Identity authentication for edge devices based on zero‐trust architecture

Concurrency Computation Practice and Experience - Tập 34 Số 23 - 2022

Haiqing Liu¹, Ming Shun Ai¹, Rong Huang¹, Rixuan Qiu², Yuancheng Li¹

¹School of Control and Computer Engineering, North China Electric Power University, Beijing, China

²State Grid Jiangxi Information & Telecommunication Company, Nanchang, China

Tóm tắt

SummaryDevice identity authentication is the first line of defense for edge computing security mechanisms. Many authentication schemes are often accompanied by high communication and computational overhead. In addition, due to the continuous enhancement of network virtualization and dynamics, the security requirements for logical boundaries of many enterprise information systems “cloudification,” and the huge data security challenges faced by enterprise core assets, all make the original "one‐time authentication, all the way" trust model no longer reliable. Therefore, the paper proposes a local identity authentication and roaming identity authentication protocol based on a zero‐trust architecture. First, we propose a revocable group signature scheme, the expiration time is bound to the key of each edge terminal device. According to this solution, since the identity authentication token generated by the expired key is invalid, it does not need to be included in the revocation list, which improves the efficiency of revocation checking. Compared with the current identity authentication protocol, this article not only builds a model based on the zero trust architecture, effectively solves the shortcomings of the network security protection architecture, but also considers the unforgeability of the expiration time, and realizes effective revocation and more efficient identity authentication.

Từ khóa

Tài liệu tham khảo

Eschenauer L, 2002, Security Protocols, 47

10.1007/3-540-48749-2_8

10.1016/S0169-7552(97)00009-3

Kindervag J, 2010, No more chewy centers: introducing the zero trust model of information security, For Res, 3

WardR BeyerB.BeyondCorp: a new approach to enterprise security 2014.

10.6028/NIST.SP.800-207

TianY.Network security protection based on zero trust architecture. Information Technology and Informatization; 2020:154‐157.

ChenT HuangSH.Tree parity machine‐based one‐time password authentication schemes. Proceedings of the 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence); 2008:257‐261; IEEE.

10.1145/358790.358797

HallerNM.The s/key (tm) one‐time password system. Proceedings of the Internet Society Symposium on Network and Distributed Systems; 1994:151‐157.

HallerN MetzC NesserP StrawM.A one‐time password system. Network Working Group Request for Comments. vol. 2289; 1998.

10.1007/978-1-4020-8737-0_51

10.1109/30.920446

Yeh TC, 2002, A secure one‐time password authentication scheme using smart cards, IEICE Trans Commun, 85, 2515

10.1002/scj.4690220704

10.1016/S0164-1212(00)00077-7

GoyalV AbrahamA SanyalS HanSY.The N/R one time password system. Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05); 2005:733‐738; IEEE.

10.1016/j.jnca.2009.08.001

HallsteinsenS JorstadI Van ThanhD.Using the mobile phone as a security token for unified authentication. Proceedings of the 2007 Second International Conference on Systems and Networks Communications (ICSNC 2007); 2007:68; IEEE.

Cui Z, 2020, A hybrid blockchain‐based identity authentication scheme for multi‐WSN, IEEE Trans Serv Comput, 13, 241

Zhang S, 2020, A heterogeneous IOT node authentication scheme based on hybrid blockchain and trust value, KSII Trans Internet Inf Syst, 14, 3615

10.1109/JSAC.2020.2980916

10.26599/BDMA.2020.9020010

10.1016/j.sysarc.2021.102024

Li JG, 2011, Practical group signature scheme with verifier‐local revocation, J Commun, 32, 67

10.1007/978-981-13-2095-8_31

10.1016/j.tcs.2018.03.027

10.1007/978-3-030-61638-0_21

10.1155/2021/8690662

10.1007/978-3-030-75245-3_12

10.1109/TWC.2010.120610.101018

10.1109/TWC.2010.01.081219

10.1016/j.jisa.2013.12.002

Scholar Hub - Công cụ hỗ trợ trích dẫn và phân tích khoa học Việt Nam

Về chúng tôi

Scholar Hub là công cụ hỗ trợ trích dẫn và phân tích các bài báo, công bố khoa học Việt Nam. Công cụ trợ giúp người nghiên cứu, tạp chí, đơn vị nghiên cứu tra cứu, phân tích và thống kê dữ liệu nghiên cứu khoa học tại Việt Nam và quốc tế.
ScholarHub KHÔNG đăng thông tin tổng hợp, KHÔNG đăng lại nội dung từ các trang báo chí Việt Nam hoặc trang thông tin điện tử khác tại Việt Nam.

Thông tin, cập nhật

Đăng ký Tạp chí tham gia vào Scholar Hub

Phản hồi ý kiến về Scholar Hub

Bài viết, nội dung cập nhật

Chủ đề khoa học

Website liên kết

Phần mềm kiểm tra trùng lặp Kiểm Tra Tài Liệu

Phần mềm xuất bản tạp chí điện tử VOJS

Công cụ kiểm tra chính tả và thể thức Viver

Nền tảng trắc nghiệm và đề thi đa lĩnh vực LetQA