecture (ZTA) approach is primarily focused on resource protection. When users or services attempt to access resources, ZTA requires precise authentication, minimal authorization, and continuous verification (trust inference) to ensure legitimacy and authorization of the resource usage, eliminating any space for assumed or inherited trust. In this article, we will address the challenges in handling the threats and propose the strategies, implementation, and limitation of ZTA, aiming to shed light on its effectiveness and applicability in mitigating cybersecurity risks.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Eduardo B. Fernandez,Andrei Brazhuk

DOI: https://doi.org/10.1016/j.csi.2024.103832

IF: 3.721

2024-01-12

Computer Standards & Interfaces

Abstract:Zero Trust (ZT) has become a very hot approach for building secure systems, promoted by industry and government as a new way to produce systems with a high degree of security. ZT is based on not trusting any request for accessing resources. Because of the possibility of increasing the security of enterprise systems there has been a large amount of publication on different aspects of this strategy. It is then important to evaluate if its claims are true. We have used security patterns to design and evaluate security architectures and we apply here this method to analyze the expectations of this strategy. We relate the ideas behind ZT to the accumulated knowledge of security and attempt to answer some questions about the value and possibilities of this technology. In general, industry publications are vague about the technical aspects of these systems, ignore past security knowledge, and there are few reports describing actual experience building and using ZT architectures. Is Zero Trust Architecture (ZTA) the ideal architecture to build secure systems? To obtain a deeper understanding of this architecture, we analyze its pattern structure and provide a sketch of its reference architecture built as an aggregation of security patterns. As any system architecture, regardless of the way it has been constructed, represents a system, we also consider its threats. Finally, we provide directions for research on this area.

computer science, software engineering, hardware & architecture

Serin V. Simpson,Y. Ravi Raju,K. Bhanu Rajesh Naidu,Gopika Venu

DOI: https://doi.org/10.1007/s41870-023-01467-5

2023-09-13

International Journal of Information Technology

Abstract:This study presents SECURE TRUST, a novel blockchain-enabled trust and reputation system designed to address the growing security risks associated with the proliferation of IoT devices. By leveraging blockchain technology, our system effectively evaluates the reliability of nodes in IoT networks and mitigates harmful activities. Our approach employs smart contracts to facilitate collaborative detection and mitigation of malicious behavior among nodes. Furthermore, we integrate a trust and reputation system that assigns trust ratings to nodes based on their past interactions and behavior. Our system is compatible with various hardware platforms and utilizes open-source software components. Extensive testing demonstrates that our proposed approach reliably detects and reduces security risks caused by malicious nodes, offering robust protection against unwanted activities.