Mahmud Hasan

2024-10-24

Abstract:Zero Trust Architecture (ZTA) represents a transformative approach to modern cybersecurity, directly addressing the shortcomings of traditional perimeter-based security models. With the rise of cloud computing, remote work, and increasingly sophisticated cyber threats, perimeter defenses have proven ineffective at mitigating risks, particularly those involving insider threats and lateral movement within networks. ZTA shifts the security paradigm by assuming that no user, device, or system can be trusted by default, requiring continuous verification and the enforcement of least privilege access for all entities. This paper explores the key components of ZTA, such as identity and access management (IAM), micro-segmentation, continuous monitoring, and behavioral analytics, and evaluates their effectiveness in reducing vulnerabilities across diverse sectors, including finance, healthcare, and technology. Through case studies and industry reports, the advantages of ZTA in mitigating insider threats and minimizing attack surfaces are discussed. Additionally, the paper addresses the challenges faced during ZTA implementation, such as scalability, integration complexity, and costs, while providing best practices for overcoming these obstacles. Lastly, future research directions focusing on emerging technologies like AI, machine learning, blockchain, and their integration into ZTA are examined to enhance its capabilities further.

Cryptography and Security

Mengru Tsai,Shanhsin Lee,Shiuhpyng Winston Shieh

DOI: https://doi.org/10.1109/tr.2023.3345665

IF: 5.883

2024-03-09

IEEE Transactions on Reliability

Abstract:In recent years, due to the impact of the COVID-19 pandemic, enterprises have been forced to adapt their operation patterns to ensure resilience, transitioning from traditional office-based work to remote work from home. However, this sudden and unforeseen change has made enterprises unprepared, resulting in a dramatic increase in cybersecurity threats. The most significant challenge arises from the adjustment from working in previously trusted areas to that beyond the boundaries of protection. While employees used to work within the company's defense perimeter, malicious attacks were blocked and detected by boundary security gateways. Shifting to remote work moves employees out of the protective environment, thereby their devices connecting to the internal resources of a company become exploitable targets for threat actors, and weaknesses in the internal authentication, authorization, and access control mechanisms become evident. The zero trust architecture (ZTA) approach is primarily focused on resource protection. When users or services attempt to access resources, ZTA requires precise authentication, minimal authorization, and continuous verification (trust inference) to ensure legitimacy and authorization of the resource usage, eliminating any space for assumed or inherited trust. In this article, we will address the challenges in handling the threats and propose the strategies, implementation, and limitation of ZTA, aiming to shed light on its effectiveness and applicability in mitigating cybersecurity risks.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Abraham Itzhak Weinberg,Kelly Cohen

2024-01-18

Abstract:This paper presents a comprehensive analysis of the shift from the traditional perimeter model of security to the Zero Trust (ZT) framework, emphasizing the key points in the transition and the practical application of ZT. It outlines the differences between ZT policies and legacy security policies, along with the significant events that have impacted the evolution of ZT. Additionally, the paper explores the potential impacts of emerging technologies, such as Artificial Intelligence (AI) and quantum computing, on the policy and implementation of ZT. The study thoroughly examines how AI can enhance ZT by utilizing Machine Learning (ML) algorithms to analyze patterns, detect anomalies, and predict threats, thereby improving real-time decision-making processes. Furthermore, the paper demonstrates how a chaos theory-based approach, in conjunction with other technologies like eXtended Detection and Response (XDR), can effectively mitigate cyberattacks. As quantum computing presents new challenges to ZT and cybersecurity as a whole, the paper delves into the intricacies of ZT migration, automation, and orchestration, addressing the complexities associated with these aspects. Finally, the paper provides a best practice approach for the seamless implementation of ZT in organizations, laying out the proposed guidelines to facilitate organizations in their transition towards a more secure ZT model. The study aims to support organizations in successfully implementing ZT and enhancing their cybersecurity measures.

Cryptography and Security

Poonam Dhiman,Neha Saini,Yonis Gulzar,Sherzod Turaev,Amandeep Kaur,Khair Ul Nisa,Yasir Hamid

DOI: https://doi.org/10.3390/s24041328

IF: 3.9

2024-02-19

Sensors

Abstract:The Zero Trust safety architecture emerged as an intriguing approach for overcoming the shortcomings of standard network security solutions. This extensive survey study provides a meticulous explanation of the underlying principles of Zero Trust, as well as an assessment of the many strategies and possibilities for effective implementation. The survey begins by examining the role of authentication and access control within Zero Trust Architectures, and subsequently investigates innovative authentication, as well as access control solutions across different scenarios. It more deeply explores traditional techniques for encryption, micro-segmentation, and security automation, emphasizing their importance in achieving a secure Zero Trust environment. Zero Trust Architecture is explained in brief, along with the Taxonomy of Zero Trust Network Features. This review article provides useful insights into the Zero Trust paradigm, its approaches, problems, and future research objectives for scholars, practitioners, and policymakers. This survey contributes to the growth and implementation of secure network architectures in critical infrastructures by developing a deeper knowledge of Zero Trust.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yuanhang He,Daochao Huang,Lei Chen,Yi Ni,Xiangjie Ma

DOI: https://doi.org/10.1155/2022/6476274

2022-06-16

Wireless Communications and Mobile Computing

Abstract:The traditional perimeter-based network protection model cannot adapt to the development of current technology. Zero trust is a new type of network security model, which is based on the concept of never trust and always verify. Whether the access subject is in the internal network or the external network, it needs to be authenticated to access resources. The zero trust model has received extensive attention in research and practice because it can meet the new network security requirements. However, the application of zero trust is still in its infancy, and enterprises, organizations, and individuals are not fully aware of the advantages and disadvantages of zero trust, which greatly hinders the application of zero trust. This paper introduces the existing zero trust architecture and analyzes the core technologies including identity authentication, access control, and trust assessment, which are mainly relied on in the zero trust architecture. The main solutions under each technology are compared and analyzed to summarize the advantages and disadvantages, as well as the current challenges and future research trends. Our goal is to provide support for the research and application of future zero trust architectures.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ganiyu Oladimeji

2024-11-09

Abstract:This review discusses the theoretical frameworks and application prospects of Zero Trust Security (ZTS) in cloud computing context. This is because, as organisations move more of their applications and data to the cloud, the old borders-based security model that many implemented are inadequate, therefore a model that has a trust no one, verify everything approach is required. This paper analyzes the core principles of ZTS, including micro-segmentation, least privileged access, and continuous monitoring, while critically examining four major controversies: scalability issues, Economics, Integration issues with existing systems, and Compliance to legal requirements. In this paper, having reviewed the existing literature in the field and various implementation cases, the main barriers to implementing zero trust security were outlined, including the dimensions of decreased performance in large-scale production and the need for major upfront investments that can be difficult for small companies to meet effectively. This research shows that there is no clear correlation between security effectiveness and operational efficiency: while organisations experience up to 40% decrease of security incidents after implementation, they note first negative impacts on performance. This study also shows that to support ZTS there is a need to address the context as the economics and operations of ZTS differ in strengths depending on the size of the organizations and the infrastructures. Some of these are: performance enhancement and optimizations, economic optimization, architectural blend, and privacy-preserving technologies. This review enriches the existing literature on cloud security by presenting both the theoretical framework of ZTS and the observed issues, and provides suggestions useful for future research and practice in the construction of the cloud security architecture.

Cryptography and Security,Emerging Technologies

Vasilios Mavroudis

2024-10-28

Abstract:Zero-Trust Network Access (ZTNA) marks a significant shift in network security by adopting a "never trust, always verify" approach. This work provides an in-depth analysis of ZTNA, offering a comprehensive framework for understanding its principles, architectures, and applications. We discuss its role in securing modern, complex network environments, which include cloud platforms, Internet of Things (IoT) devices, and hybrid enterprise networks. Our objective is to create a key resource for researchers and practitioners by reviewing critical methodologies, analyzing current implementations, and highlighting open challenges and research directions.

Cryptography and Security,Networking and Internet Architecture

Lampis Alevizos,Vinh Thong Ta,Max Hashem Eiza

DOI: https://doi.org/10.1002/spy2.191

2021-11-16

Abstract:With the purpose of defending against lateral movement in today's borderless networks, Zero Trust Architecture (ZTA) adoption is gaining momentum. With a full scale ZTA implementation, it is unlikely that adversaries will be able to spread through the network starting from a compromised endpoint. However, the already authenticated and authorised session of a compromised endpoint can be leveraged to perform limited, though malicious, activities ultimately rendering the endpoints the Achilles heel of ZTA. To effectively detect such attacks, distributed collaborative intrusion detection systems with an attack scenario-based approach have been developed. Nonetheless, Advanced Persistent Threats (APTs) have demonstrated their ability to bypass this approach with a high success ratio. As a result, adversaries can pass undetected or potentially alter the detection logging mechanisms to achieve a stealthy presence. Recently, blockchain technology has demonstrated solid use cases in the cyber security domain. In this paper, motivated by the convergence of ZTA and blockchain-based intrusion detection and prevention, we examine how ZTA can be augmented onto endpoints. Namely, we perform a state-of-the-art review of ZTA models, real-world architectures with a focus on endpoints, and blockchain-based intrusion detection systems. We discuss the potential of blockchain's immutability fortifying the detection process and identify open challenges as well as potential solutions and future directions.

Cryptography and Security

Mukhtar Hussain,Shantanu Pal,Zahra Jadidi,Ernest Foo,Salil Kanhere

DOI: https://doi.org/10.1109/mwc.001.2300405

IF: 12.777

2024-04-12

IEEE Wireless Communications

Abstract:Cloud computing services have become ubiquitous, and currently, every organization uses some form of cloud computing service. Furthermore, even if an organization does not allow BYOD for work, employees will still bring their own devices to manage their personal communication while at work. Moreover, in this post COVID-19 era, working from home has become common. These new trends have diminished the previously known boundary between the enterprise-owned trusted network and untrusted outside networks. Therefore, a new cybersecurity paradigm is emerging that is referred to as zero trust architecture (ZTA). A ZTA protects an enterprise infrastructure based on the principles of never trusting and always verifying. The core component of ZTA is a Zero Trust (ZT) algorithm which ensures dynamic access control and continuous monitoring to establish never trusting and always verifying principles. This article provides a novel research direction based on federated artificial intelligence to develop a ZT algorithm.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Xu Chen,Wei Feng,Ning Ge,Yan Zhang

DOI: https://doi.org/10.1109/mnet.2023.3326356

IF: 10.294

2023-01-01

IEEE Network

Abstract:The upcoming sixth generation (6G) network is expected to be more open and heterogeneous, posing new challenges to conventional security architectures. Traditionally, these architectures rely on the construction of a security perimeter at network boundaries. In this article, we propose a software-defined zero trust architecture (ZTA) for 6G networks, offering a promising approach to establish an elastic and scalable security regime. Our proposed architecture ensures secure access control through adaptive collaborations among control domains, effectively mitigating malicious access behaviors like distributed denial of service (DDoS) attacks, malware spread, and zero-day exploits. We also highlight key design aspects of this architecture and present simulation results from a case study that demonstrate the effectiveness and robustness of ZTA for 6G. Finally, we discuss open issues that warrant further exploration to promote and enhance this novel architecture.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Britta Hale,Ryan Arlitt,Nikolaos Papakonstantinou,Douglas Van Bossuyt

DOI: https://doi.org/10.1115/1.4062597

IF: 2.3

2023-05-23

Journal of Computing and Information Science in Engineering

Abstract:Abstract In an age of worsening global threat landscape and accelerating uncertainty, the design and manufacture of systems must increase resilience and robustness across both the system itself and the entire systems design process. We generally trust our colleagues after initial clearance/background checks; and systems to function as intended and within operating parameters after safety engineering review, verification, validation, and/or system qualification testing. This approach has led to increased insider threat impacts; thus we suggest moving to the “trust, but verify” approach embodied by the Zero-Trust paradigm. Zero-Trust is increasingly adopted for network security but has not seen wide adoption in systems design and operation. Achieving the goal of Zero-Trust throughout the systems lifecycle will help to ensure that no single bad actor -- whether human or machine learning / artificial intelligence (ML/AI) -- can induce failure anywhere in a system's lifecycle. Additionally, while ML/AI and their associated risks are already entrenched within the operations phase of many systems' lifecycles, ML/AI is gaining traction during the design phase. For example, generative design algorithms are increasingly popular but there is less understanding of potential risks. Adopting the Zero-Trust philosophy helps ensure robust and resilient design, manufacture, operations, maintenance, upgrade, and disposal of systems. We outline the rewards and challenges of implementing Zero-Trust and propose the Framework for Zero-Trust for the System Design Lifecycle. The paper highlights several areas of ongoing research with focus on high priority areas where the community should focus efforts.

engineering, manufacturing,computer science, interdisciplinary applications

Nitesh Kumar,Gaurav S. Kasbekar,D. Manjunath

DOI: https://doi.org/10.1145/3595244.3595247

2023-04-26

ACM SIGMETRICS Performance Evaluation Review

Abstract:Traditionally, security systems for enterprises have implicit access based on strong cryptography, authentication and key sharing, wherein access control is based on Role Based Access Control (RBAC), in which roles such as manager, accountant and so on provide a way of deciding a subject's authority. However, years of post-attack analysis on enterprise networks has shown that a majority of times, security breaches occur intentionally or accidently due to implicitly trusted people of an enterprise itself. Zero Trust Architecture works on the principle of never granting trust implicitly, but rather continuously evaluating the trust parameters for each resource access request and has a strict, but not rigid, set of protocols for access control of a subject to resources. Endpoint Detection and Response (EDR) systems are tools that collect a large number of attributes in and around machines within an enterprise network to have close visibility into sophisticated intrusion. In our work, we seek to deploy EDR systems and build trust algorithms using tactical provenance analysis, threshold cryptography and reputation management to continuously record data, evaluate trust of a subject, and simultaneously analyze them against a database of known threat vectors to provide conditional access control. However, EDR tools generate a high volume of data that leads to false alarms, misdetections and correspondingly a high backlog of tasks that makes it infeasible, which is addressed using tactical provenance analysis and information theory.

English Else

Zhuocheng Xu,Boya Di,Lingyang Song

DOI: https://doi.org/10.1109/iwrfat61200.2024.10594530

2024-01-01

Abstract:Zero-trust architecture (ZTA) has been viewed as a powerful security framework to deal with the increasingly complex network environment and connection exposure in high-risk environments. Since the standard ZTA was established in 2020, a large amount of research works have been carried out on ZTA. However, the centralized ZTA established by companies such as Huawei has the problem of single point of failure, which affects the security greatly. In addition, research works on the distributed ZTA pay less attention on the design of workflows, thus making it difficult to deploy their ZTAs in smart factories. In this paper, we establish a cloud-edge-gateway collaborative ZTA based on the distributed ZTA, named CEGC-ZTA, for smart factories. We design the workflow of CEGC-ZTA based on the software-defined perimeter (SDP) model. An implementation case of CEGC-ZTA is given in a smart factory scenario. Simulations and theoretical analysis show that CEGC-ZTA has a superior performance in terms of both the security and efficiency.

Yunfei Ge,Quanyan Zhu

2023-12-06

Abstract:The increased connectivity and potential insider threats make traditional network defense vulnerable. Instead of assuming that everything behind the security perimeter is safe, the zero-trust security model verifies every incoming request before granting access. This chapter draws attention to the cyber resilience within the zero-trust model. We introduce the evolution from traditional perimeter-based security to zero trust and discuss their difference. Two key elements of the zero-trust engine are trust evaluation (TE) and policy engine (PE). We introduce the design of the two components and discuss how their interplay would contribute to cyber resilience. Dynamic game theory and learning are applied as quantitative approaches to achieve automated zero-trust cyber resilience. Several case studies and implementations are introduced to illustrate the benefits of such a security model.

Cryptography and Security,Computer Science and Game Theory

Clement Daah,Amna Qureshi,Irfan Awan,Savas Konur

DOI: https://doi.org/10.3390/electronics13050865

IF: 2.9

2024-02-23

Electronics

Abstract:As financial institutions navigate an increasingly complex cyber threat landscape and regulatory ecosystem, there is a pressing need for a robust and adaptive security architecture. This paper introduces a comprehensive, Zero Trust model-based framework specifically tailored for the finance industry. It encompasses identity and access management (IAM), data protection, and device and network security and introduces trust through blockchain technology. This study provides a literature review of existing Zero Trust paradigms and contrasts them with cybersecurity solutions currently relevant to financial settings. The research adopts a mixed methods approach, combining extensive qualitative analysis through a literature review and assessment of security assumptions, threat modelling, and implementation strategies with quantitative evaluation using a prototype banking application for vulnerability scanning, security testing, and performance testing. The IAM component ensures robust authentication and authorisation processes, while device and network security measures protect against both internal and external threats. Data protection mechanisms maintain the confidentiality and integrity of sensitive information. Additionally, the blockchain-based trust component serves as an innovative layer to enhance security measures, offering both tamper-proof verification and increased integrity. Through analysis of potential threats and experimental evaluation of the Zero Trust model's performance, the proposed framework offers financial institutions a comprehensive security architecture capable of effectively mitigating cyber threats and fostering enhanced consumer trust.

engineering, electrical & electronic,computer science, information systems,physics, applied

Saeid Ghasemshirazi,Ghazaleh Shirvani,Mohammad Ali Alipour

DOI: https://doi.org/10.48550/arXiv.2309.03582

2023-09-07

Cryptography and Security

Abstract:The escalating complexity of cybersecurity threats necessitates innovative approaches to safeguard digital assets and sensitive information. The Zero Trust paradigm offers a transformative solution by challenging conventional security models and emphasizing continuous verification and least privilege access. This survey comprehensively explores the theoretical foundations, practical implementations, applications, challenges, and future trends of Zero Trust. Through meticulous analysis, we highlight the relevance of Zero Trust in securing cloud environments, facilitating remote work, and protecting the Internet of Things (IoT) ecosystem. While cultural barriers and technical complexities present challenges, their mitigation unlocks Zero Trust's potential. Integrating Zero Trust with emerging technologies like AI and machine learning augments its efficacy, promising a dynamic and responsive security landscape. Embracing Zero Trust empowers organizations to navigate the ever-evolving cybersecurity realm with resilience and adaptability, redefining trust in the digital age.

Wenjia Wang,Seyed Masoud Sadjadi,Naphtali Rishe,Arpan Mahara

2024-08-08

Abstract:This study introduces a methodology integrating Zero Trust Architecture (ZTA) principles and Transparent Shaping into an AWS-hosted Online File Manager (OFM) application, enhancing security without substantial code modifications. We evaluate our approach with the Mozilla Observatory, highlighting significant security improvements and outlining a promising direction for applying Transparent Shaping and ZTA in cloud environments.

Cryptography and Security,Networking and Internet Architecture

Han Zhang,Ziyan Zhang,Liquan Chen

DOI: https://doi.org/10.1016/j.dcan.2024.03.011

IF: 6.348

2024-03-01

Digital Communications and Networks

Abstract:With the introduction of 5G, users and devices can access the industrial network from anywhere in the world. Therefore, traditional perimeter-based security technologies for industrial networks can no longer work well. To solve this problem, a new security model called Zero Trust(ZT) is desired, which believes in “never trust and always verify”. Every time the asset in the industrial network is accessed, the subject is authenticated and its trustworthiness is assessed. In this way, the asset in industrial network can be well protected, whether the subject is in the internal network or the external network. However, in order to construct the zero trust model in the 5G Industrial Internet collaboration system, there are still many problems to be solved. In this paper, we first introduce the security issues in the 5G Industrial Internet collaboration system, and illustrate the zero trust architecture. Then, we analyze the gap between existing security techniques and the zero trust architecture. Finally, we discuss several potential security techniques that can be used to implement the zero trust model. The purpose of this paper is to point out the further direction for the realization of the Zero Trust Architecture(ZTA) in the 5G Industrial Internet collaboration system.

telecommunications

Cornelius Itodo,Murat Ozer

DOI: https://doi.org/10.1016/j.cose.2024.103827

IF: 5.105

2024-03-31

Computers & Security

Abstract:The sudden shift from physical office location to a fully remote or hybrid work model accelerated by the COVID- 19 pandemic, is a phenomenon that changed how organizations traditionally operated and thereby introduced new vulnerabilities and consequently changed sthe cyber threat landscape. This has led organizations around the globe to seek new approaches to protect their network. One such approach is the adoption of the Zero Trust security approach due to its many advantages over the traditional/perimeter security approach. Although zero trust presents a stronger defense approach over the perimeter security model, organizations are hesitant to fully embrace it. This is partly due to the lack of a unified zero-trust implementation framework that can be used to guide its adoption. As such, we conducted a multivocal review that included literature from both academic and non-academic sources to consolidate knowledge on the state-of-the-art of zero-trust implementation and identify gaps in literature. Our result shows that existing papers tend to have a narrow viewpoint on the approach of implementing zero trust, rather than an encompassing viewpoint that can provide a more holistic view on the topic. We developed a conceptual framework that articulates the five core components involved in the implementation of zero trust security, guided by key questions designed to guide the implementation process.

computer science, information systems

Priya Parameswarappa,

DOI: https://doi.org/10.55083/irjeas.2022.v10i03013

2022-09-04

Abstract:Model-based security metrics are an emerging topic of cyber security research that focuses on assessing an information system's risk exposure. We propose an end-to-end solution with the deployment of a zero-trust network utilising Artificial Intelligence in this article to understand the security posture of a system before it is rolled out and as it matures. The major part contains a discussion about the key methods and techniques which was utilized in the development process and simplified operation principles of each developed process. Some developed processes were tested practically to evaluate the problems in the processes. Modules for automatic processing and data analysis were also developed. These modules can be connected in case it is needed. The most important data collection methods were benchmarked to detect problematic situations in the operation in different realistic situations. With the perception from the benchmark test, the problematic parts of the data collection were discovered and proposals for the solution were made which could be developed and tested in the next iterations of the development process. Working Artificial intelligence-based detection and data enrichment methods were created. The results of the article allow multiple continuous research and development projects related to data collection and data analysis with statistical and artificial intelligence-based methods.