Priya Parameswarappa,

DOI: https://doi.org/10.55083/irjeas.2022.v10i03013

2022-09-04

Abstract:Model-based security metrics are an emerging topic of cyber security research that focuses on assessing an information system's risk exposure. We propose an end-to-end solution with the deployment of a zero-trust network utilising Artificial Intelligence in this article to understand the security posture of a system before it is rolled out and as it matures. The major part contains a discussion about the key methods and techniques which was utilized in the development process and simplified operation principles of each developed process. Some developed processes were tested practically to evaluate the problems in the processes. Modules for automatic processing and data analysis were also developed. These modules can be connected in case it is needed. The most important data collection methods were benchmarked to detect problematic situations in the operation in different realistic situations. With the perception from the benchmark test, the problematic parts of the data collection were discovered and proposals for the solution were made which could be developed and tested in the next iterations of the development process. Working Artificial intelligence-based detection and data enrichment methods were created. The results of the article allow multiple continuous research and development projects related to data collection and data analysis with statistical and artificial intelligence-based methods.

Nitesh Kumar,Gaurav S. Kasbekar,D. Manjunath

DOI: https://doi.org/10.1145/3595244.3595247

2023-04-26

ACM SIGMETRICS Performance Evaluation Review

Abstract:Traditionally, security systems for enterprises have implicit access based on strong cryptography, authentication and key sharing, wherein access control is based on Role Based Access Control (RBAC), in which roles such as manager, accountant and so on provide a way of deciding a subject's authority. However, years of post-attack analysis on enterprise networks has shown that a majority of times, security breaches occur intentionally or accidently due to implicitly trusted people of an enterprise itself. Zero Trust Architecture works on the principle of never granting trust implicitly, but rather continuously evaluating the trust parameters for each resource access request and has a strict, but not rigid, set of protocols for access control of a subject to resources. Endpoint Detection and Response (EDR) systems are tools that collect a large number of attributes in and around machines within an enterprise network to have close visibility into sophisticated intrusion. In our work, we seek to deploy EDR systems and build trust algorithms using tactical provenance analysis, threshold cryptography and reputation management to continuously record data, evaluate trust of a subject, and simultaneously analyze them against a database of known threat vectors to provide conditional access control. However, EDR tools generate a high volume of data that leads to false alarms, misdetections and correspondingly a high backlog of tasks that makes it infeasible, which is addressed using tactical provenance analysis and information theory.

English Else

Abraham Itzhak Weinberg,Kelly Cohen

2024-01-18

Abstract:This paper presents a comprehensive analysis of the shift from the traditional perimeter model of security to the Zero Trust (ZT) framework, emphasizing the key points in the transition and the practical application of ZT. It outlines the differences between ZT policies and legacy security policies, along with the significant events that have impacted the evolution of ZT. Additionally, the paper explores the potential impacts of emerging technologies, such as Artificial Intelligence (AI) and quantum computing, on the policy and implementation of ZT. The study thoroughly examines how AI can enhance ZT by utilizing Machine Learning (ML) algorithms to analyze patterns, detect anomalies, and predict threats, thereby improving real-time decision-making processes. Furthermore, the paper demonstrates how a chaos theory-based approach, in conjunction with other technologies like eXtended Detection and Response (XDR), can effectively mitigate cyberattacks. As quantum computing presents new challenges to ZT and cybersecurity as a whole, the paper delves into the intricacies of ZT migration, automation, and orchestration, addressing the complexities associated with these aspects. Finally, the paper provides a best practice approach for the seamless implementation of ZT in organizations, laying out the proposed guidelines to facilitate organizations in their transition towards a more secure ZT model. The study aims to support organizations in successfully implementing ZT and enhancing their cybersecurity measures.

Cryptography and Security

Yunfei Ge,Quanyan Zhu

2023-12-06

Abstract:The increased connectivity and potential insider threats make traditional network defense vulnerable. Instead of assuming that everything behind the security perimeter is safe, the zero-trust security model verifies every incoming request before granting access. This chapter draws attention to the cyber resilience within the zero-trust model. We introduce the evolution from traditional perimeter-based security to zero trust and discuss their difference. Two key elements of the zero-trust engine are trust evaluation (TE) and policy engine (PE). We introduce the design of the two components and discuss how their interplay would contribute to cyber resilience. Dynamic game theory and learning are applied as quantitative approaches to achieve automated zero-trust cyber resilience. Several case studies and implementations are introduced to illustrate the benefits of such a security model.

Cryptography and Security,Computer Science and Game Theory

Zhiqiang Wang,Xinyue Yu,Peiyang Xue,Yunhan Qu,Lei Ju

DOI: https://doi.org/10.3390/s23073774

2023-04-06

Abstract:With the rapid development of Internet of Things technology, cloud computing, and big data, the combination of medical systems and information technology has become increasingly close. However, the emergence of intelligent medical systems has brought a series of network security threats and hidden dangers, including data leakage and remote attacks, which can directly threaten patients' lives. To ensure the security of medical information systems and expand the application of zero trust in the medical field, we combined the medical system with the zero-trust security system to propose a zero-trust medical security system. In addition, in its dynamic access control module, based on the RBAC model and the calculation of user behavior risk value and trust, an access control model based on subject behavior evaluation under zero-trust conditions (ABEAC) was designed to improve the security of medical equipment and data. Finally, the feasibility of the system is verified through a simulation experiment.

Mahmud Hasan

2024-10-24

Abstract:Zero Trust Architecture (ZTA) represents a transformative approach to modern cybersecurity, directly addressing the shortcomings of traditional perimeter-based security models. With the rise of cloud computing, remote work, and increasingly sophisticated cyber threats, perimeter defenses have proven ineffective at mitigating risks, particularly those involving insider threats and lateral movement within networks. ZTA shifts the security paradigm by assuming that no user, device, or system can be trusted by default, requiring continuous verification and the enforcement of least privilege access for all entities. This paper explores the key components of ZTA, such as identity and access management (IAM), micro-segmentation, continuous monitoring, and behavioral analytics, and evaluates their effectiveness in reducing vulnerabilities across diverse sectors, including finance, healthcare, and technology. Through case studies and industry reports, the advantages of ZTA in mitigating insider threats and minimizing attack surfaces are discussed. Additionally, the paper addresses the challenges faced during ZTA implementation, such as scalability, integration complexity, and costs, while providing best practices for overcoming these obstacles. Lastly, future research directions focusing on emerging technologies like AI, machine learning, blockchain, and their integration into ZTA are examined to enhance its capabilities further.

Cryptography and Security

Mukhtar Hussain,Shantanu Pal,Zahra Jadidi,Ernest Foo,Salil Kanhere

DOI: https://doi.org/10.1109/mwc.001.2300405

IF: 12.777

2024-04-12

IEEE Wireless Communications

Abstract:Cloud computing services have become ubiquitous, and currently, every organization uses some form of cloud computing service. Furthermore, even if an organization does not allow BYOD for work, employees will still bring their own devices to manage their personal communication while at work. Moreover, in this post COVID-19 era, working from home has become common. These new trends have diminished the previously known boundary between the enterprise-owned trusted network and untrusted outside networks. Therefore, a new cybersecurity paradigm is emerging that is referred to as zero trust architecture (ZTA). A ZTA protects an enterprise infrastructure based on the principles of never trusting and always verifying. The core component of ZTA is a Zero Trust (ZT) algorithm which ensures dynamic access control and continuous monitoring to establish never trusting and always verifying principles. This article provides a novel research direction based on federated artificial intelligence to develop a ZT algorithm.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Charalampos Katsis,Elisa Bertino

2024-11-22

Abstract:Zero Trust (ZT) is a security paradigm aiming to curtail an attacker's lateral movements within a network by implementing least-privilege and per-request access control policies. However, its widespread adoption is hindered by the difficulty of generating proper rules due to the lack of detailed knowledge of communication requirements and the characteristic behaviors of communicating entities under benign conditions. Consequently, manual rule generation becomes cumbersome and error-prone. To address these problems, we propose ZT-SDN, an automated framework for learning and enforcing network access control in Software-Defined Networks. ZT-SDN collects data from the underlying network and models the network "transactions" performed by communicating entities as graphs. The nodes represent entities, while the directed edges represent transactions identified by different protocol stacks observed. It uses novel unsupervised learning approaches to extract transaction patterns directly from the network data, such as the allowed protocol stacks and port numbers and data transmission behavior. Finally, ZT-SDN uses an innovative approach to generate correct access control rules and infer strong associations between them, allowing proactive rule deployment in forwarding devices. We show the framework's efficacy in detecting abnormal network accesses and abuses of permitted flows in changing network conditions with real network datasets. Additionally, we showcase ZT-SDN's scalability and the network's performance when applied in an SDN environment.

Cryptography and Security

Mengru Tsai,Shanhsin Lee,Shiuhpyng Winston Shieh

DOI: https://doi.org/10.1109/tr.2023.3345665

IF: 5.883

2024-03-09

IEEE Transactions on Reliability

Abstract:In recent years, due to the impact of the COVID-19 pandemic, enterprises have been forced to adapt their operation patterns to ensure resilience, transitioning from traditional office-based work to remote work from home. However, this sudden and unforeseen change has made enterprises unprepared, resulting in a dramatic increase in cybersecurity threats. The most significant challenge arises from the adjustment from working in previously trusted areas to that beyond the boundaries of protection. While employees used to work within the company's defense perimeter, malicious attacks were blocked and detected by boundary security gateways. Shifting to remote work moves employees out of the protective environment, thereby their devices connecting to the internal resources of a company become exploitable targets for threat actors, and weaknesses in the internal authentication, authorization, and access control mechanisms become evident. The zero trust architecture (ZTA) approach is primarily focused on resource protection. When users or services attempt to access resources, ZTA requires precise authentication, minimal authorization, and continuous verification (trust inference) to ensure legitimacy and authorization of the resource usage, eliminating any space for assumed or inherited trust. In this article, we will address the challenges in handling the threats and propose the strategies, implementation, and limitation of ZTA, aiming to shed light on its effectiveness and applicability in mitigating cybersecurity risks.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Eduardo B. Fernandez,Andrei Brazhuk

DOI: https://doi.org/10.1016/j.csi.2024.103832

IF: 3.721

2024-01-12

Computer Standards & Interfaces

Abstract:Zero Trust (ZT) has become a very hot approach for building secure systems, promoted by industry and government as a new way to produce systems with a high degree of security. ZT is based on not trusting any request for accessing resources. Because of the possibility of increasing the security of enterprise systems there has been a large amount of publication on different aspects of this strategy. It is then important to evaluate if its claims are true. We have used security patterns to design and evaluate security architectures and we apply here this method to analyze the expectations of this strategy. We relate the ideas behind ZT to the accumulated knowledge of security and attempt to answer some questions about the value and possibilities of this technology. In general, industry publications are vague about the technical aspects of these systems, ignore past security knowledge, and there are few reports describing actual experience building and using ZT architectures. Is Zero Trust Architecture (ZTA) the ideal architecture to build secure systems? To obtain a deeper understanding of this architecture, we analyze its pattern structure and provide a sketch of its reference architecture built as an aggregation of security patterns. As any system architecture, regardless of the way it has been constructed, represents a system, we also consider its threats. Finally, we provide directions for research on this area.

computer science, software engineering, hardware & architecture

Yuanhang He,Daochao Huang,Lei Chen,Yi Ni,Xiangjie Ma

DOI: https://doi.org/10.1155/2022/6476274

2022-06-16

Wireless Communications and Mobile Computing

Abstract:The traditional perimeter-based network protection model cannot adapt to the development of current technology. Zero trust is a new type of network security model, which is based on the concept of never trust and always verify. Whether the access subject is in the internal network or the external network, it needs to be authenticated to access resources. The zero trust model has received extensive attention in research and practice because it can meet the new network security requirements. However, the application of zero trust is still in its infancy, and enterprises, organizations, and individuals are not fully aware of the advantages and disadvantages of zero trust, which greatly hinders the application of zero trust. This paper introduces the existing zero trust architecture and analyzes the core technologies including identity authentication, access control, and trust assessment, which are mainly relied on in the zero trust architecture. The main solutions under each technology are compared and analyzed to summarize the advantages and disadvantages, as well as the current challenges and future research trends. Our goal is to provide support for the research and application of future zero trust architectures.

computer science, information systems,telecommunications,engineering, electrical & electronic

Leonard Bradatsch,Oleksandr Miroshkin,Natasa Trkulja,Frank Kargl

DOI: https://doi.org/10.48550/arXiv.2402.08299

2024-02-13

Abstract:Zero Trust security has recently gained attention in enterprise network security. One of its key ideas is making network-level access decisions based on trust scores. However, score-based access control in the enterprise domain still lacks essential elements in our understanding, and in this paper, we contribute with respect to three crucial aspects. First, we provide a comprehensive list of 29 trust attributes that can be used to calculate a trust score. By introducing a novel mathematical approach, we demonstrate how to quantify these attributes. Second, we describe a dynamic risk-based method to calculate the trust threshold the trust score must meet for permitted access. Third, we introduce a novel trust algorithm based on Subjective Logic that incorporates the first two contributions and offers fine-grained decision possibilities. We discuss how this algorithm shows a higher expressiveness compared to a lightweight additive trust algorithm. Performance-wise, a prototype of the Subjective Logic-based approach showed similar calculation times for making an access decision as the additive approach. In addition, the dynamic threshold calculation showed only 7% increased decision-making times compared to a static threshold.

Cryptography and Security

Shiva Raj Pokhrel,Luxing Yang,Sutharshan Rajasegarar,Gang Li

2024-06-25

Abstract:This paper introduces a robust zero-trust architecture (ZTA) tailored for the decentralized system that empowers efficient remote work and collaboration within IoT networks. Using blockchain-based federated learning principles, our proposed framework includes a robust aggregation mechanism designed to counteract malicious updates from compromised clients, enhancing the security of the global learning process. Moreover, secure and reliable trust computation is essential for remote work and collaboration. The robust ZTA framework integrates anomaly detection and trust computation, ensuring secure and reliable device collaboration in a decentralized fashion. We introduce an adaptive algorithm that dynamically adjusts to varying user contexts, using unsupervised clustering to detect novel anomalies, like zero-day attacks. To ensure a reliable and scalable trust computation, we develop an algorithm that dynamically adapts to varying user contexts by employing incremental anomaly detection and clustering techniques to identify and share local and global anomalies between nodes. Future directions include scalability improvements, Dirichlet process for advanced anomaly detection, privacy-preserving techniques, and the integration of post-quantum cryptographic methods to safeguard against emerging quantum threats.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Machine Learning

Britta Hale,Ryan Arlitt,Nikolaos Papakonstantinou,Douglas Van Bossuyt

DOI: https://doi.org/10.1115/1.4062597

IF: 2.3

2023-05-23

Journal of Computing and Information Science in Engineering

Abstract:Abstract In an age of worsening global threat landscape and accelerating uncertainty, the design and manufacture of systems must increase resilience and robustness across both the system itself and the entire systems design process. We generally trust our colleagues after initial clearance/background checks; and systems to function as intended and within operating parameters after safety engineering review, verification, validation, and/or system qualification testing. This approach has led to increased insider threat impacts; thus we suggest moving to the “trust, but verify” approach embodied by the Zero-Trust paradigm. Zero-Trust is increasingly adopted for network security but has not seen wide adoption in systems design and operation. Achieving the goal of Zero-Trust throughout the systems lifecycle will help to ensure that no single bad actor -- whether human or machine learning / artificial intelligence (ML/AI) -- can induce failure anywhere in a system's lifecycle. Additionally, while ML/AI and their associated risks are already entrenched within the operations phase of many systems' lifecycles, ML/AI is gaining traction during the design phase. For example, generative design algorithms are increasingly popular but there is less understanding of potential risks. Adopting the Zero-Trust philosophy helps ensure robust and resilient design, manufacture, operations, maintenance, upgrade, and disposal of systems. We outline the rewards and challenges of implementing Zero-Trust and propose the Framework for Zero-Trust for the System Design Lifecycle. The paper highlights several areas of ongoing research with focus on high priority areas where the community should focus efforts.

engineering, manufacturing,computer science, interdisciplinary applications

Vasilios Mavroudis

2024-10-28

Abstract:Zero-Trust Network Access (ZTNA) marks a significant shift in network security by adopting a "never trust, always verify" approach. This work provides an in-depth analysis of ZTNA, offering a comprehensive framework for understanding its principles, architectures, and applications. We discuss its role in securing modern, complex network environments, which include cloud platforms, Internet of Things (IoT) devices, and hybrid enterprise networks. Our objective is to create a key resource for researchers and practitioners by reviewing critical methodologies, analyzing current implementations, and highlighting open challenges and research directions.

Cryptography and Security,Networking and Internet Architecture

Li Yang,Mirna El Rajab,Abdallah Shami,Sami Muhaidat

DOI: https://doi.org/10.1109/tnsm.2024.3376631

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Zero-Touch Networks (ZTNs) represent a state-of-the-art paradigm shift towards fully automated and intelligent network management, enabling the automation and intelligence required to manage the complexity, scale, and dynamic nature of next-generation (6G) networks. ZTNs leverage Artificial Intelligence (AI) and Machine Learning (ML) to enhance operational efficiency, support intelligent decision-making, and ensure effective resource allocation. However, the implementation of ZTNs is subject to security challenges that need to be resolved to achieve their full potential. In particular, two critical challenges arise: the need for human expertise in developing AI/ML-based security mechanisms, and the threat of adversarial attacks targeting AI/ML models. In this survey paper, we provide a comprehensive review of current security issues in ZTNs, emphasizing the need for advanced AI/ML-based security mechanisms that require minimal human intervention and protect AI/ML models themselves. Furthermore, we explore the potential of Automated ML (AutoML) technologies in developing robust security solutions for ZTNs. Through case studies, we illustrate practical approaches to securing ZTNs against both conventional and AI/ML-specific threats, including the development of autonomous intrusion detection systems and strategies to combat Adversarial ML (AML) attacks. The paper concludes with a discussion of the future research directions for the development of ZTN security approaches.

computer science, information systems

Xian Guo,Hongbo Xian,Tao Feng,Yongbo Jiang,Di Zhang,Junli Fang

DOI: https://doi.org/10.7717/peerj-cs.1674

2023-11-17

Abstract:Software-defined networking (SDN) faces many of the same security threats as traditional networks. The separation of the SDN control plane and data plane makes the controller more vulnerable to cyber attacks. The conventional "perimeter defense" network security model cannot prevent lateral movement attacks caused by malicious insider users or hardware and software vulnerabilities. The "zero trust architecture" has become a new security network model to protect enterprise network security. In this article, we propose an intelligent zero-trust security framework IZTSDN for the software-defined networking by integrating deep learning and zero-trust architecture, which adopts zero-trust architecture to protect every resource and network connection in the network. IZTSDN uses a traffic anomaly detection mode CALSeq2Seql based on a deep learning algorithm to analyze users' network behavior in real-time and achieve continuous tracking and analysis of users, restrict malicious users from accessing network resources, and realize the dynamic authorization process. Finally, the Mininet simulation platform is extended to build the simulation platform MiniIZTA supporting zero-trust architecture and the proposed security framework IZTSDN is experimentally analyzed. The experimental results show that the IZTSDN security framework can provide about 80.5% of throughput when the network is attacked. The accuracy of abnormal traffic detection reaches 99.56% on the SDN dataset, which verifies that the reliability and availability of the IZTSDN security framework are verified.

Poonam Dhiman,Neha Saini,Yonis Gulzar,Sherzod Turaev,Amandeep Kaur,Khair Ul Nisa,Yasir Hamid

DOI: https://doi.org/10.3390/s24041328

IF: 3.9

2024-02-19

Sensors

Abstract:The Zero Trust safety architecture emerged as an intriguing approach for overcoming the shortcomings of standard network security solutions. This extensive survey study provides a meticulous explanation of the underlying principles of Zero Trust, as well as an assessment of the many strategies and possibilities for effective implementation. The survey begins by examining the role of authentication and access control within Zero Trust Architectures, and subsequently investigates innovative authentication, as well as access control solutions across different scenarios. It more deeply explores traditional techniques for encryption, micro-segmentation, and security automation, emphasizing their importance in achieving a secure Zero Trust environment. Zero Trust Architecture is explained in brief, along with the Taxonomy of Zero Trust Network Features. This review article provides useful insights into the Zero Trust paradigm, its approaches, problems, and future research objectives for scholars, practitioners, and policymakers. This survey contributes to the growth and implementation of secure network architectures in critical infrastructures by developing a deeper knowledge of Zero Trust.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Lampis Alevizos,Vinh Thong Ta,Max Hashem Eiza

DOI: https://doi.org/10.1002/spy2.191

2021-11-16

Abstract:With the purpose of defending against lateral movement in today's borderless networks, Zero Trust Architecture (ZTA) adoption is gaining momentum. With a full scale ZTA implementation, it is unlikely that adversaries will be able to spread through the network starting from a compromised endpoint. However, the already authenticated and authorised session of a compromised endpoint can be leveraged to perform limited, though malicious, activities ultimately rendering the endpoints the Achilles heel of ZTA. To effectively detect such attacks, distributed collaborative intrusion detection systems with an attack scenario-based approach have been developed. Nonetheless, Advanced Persistent Threats (APTs) have demonstrated their ability to bypass this approach with a high success ratio. As a result, adversaries can pass undetected or potentially alter the detection logging mechanisms to achieve a stealthy presence. Recently, blockchain technology has demonstrated solid use cases in the cyber security domain. In this paper, motivated by the convergence of ZTA and blockchain-based intrusion detection and prevention, we examine how ZTA can be augmented onto endpoints. Namely, we perform a state-of-the-art review of ZTA models, real-world architectures with a focus on endpoints, and blockchain-based intrusion detection systems. We discuss the potential of blockchain's immutability fortifying the detection process and identify open challenges as well as potential solutions and future directions.

Cryptography and Security

Heng Zhang,Yinchu Wang,Yawen Xue,Ruilong Deng,Hongran Li,Jian Zhang

DOI: https://doi.org/10.23919/ccc63176.2024.10662787

2024-01-01

Abstract:Industrial network control systems (INCSs) are easy to be targeted by attackers due to their high economic value. Most of the existing defense methods are deployed at the network boundary, which causes high-security risks to INCS once an attacker enters the system. In addition, many existing intrusion detection systems (IDSs) build detection models based on historical data. When INCS lacks sufficient historical data, it is difficult to build detection models with high accuracy. In this paper, we propose a trust assessment model for INCS based on Fourier series fitting employing concept of zero trust to assess the real-time trust of INCS. The model alerts when INCS has low trust. We test two data injection attacks in the experiment to prove the effectiveness of our approach.