A Survey on Zero Trust Architecture: Challenges and Future Trends

Wireless Communications and Mobile Computing - Tập 2022 - Trang 1-13 - 2022
Yuanhang He1, Daochao Huang2, Lei Chen1, Yi Ni1, Xiangjie Ma1
1No.30 Research Institute of China Electronics Technology Group Corporation, Chengdu, China
2National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC), Beijing, 100029, China

Tóm tắt

The traditional perimeter-based network protection model cannot adapt to the development of current technology. Zero trust is a new type of network security model, which is based on the concept of never trust and always verify. Whether the access subject is in the internal network or the external network, it needs to be authenticated to access resources. The zero trust model has received extensive attention in research and practice because it can meet the new network security requirements. However, the application of zero trust is still in its infancy, and enterprises, organizations, and individuals are not fully aware of the advantages and disadvantages of zero trust, which greatly hinders the application of zero trust. This paper introduces the existing zero trust architecture and analyzes the core technologies including identity authentication, access control, and trust assessment, which are mainly relied on in the zero trust architecture. The main solutions under each technology are compared and analyzed to summarize the advantages and disadvantages, as well as the current challenges and future research trends. Our goal is to provide support for the research and application of future zero trust architectures.

Từ khóa


Tài liệu tham khảo

Polato, 2021, Zero Trust Network Architecture with John Kindervag-Video

R. Ward, 2014, Beyond Corp: a new approach to enterprise security, 6

10.1016/j.egyr.2021.11.272

J. Kindervag, 2010, Build Security into Your Network’s DNA: The Zero Trust Network Architecture

C. DeCusatis, Implementing zero trust cloud networks with transport access control and first packet authentication, 5

S. Rose, 2020, Zero Trust Architecture, 10.6028/NIST.SP.800-207

10.1186/s12911-020-01275-y

C. de Weever, 2020, Zero Trust Network Security Model in Containerized Environments

K. Ramezanpour, 2021, Intelligent zero trust architecture for 5G/6G tactical networks: Principles, challenges, and the role of machine learning

X. P. Tian, A zero trust method based on BLP and BIBA model, 96

N. Ghate, 2021, Advanced zero trust architecture for automating fine-grained access control with generalized attribute relation extraction, IEICE Proceedings Series, 68

L. Henderson, 2019, Multi-Factor Authentication Fingerprinting Device Using Biometrics

10.1016/j.neucom.2014.08.084

U. Mahbub, Partial face detection for continuous authentication, 2991

10.1016/j.jnca.2018.02.020

10.1109/JIOT.2020.2975779

10.3390/s18041104

10.1016/j.sysarc.2018.12.003

L. Meng, 2022, A continuous authentication protocol without trust authority for zero trust architecture, China Communications

10.1016/j.adhoc.2013.05.003

U. K. Verma, A secure and efficient certificate based authentication protocol for MANET, 1

10.1007/s11227-017-2169-5

V. L. Shivraj, One time password authentication scheme based on elliptic curves for Internet of Things (IoT), 1

10.1109/JSEN.2015.2475298

10.1016/j.cose.2021.102351

10.1109/JSEN.2015.2441113

10.1109/TVT.2017.2744182

10.1109/ACCESS.2019.2891105

10.1109/MC.2015.33

N. Kashmar, From access control models to access control metamodels: a survey, 892

10.1016/S0306-4379(02)00029-7

J. Bethencourt, Ciphertext-policy attribute-based encryption, 321

R. Ostrovsky, Attribute-based encryption with non-monotonic access structures, 195

10.1007/978-3-642-03298-1_16

10.1155/2017/2713595

10.1016/j.cose.2017.10.014

R. Vanickis, Access control policy enforcement for zero-trust-networking, 1

Q. Yao, Dynamic access control and authorization system based on zero-trust architecture, 123

G. R. da Silva, 2021, Zero trust access control with context-aware and behavior-based continuous authentication for smart homes, Anais do XXI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, 43, 10.5753/sbseg.2021.17305

K. Hatakeyama, Zero trust federation: sharing context under user control towards zero trust in identity federation, 514

10.1007/s00354-021-00130-6

K. Yang, 2021, Research on adaptive dynamic access control model based on blockchain and token, Journal of Physics: Conference Series, 2166, 12

Y. Zhang, 2020, A survey of zero trust research, Journal of Information Security Research, 6, 608

L. Fang, 2017, A survey of key technologies in attribute-based access control scheme, Chinese Journal of Computers, 40, 1680

10.1007/978-3-642-13190-5_4

10.1109/TSUSC.2018.2839623

Z. Gao, A credible and lightweight multidimensional trust evaluation mechanism for service-oriented IoT edge computing environment, 156

M. Boussard, STewARD: SDN and blockchain-based trust evaluation for automated risk management on IoT devices, 841

10.1109/ACCESS.2019.2893262

R. Rani, 2019, Trust evaluation for light weight security in sensor enabled Internet of Things: game theory oriented approach, IEEE Internet of Things Journal, 5, 8421, 10.1109/JIOT.2019.2917763

T. Chuan, 2020, An implementation method of zero-trust architecture, Journal of Physics: Conference Series, 1651, 1

N. Basta, 2021, Towards a zero-trust micro-segmentation network security strategy: an evaluation framework

Y. Zhang, 2021, Trust evaluation optimization mechanism for cloud user behavior based on FANP, Chinese Journal of Network and Information Security, 1

10.1115/1.4050685