Mengru Tsai,Shanhsin Lee,Shiuhpyng Winston Shieh

DOI: https://doi.org/10.1109/tr.2023.3345665

IF: 5.883

2024-03-09

IEEE Transactions on Reliability

Abstract:In recent years, due to the impact of the COVID-19 pandemic, enterprises have been forced to adapt their operation patterns to ensure resilience, transitioning from traditional office-based work to remote work from home. However, this sudden and unforeseen change has made enterprises unprepared, resulting in a dramatic increase in cybersecurity threats. The most significant challenge arises from the adjustment from working in previously trusted areas to that beyond the boundaries of protection. While employees used to work within the company's defense perimeter, malicious attacks were blocked and detected by boundary security gateways. Shifting to remote work moves employees out of the protective environment, thereby their devices connecting to the internal resources of a company become exploitable targets for threat actors, and weaknesses in the internal authentication, authorization, and access control mechanisms become evident. The zero trust architecture (ZTA) approach is primarily focused on resource protection. When users or services attempt to access resources, ZTA requires precise authentication, minimal authorization, and continuous verification (trust inference) to ensure legitimacy and authorization of the resource usage, eliminating any space for assumed or inherited trust. In this article, we will address the challenges in handling the threats and propose the strategies, implementation, and limitation of ZTA, aiming to shed light on its effectiveness and applicability in mitigating cybersecurity risks.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Mukhtar Hussain,Shantanu Pal,Zahra Jadidi,Ernest Foo,Salil Kanhere

DOI: https://doi.org/10.1109/mwc.001.2300405

IF: 12.777

2024-04-12

IEEE Wireless Communications

Abstract:Cloud computing services have become ubiquitous, and currently, every organization uses some form of cloud computing service. Furthermore, even if an organization does not allow BYOD for work, employees will still bring their own devices to manage their personal communication while at work. Moreover, in this post COVID-19 era, working from home has become common. These new trends have diminished the previously known boundary between the enterprise-owned trusted network and untrusted outside networks. Therefore, a new cybersecurity paradigm is emerging that is referred to as zero trust architecture (ZTA). A ZTA protects an enterprise infrastructure based on the principles of never trusting and always verifying. The core component of ZTA is a Zero Trust (ZT) algorithm which ensures dynamic access control and continuous monitoring to establish never trusting and always verifying principles. This article provides a novel research direction based on federated artificial intelligence to develop a ZT algorithm.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Han Zhang,Ziyan Zhang,Liquan Chen

DOI: https://doi.org/10.1016/j.dcan.2024.03.011

IF: 6.348

2024-03-01

Digital Communications and Networks

Abstract:With the introduction of 5G, users and devices can access the industrial network from anywhere in the world. Therefore, traditional perimeter-based security technologies for industrial networks can no longer work well. To solve this problem, a new security model called Zero Trust(ZT) is desired, which believes in “never trust and always verify”. Every time the asset in the industrial network is accessed, the subject is authenticated and its trustworthiness is assessed. In this way, the asset in industrial network can be well protected, whether the subject is in the internal network or the external network. However, in order to construct the zero trust model in the 5G Industrial Internet collaboration system, there are still many problems to be solved. In this paper, we first introduce the security issues in the 5G Industrial Internet collaboration system, and illustrate the zero trust architecture. Then, we analyze the gap between existing security techniques and the zero trust architecture. Finally, we discuss several potential security techniques that can be used to implement the zero trust model. The purpose of this paper is to point out the further direction for the realization of the Zero Trust Architecture(ZTA) in the 5G Industrial Internet collaboration system.

telecommunications

Xu Chen,Wei Feng,Ning Ge,Yan Zhang

DOI: https://doi.org/10.1109/mnet.2023.3326356

IF: 10.294

2023-01-01

IEEE Network

Abstract:The upcoming sixth generation (6G) network is expected to be more open and heterogeneous, posing new challenges to conventional security architectures. Traditionally, these architectures rely on the construction of a security perimeter at network boundaries. In this article, we propose a software-defined zero trust architecture (ZTA) for 6G networks, offering a promising approach to establish an elastic and scalable security regime. Our proposed architecture ensures secure access control through adaptive collaborations among control domains, effectively mitigating malicious access behaviors like distributed denial of service (DDoS) attacks, malware spread, and zero-day exploits. We also highlight key design aspects of this architecture and present simulation results from a case study that demonstrate the effectiveness and robustness of ZTA for 6G. Finally, we discuss open issues that warrant further exploration to promote and enhance this novel architecture.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

LI Linzhe,ZHOU Peilei,CHENG Peng,SHI Zhiguo

DOI: https://doi.org/10.11959/j.issn.2096-0271.2019010

2019-01-01

Abstract:Edge computing is a new type of computing models that performs computing tasks at the edge of the network.Compared with cloud computing,it can respond to user’s needs more quickly and reliably.Starting from the shortcomings of cloud computing,the concept and general architecture of edge computing were illustrated,and then two reference frameworks proposed by industry alliances were elaborated.Four challenges of edge computing and their latest research progress were summarized.With the development of theory and technology related to edge computing,it will become a key technology to promote the upgrade of Internet of things (IoT) services.For this reason,two applications of edge computing in manufacturing and security monitoring were introduced.

Mahmud Hasan

2024-10-24

Abstract:Zero Trust Architecture (ZTA) represents a transformative approach to modern cybersecurity, directly addressing the shortcomings of traditional perimeter-based security models. With the rise of cloud computing, remote work, and increasingly sophisticated cyber threats, perimeter defenses have proven ineffective at mitigating risks, particularly those involving insider threats and lateral movement within networks. ZTA shifts the security paradigm by assuming that no user, device, or system can be trusted by default, requiring continuous verification and the enforcement of least privilege access for all entities. This paper explores the key components of ZTA, such as identity and access management (IAM), micro-segmentation, continuous monitoring, and behavioral analytics, and evaluates their effectiveness in reducing vulnerabilities across diverse sectors, including finance, healthcare, and technology. Through case studies and industry reports, the advantages of ZTA in mitigating insider threats and minimizing attack surfaces are discussed. Additionally, the paper addresses the challenges faced during ZTA implementation, such as scalability, integration complexity, and costs, while providing best practices for overcoming these obstacles. Lastly, future research directions focusing on emerging technologies like AI, machine learning, blockchain, and their integration into ZTA are examined to enhance its capabilities further.

Cryptography and Security

Kaiqiang Cao,Li Zhang,Chengwei Zhou

DOI: https://doi.org/10.1109/icites53477.2021.9637063

2021-01-01

Abstract:With the growing popularity of edge computing and Industry 4.0, the Industrial Internet-of-Things (IIoT) has emerged as a promising alternative to improve the production efficiency of the manufacturing system. Among various intelligent manufacturing features, product traceability and customized service are highly desired, which not only enables the tracking of the end to end inventory to ensure high reliability, but also provides personalized characteristics to meet different customer demands. However, in tradition, such traceability or customized service are achieved at the cost additional time-consuming steps and hence incur more manufacturing cost. To address the aforementioned issues, we propose a low latency OPC-UA based IIoT system and apply that to the production line for product traceability and customized service. The designed OPC-UA is deployed at the edge gateway to effectively solve the data heterogeneity, support centralized control of network resources, and ensure low latency and high reliability of data transmission. In addition, the inter-communication mechanism among multiple devices on the same production line is improved to enable both flexibility and robustness. Experimental results on a demo production line show that the proposed architecture can help achieve both low latency and high reliability.

Fabio Federici,Davide Martintoni,Valerio Senni

DOI: https://doi.org/10.3390/electronics12030566

IF: 2.9

2023-01-22

Electronics

Abstract:This paper considers the domain of Industrial Internet of Things (IIoT) infrastructures and the recurring need for collaboration across teams and stakeholders by means of remote access. The paper describes a secure solution beyond the traditional perimeter-based security approach, which consists of an architecture that supports multi-level authorization to achieve fine-grained access control, better scalability, and maintainability. An implementation of the proposed solution, using open-source technologies, is also discussed and covers the protection of both the network and edge domains of a complex IIoT infrastructure. Finally, the paper presents a risk-driven and model-based process that is designed to support the migration of existing infrastructures to the solution architecture. The approach is validated, taking as a reference two relevant scenarios for the aerospace industry.

engineering, electrical & electronic,computer science, information systems,physics, applied

Claudio Zanasi,Silvio Russo,Michele Colajanni

DOI: https://doi.org/10.1016/j.adhoc.2024.103414

IF: 4.816

2024-04-01

Ad Hoc Networks

Abstract:The growing digitalization of industrial systems and the increasing adoption of cloud technologies pose significant challenges to the secure management of modern industrial infrastructures integrating different Industrial Internet of Things (IIoT). Existing cybersecurity solutions can manage uniform and centralized software systems but are not designed to accommodate the requirements of heterogeneous IIoT devices, such as hard real-time operations, high reliability, and decentralization for distributed decision-making. We present a novel security architecture that is specifically designed to address the stringent requirements of IIoT systems. It is based on a network micro-segmentation that can be seamlessly integrated into existing environments, and two main components: a software-defined network (SDN) ensuring a unified abstraction layer for policy enforcement across diverse environments; and a centralized security management layer that simplifies the policy execution of any architectural design. We demonstrate the feasibility and effects of this original combination through a prototype. It experimentally demonstrates that our peer-to-peer SDN coupled with an asynchronous policy distribution process guarantees resiliency to individual failures, and enables fully decentralized operations while still ensuring a central flexible management of network topology and security policies.

computer science, information systems,telecommunications

Wenhua Huang,Xuemin Xie,Ziying Wang,JingYu Feng,Gang Han,Wenbo Zhang

DOI: https://doi.org/10.1016/j.adhoc.2023.103161

IF: 4.816

2023-03-26

Ad Hoc Networks

Abstract:With the rapid development of information technologies in the power industry, a large number of power devices are connected to the Internet, and thus expand the exposure. Attackers could control some devices with weak security capabilities as compromised devices to penetrate the power Internet of Things (IoT). Traditional access control schemes assume that internal devices are trusted in power IoT environments, thus giving the chance of compromised devices to steal sensitive data. In this paper, we propose a combining zero trust access control and attribute-based encryption scheme against compromised devices in Power IoT environments. In order to protect the privacy information, we hide part of the access policy to ensure that the data owner verifies the attribute set of access entities without knowing the complete access policy structure. Meanwhile, we continuously monitor the network behavior of the access entities, and calculate their trust value in real-time, which can avoid access entities with unauthorized attribute sets and abnormal network behavior to gain access permissions. The security analysis shows that our scheme is resistant to malicious access entities including dishonest users and compromised devices. The simulation results show that our scheme can reduce the time cost and increase the interception rate of malicious access entities.

computer science, information systems,telecommunications

Eduardo B. Fernandez,Andrei Brazhuk

DOI: https://doi.org/10.1016/j.csi.2024.103832

IF: 3.721

2024-01-12

Computer Standards & Interfaces

Abstract:Zero Trust (ZT) has become a very hot approach for building secure systems, promoted by industry and government as a new way to produce systems with a high degree of security. ZT is based on not trusting any request for accessing resources. Because of the possibility of increasing the security of enterprise systems there has been a large amount of publication on different aspects of this strategy. It is then important to evaluate if its claims are true. We have used security patterns to design and evaluate security architectures and we apply here this method to analyze the expectations of this strategy. We relate the ideas behind ZT to the accumulated knowledge of security and attempt to answer some questions about the value and possibilities of this technology. In general, industry publications are vague about the technical aspects of these systems, ignore past security knowledge, and there are few reports describing actual experience building and using ZT architectures. Is Zero Trust Architecture (ZTA) the ideal architecture to build secure systems? To obtain a deeper understanding of this architecture, we analyze its pattern structure and provide a sketch of its reference architecture built as an aggregation of security patterns. As any system architecture, regardless of the way it has been constructed, represents a system, we also consider its threats. Finally, we provide directions for research on this area.

computer science, software engineering, hardware & architecture

Abraham Itzhak Weinberg,Kelly Cohen

2024-01-18

Abstract:This paper presents a comprehensive analysis of the shift from the traditional perimeter model of security to the Zero Trust (ZT) framework, emphasizing the key points in the transition and the practical application of ZT. It outlines the differences between ZT policies and legacy security policies, along with the significant events that have impacted the evolution of ZT. Additionally, the paper explores the potential impacts of emerging technologies, such as Artificial Intelligence (AI) and quantum computing, on the policy and implementation of ZT. The study thoroughly examines how AI can enhance ZT by utilizing Machine Learning (ML) algorithms to analyze patterns, detect anomalies, and predict threats, thereby improving real-time decision-making processes. Furthermore, the paper demonstrates how a chaos theory-based approach, in conjunction with other technologies like eXtended Detection and Response (XDR), can effectively mitigate cyberattacks. As quantum computing presents new challenges to ZT and cybersecurity as a whole, the paper delves into the intricacies of ZT migration, automation, and orchestration, addressing the complexities associated with these aspects. Finally, the paper provides a best practice approach for the seamless implementation of ZT in organizations, laying out the proposed guidelines to facilitate organizations in their transition towards a more secure ZT model. The study aims to support organizations in successfully implementing ZT and enhancing their cybersecurity measures.

Cryptography and Security

Wenlong Zhu,Changli Zhou,Linmei Jiang

DOI: https://doi.org/10.3390/electronics13061026

IF: 2.9

2024-03-09

Electronics

Abstract:With the rapid popularization of current Internet of Things (IoT) technology and 5G networks, as well as the continuous updating of new service lifestyles and businesses, the era of big data processing for the IoT has arrived. However, centralizing all data for processing in the cloud can lead to issues such as communication latency and privacy breaches. To solve these problems, edge computing, as a new network architecture close to terminal data sources and supporting low latency services, has gradually emerged. In this context, cloud edge collaborative computing has become an important network architecture. With the changing security requirements and communication methods of cloud edge collaborative network architecture, traditional authentication key agreement protocols are no longer applicable. Therefore, a new IoT authentication and key agreement protocol needs to be designed to solve this problem. This study proposes an IoT accessible solution for cloud edge collaboration. This scheme adopts a chaotic mapping algorithm to achieve efficient authentication. It ensures the anonymity and untraceability of users. Following this, we conducted strict security verification using BAN logic and Scyther tools. Through experimental comparative analysis, the research results show that the protocol performs better than other schemes while ensuring security. This indicates that the protocol can achieve efficient authentication and key negotiation in cloud edge collaborative network architecture, providing a secure and reliable solution for the accessibility of the IoT.

engineering, electrical & electronic,computer science, information systems,physics, applied

Siwei Li,Hui Zhang,Hui Shi,Maode Ma,Cong Wang

DOI: https://doi.org/10.1007/s11227-024-06262-y

IF: 3.3

2024-06-04

The Journal of Supercomputing

Abstract:The distributed authentication of a large number of resource-constrained power terminal devices (PTDs) is crucial for ensuring the security of the power IoT communication. However, existing solutions are inadequate in terms of security (such as vulnerability to single point failures or insider attacks) and communication costs, which do not meet the requirements of the power IoT environment. Therefore, we propose a zero-trust-based mutual authentication scheme in cloud-edge-end collaboration power IoT environment based on blockchain technology. The proposed solution involves deploying a distributed multi-point zero-trust engine around dense PTDs to collect real-time identity information. Through the maintenance of an alliance blockchain, the edge server securely shares and traces identity information, preventing tampering and effectively blocking threats related to lost terminals during authentication. Additionally, a lightweight ECC key management scheme ensures the security of authentication information. The proposed scheme effectively defends against common attacks such as replay attacks and identity forgery attacks through informal security analysis, while its security is evaluated using the Canetti and Krawczyk (CK) adversary models. Performance evaluation results demonstrate that the proposed scheme achieves effectiveness without the compromising required security attributes, which obtains up to 58% improvement 58% improvement in computation delay and a 56.9% improvement in communication costs over previous state-of-the-art methods.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Liping Xie,Weichao Wang,Yu Wang

DOI: https://doi.org/10.1109/icc.2019.8761810

2019-01-01

Abstract:Cloud manufacturing (CM) is an open and service-oriented platform that virtualizes distributed design, machining, and assembly resources together in order to provide a seamless, adaptive, and high quality transaction of manufacturing procedures. Despite the results in resource discovery and planning, the research in robustness and security of the systems falls behind in many aspects. The lack of such knowledge puts a serious challenge for the wide deployment and adoption of cloud manufacturing which is naturally connected to the Internet and exposed to cyber attacks. To bridge this gap, we study a specific type of equipment contention attack in cloud manufacturing. Through requesting extra shares of scarce resources, an attacker can gain advantage in competition with other users and reduce the efficiency of the overall system. We design a mechanism to mitigate such attacks through measuring the remaining machining capabilities in the cloud. The cloud administrator can control cost difference between the attacker and subsequent service requesters. Simulations of a mid-size city manufacturing cloud are conducted and the results show that our approach will incur low increases in cost for benign users while discouraging the equipment contention attacks.

Shiva Raj Pokhrel,Luxing Yang,Sutharshan Rajasegarar,Gang Li

2024-06-25

Abstract:This paper introduces a robust zero-trust architecture (ZTA) tailored for the decentralized system that empowers efficient remote work and collaboration within IoT networks. Using blockchain-based federated learning principles, our proposed framework includes a robust aggregation mechanism designed to counteract malicious updates from compromised clients, enhancing the security of the global learning process. Moreover, secure and reliable trust computation is essential for remote work and collaboration. The robust ZTA framework integrates anomaly detection and trust computation, ensuring secure and reliable device collaboration in a decentralized fashion. We introduce an adaptive algorithm that dynamically adjusts to varying user contexts, using unsupervised clustering to detect novel anomalies, like zero-day attacks. To ensure a reliable and scalable trust computation, we develop an algorithm that dynamically adapts to varying user contexts by employing incremental anomaly detection and clustering techniques to identify and share local and global anomalies between nodes. Future directions include scalability improvements, Dirichlet process for advanced anomaly detection, privacy-preserving techniques, and the integration of post-quantum cryptographic methods to safeguard against emerging quantum threats.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Machine Learning

Rongkai Wang,Luyue Ji,Tong Ren,Shibo He,Zhiguo Shi

DOI: https://doi.org/10.1109/indin45582.2020.9442203

2020-01-01

Abstract:Industrial Internet of Things (IIoT) as an emerging and prospective paradigm, has great potential to significantly improve production efficiency of manufacturing systems. An open data exchange standard, namely OPCUA, has been proposed for the IIoT systems to provide semantic interoperability over heterogeneous devices. However, a mass of traditional devices that do not support OPC UA, are still operating in legacy automation systems. To address this problem, in this paper, we propose a three-layer IIoT architecture for manufacturing system, which combines OPC UA-based gateways and Time-Sensitive Software-Defined Networking (TSSDN) switches to realize the efficient and reliable communication. The OPC UA is adopted to realize the interoperability of heterogeneous devices and the TSSDN achieves centralized control of network resources and flexible configuration in real-time industrial networks. Finally, we design a smart factory test bed, to evaluate the applicability of the proposed system architecture, in which we implement the information model and data transmission based on OPC UA.

Belal Ali,Mark A. Gregory,Shuo Li,Omar Amjad Dib

DOI: https://doi.org/10.1016/j.comnet.2024.110197

IF: 5.493

2024-02-05

Computer Networks

Abstract:This paper proposes an efficient trust-aware authentication and task offloading scheme for Multi-Access Edge Computing (MEC) using the Zero Trust Security (ZTS) principles. The proposed method uses a dual fuzzy logic system to evaluate the trustworthiness of edge servers. Devices connected to the edge servers are authenticated using identity, biometrics and Physical Unclonable Function (PUF) measures. After authentication, tasks can be offloaded from the devices to the most trustworthy edge server. The proposed scheme also considers the resource constraints of the edge servers and aims to minimise the overall task completion time. The experimental results show that the proposed scheme outperforms existing schemes regarding authentication accuracy, task completion time, and energy consumption.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yuanhang He,Daochao Huang,Lei Chen,Yi Ni,Xiangjie Ma

DOI: https://doi.org/10.1155/2022/6476274

2022-06-16

Wireless Communications and Mobile Computing

Abstract:The traditional perimeter-based network protection model cannot adapt to the development of current technology. Zero trust is a new type of network security model, which is based on the concept of never trust and always verify. Whether the access subject is in the internal network or the external network, it needs to be authenticated to access resources. The zero trust model has received extensive attention in research and practice because it can meet the new network security requirements. However, the application of zero trust is still in its infancy, and enterprises, organizations, and individuals are not fully aware of the advantages and disadvantages of zero trust, which greatly hinders the application of zero trust. This paper introduces the existing zero trust architecture and analyzes the core technologies including identity authentication, access control, and trust assessment, which are mainly relied on in the zero trust architecture. The main solutions under each technology are compared and analyzed to summarize the advantages and disadvantages, as well as the current challenges and future research trends. Our goal is to provide support for the research and application of future zero trust architectures.

computer science, information systems,telecommunications,engineering, electrical & electronic

Baozhan Chen,Siyuan Qiao,Jie Zhao,Dongqing Liu,Xiaobing Shi,Minzhao Lyu,Haotian Chen,Huimin Lu,Yunkai Zhai

DOI: https://doi.org/10.1109/jiot.2020.3041042

IF: 10.6

2021-07-01

IEEE Internet of Things Journal

Abstract:The key features of 5G network (i.e., high bandwidth, low latency, and high concurrency) along with the capability of supporting big data platforms with high mobility make it valuable in coping with emerging medical needs, such as COVID-19 and future healthcare challenges. However, enforcing the security aspect of a 5G-based smart healthcare system that hosts critical data and services is becoming more urgent and critical. Passive security mechanisms (e.g., data encryption and isolation) used in legacy medical platforms cannot provide sufficient protection for a healthcare system that is deployed in a distributed manner and fail to meet the need for data/service sharing across "cloud-edge-terminal" in the 5G era. In this article, we propose a security awareness and protection system that leverages zero-trust architecture for a 5G-based smart medical platform. Driven by the four key dimensions of 5G smart healthcare including "subject" (i.e., users, terminals, and applications), "object" (i.e., data, platforms, and services), "behavior," and "environment," our system constructs trustable dynamic access control models and achieves real-time network security situational awareness, continuous identity authentication, analysis of access behavior, and fine-grained access control. The proposed security system is implemented and tested thoroughly at industrial-grade, which proves that it satisfies the needs of active defense and end-to-end security enforcement of data, users, and services involved in a 5G-based smart medical system.

computer science, information systems,telecommunications,engineering, electrical & electronic