Search Results (13)

As organizations continue to embrace digital transformation, the need for robust cybersecurity strategies has never been more critical. This paper explores the Zero Trust Architecture (ZTA) as a contemporary cybersecurity framework that addresses the challenges posed by increasingly interconnected systems. Zero Trust (ZT) operates under the principle of “never trust, always verify,” ensuring that every access request is thoroughly authenticated, regardless of the requester’s location within or outside the network. However, implementing ZT is a challenging task, requiring an adequate roadmap to prioritize the different initiatives in agreement with company culture, exposure and cyber posture. We apply multi-criteria decision analysis (MCDA) to evaluate the relative importance of various components within a ZT framework, using the Incomplete Analytic Hierarchy Process (IAHP). Expert opinions from professionals in cybersecurity and IT governance were gathered through structured questionnaires, leading to a prioritized ranking of the eight key ZT pillars, as defined by the Cybersecurity and Infrastructure Security Agency (CISA), Washington, DC, USA, along with a prioritization of the sub-elements within each pillar. The study provides actionable insights into the implementation of ZTA, helping organizations prioritize security efforts to mitigate risks effectively and build a resilient digital infrastructure. The evaluation results were used to create a prioritized framework, integrated into the ZEUS platform, developed with Teleconsys S.p.A., to enable detailed assessments of a firm’s cyber partner regarding ZT and identify improvement areas. The paper concludes by offering recommendations for future research and practical guidance for organizations transitioning to a ZT model. Full article

Deep Federated Learning (DFL) revolutionizes machine learning (ML) by enabling collaborative model training across diverse, decentralized data sources without direct data sharing, emphasizing user privacy and data sovereignty. Despite its potential, DFL’s application in sensitive sectors is hindered by challenges in meeting rigorous standards like the GDPR, with traditional setups struggling to ensure compliance and maintain trust. Addressing these issues, our research introduces an innovative Zero Trust-based DFL architecture designed for GDPR compliant systems, integrating advanced security and privacy mechanisms to ensure safe and transparent cross-node data processing. Our base paper proposed the basic GDPR-Compliant DFL Architecture. Now we validate the previously proposed architecture by formally verifying it using High-Level Petri Nets (HLPNs). This Zero Trust-based framework facilitates secure, decentralized model training without direct data sharing. Furthermore, we have also implemented a case study using the MNIST and CIFAR-10 datasets to evaluate the existing approach with the proposed Zero Trust-based DFL methodology. Our experiments confirmed its effectiveness in enhancing trust, complying with GDPR, and promoting DFL adoption in privacy-sensitive areas, achieving secure, ethical Artificial Intelligence (AI) with transparent and efficient data processing. Full article

The rapid expansion of IoT in smart cities has improved traffic management but increased security risks. Traditional IDS struggle with advanced threats, prompting adaptive solutions. This work proposes a framework combining machine learning (ML), Zero Trust Architecture (ZTA), and blockchain authentication. Supervised models (XGBoost, RF, SVM, LR) detect known anomalies, while a CNN Autoencoder identifies novel threats. Blockchain ensures identity integrity, and compromised devices are isolated automatically. Tests on the IoT-23 dataset demonstrate superior accuracy, fewer false positives, and better scalability than conventional methods. The integration of AI, Zero Trust, and blockchain significantly boosts IoT traffic system security and resilience. Full article

The Open Radio Access Network (O-RAN) paradigm promises unprecedented flexibility and cost efficiency for 6G networks but introduces critical security risks due to its disaggregated, AI-driven architecture. This paper proposes a secure optimization framework integrating zero-trust principles and privacy-preserving Federated Learning (FL) to address vulnerabilities in O-RAN’s RAN Intelligent Controllers (RICs) and xApps/rApps. We first establish a novel threat model targeting O-RAN’s optimization processes, highlighting risks such as adversarial Machine Learning (ML) attacks on resource allocation models and compromised third-party applications. To mitigate these, we design a Zero-Trust Architecture (ZTA) enforcing continuous authentication and micro-segmentation for RIC components, coupled with an FL framework that enables collaborative ML training across operators without exposing raw network data. A differential privacy mechanism is applied to global model updates to prevent inference attacks. We validate our framework using the DAWN Dataset (5G/6G traffic traces with slicing configurations) and the OpenRAN Gym Dataset (O-RAN-compliant resource utilization metrics) to simulate energy efficiency optimization under adversarial conditions. A dynamic DU sleep scheduling case study demonstrates 32% energy savings with <5% latency degradation, even when data poisoning attacks compromise 15% of the FL participants. Comparative analysis shows that our ZTA reduces unauthorized RIC access attempts by 89% compared to conventional O-RAN security baselines. This work bridges the gap between performance optimization and trustworthiness in next-generation O-RAN, offering actionable insights for 6G standardization. Full article

The rapid evolution and deployment of 5G networks have introduced complex security challenges due to their reliance on dynamic network slicing, ultra-low latency communication, decentralized architectures, and highly diverse use cases. Traditional perimeter-based security models are no longer sufficient in these highly fluid and distributed environments. In response to these limitations, this study introduces SecureChain-ZT, a novel Adaptive Zero Trust Policy Framework (AZTPF) that addresses emerging threats by integrating intelligent access control, real-time monitoring, and decentralized authentication mechanisms. SecureChain-ZT advances conventional Zero Trust Architecture (ZTA) by leveraging machine learning, reinforcement learning, and blockchain technologies to achieve autonomous policy enforcement and threat mitigation. Unlike static ZT models that depend on predefined rule sets, AZTPF continuously evaluates user and device behavior in real time, detects anomalies through AI-powered traffic analysis, and dynamically updates access policies based on contextual risk assessments. Comprehensive simulations and experiments demonstrate the robustness of the framework. SecureChain-ZT achieves an authentication accuracy of 97.8% and reduces unauthorized access attempts from 17.5% to just 2.2%. Its advanced detection capabilities achieve a threat detection accuracy of 99.3% and block 95.6% of attempted cyber intrusions. The implementation of blockchain-based identity verification reduces spoofing incidents by 97%, while microsegmentation limits lateral movement attacks by 75%. The proposed SecureChain-ZT model achieved an authentication accuracy of 98.6%, reduced false acceptance and rejection rates to 1.2% and 0.2% respectively, and improved policy update time to 180 ms. Compared to traditional models, the overall latency was reduced by 62.6%, and threat detection accuracy increased to 99.3%. These results highlight the model’s effectiveness in both cybersecurity enhancement and real-time service responsiveness. This research contributes to the advancement of Zero Trust security models by presenting a scalable, resilient, and adaptive policy enforcement framework that aligns with the demands of next-generation 5G infrastructures. The proposed SecureChain-ZT model not only enhances cybersecurity but also ensures service reliability and responsiveness in complex and mission-critical environments. Full article

With ongoing cyber threats stemming from persistent hacking attempts, relentless efforts are being made to prevent such threats at their source. Recently, the concept of “zero trust”, introduced by the United States National Institute of Standards and Technology (NIST), has emerged as a promising approach in this regard. Zero Trust (ZT) is not a standalone security solution but rather a framework of concepts aimed at achieving a higher level of security. It provides a paradigm that outlines the fundamental philosophy, core principles, and operational guidelines for enhanced security. While the guiding principle of “Never Trust, Always Verify” has gained widespread acceptance, many corporate security managers remain uncertain about how to implement ZT effectively. To address this challenge, this paper presents a security network designed to align with the corporate sector’s concept of security architecture based on the principles of ZT. Furthermore, it proposes and verifies a method to strengthen security using Secure Sockets Layer (SSL) and Digital Rights Management (DRM). These technologies were selected because, among the various principles of Zero Trust architecture (ZTA), they effectively support centralized policy management and access control. This paper is expected to be effective in preventing related risks and contribute to building a more effective information security system that helps organizations combat increasingly sophisticated cyber threats. Full article

The Zero Trust Architecture (ZTA) security system follows the “never trust, always verify” principle. The process constantly verifies users and devices trying to access resources. This paper describes how Microsoft Azure uses ZTA to enforce strict identity verification and access rules across the cloud environment to improve security. Implementation takes time and effort. Azure’s extensive services and customizations require careful design and implementation. Azure administrators need help navigating and changing configurations due to its complex user interface (UI). Each Azure ecosystem component must meet ZTA criteria. ZTAs comprehensive policy definitions, multi-factor and passwordless authentication, and other advanced features are tested in a mid-size business scenario. The document delineates several principal findings concerning the execution of Azure’s ZTA within mid-sized enterprises. Azure ZTA significantly improves security by reducing attack surfaces via ongoing identity verification, stringent access controls, and micro-segmentation. Nonetheless, its execution is resource-demanding and intricate, necessitating considerable expertise and meticulous planning. A notable disparity exists between theoretical ZTA frameworks and their practical implementation, characterized by disjointed management interfaces and user fatigue resulting from incessant authentication requests. The case studies indicate that although Zero Trust Architecture enhances organizational security and mitigates risks, it may disrupt operations and adversely affect user experience, particularly in hybrid and fully cloud-based settings. The study underscores the necessity for customized configurations and the equilibrium between security and usability to ensure effective ZTA implementation. Full article

Modern organizations have migrated from localized physical offices to work-from-home environments. This surge in remote work culture has exponentially increased the demand for and usage of Virtual Private Networks (VPNs), which permit remote employees to access corporate offices effectively. However, the technology raises concerns, including security threats, latency, throughput, and scalability, among others. These newer-generation threats are more complex and frequent, which makes the legacy approach to security ineffective. This research paper gives an overview of contemporary technologies used across enterprises, including the VPNs, Zero Trust Network Access (ZTNA), proxy servers, Secure Shell (SSH) tunnels, the software-defined wide area network (SD-WAN), and Secure Access Service Edge (SASE). This paper also presents a comprehensive cybersecurity framework named Zero Trust VPN (ZT-VPN), which is a VPN solution based on Zero Trust principles. The proposed framework aims to enhance IT security and privacy for modern enterprises in remote work environments and address concerns of latency, throughput, scalability, and security. Finally, this paper demonstrates the effectiveness of the proposed framework in various enterprise scenarios, highlighting its ability to prevent data leaks, manage access permissions, and provide seamless security transitions. The findings underscore the importance of adopting ZT-VPN to fortify cybersecurity frameworks, offering an effective protection tool against contemporary cyber threats. This research serves as a valuable reference for organizations aiming to enhance their security posture in an increasingly hostile threat landscape. Full article

Cyber threats are continually evolving and becoming increasingly complex, affecting various industries. Healthcare institutions are the second most targeted industry, preceded by manufacturing. The industry is on the lookout for a reliable cybersecurity system. This research analyzed the feasibility and reality of implementing a Zero Trust Architecture (ZTA) framework within a large healthcare enterprise with a workforce within the range of 45 k to 50 k personnel. It utilizes a baseline concept centered on the widely used Perimeter-Based Security Model (PBSM) in production environments. The focus is on assessing the feasibility of transitioning from a PBSM to a ZTA framework and specifically aims to assess the effects of such a transition on security, control, cost-effectiveness, supportability, risk, operational aspects, and the extent to which ZTA is applicable across different applications. Company X was used as a case study and provided data for analysis in support engagements and host traffic telemetry values. Findings indicated that a PBSM remains effective in providing defense measures for an organization mainly when a significant financial incentive is involved. On the other hand, ZTA offers a more secure environment with a notable reduction in risk, albeit at an additional cost and with added support variables. Full article

As information technology continues to evolve, cloud data centres have become increasingly prominent as the preferred infrastructure for data storage and processing. However, this shift has introduced a new array of security challenges, necessitating innovative approaches distinct from traditional network security architectures. In response, the Zero Trust Architecture (ZTA) has emerged as a promising solution, with micro-segmentation identified as a crucial component for enabling continuous auditing and stringent security controls. VxLAN technology is widely utilized in data centres for tenant isolation and virtual machine interconnection within tenant environments. Despite its prevalent use, limited research has focused on its application in micro-segmentation scenarios. To address this gap, we propose a method that leverages VLAN and VxLAN many-to-one mapping, requiring that all internal data centre traffic routes through the VxLAN gateway. This method can be implemented cost-effectively, without necessitating business modifications or causing service disruptions, thereby overcoming the challenges associated with micro-segmentation deployment. Importantly, this approach is based on standard public protocols, making it independent of specific product brands and enabling a network-centric framework that avoids software compatibility issues. To assess the effectiveness of our micro-segmentation approach, we provide a comprehensive evaluation that includes network aggregation and traffic visualization. Building on the implementation of micro-segmentation, we also introduce an enhanced asset behaviour algorithm. This algorithm constructs behavioural profiles based on the historical traffic of internal network assets, enabling the rapid identification of abnormal behaviours and facilitating timely defensive actions. Empirical results demonstrate that our algorithm is highly effective in detecting anomalous behaviour in intranet assets, making it a powerful tool for enhancing security in cloud data centres. In summary, the proposed approach offers a robust and efficient solution to the challenges of micro-segmentation in cloud data centres, contributing to the advancement of secure and reliable cloud infrastructure. Full article

The next-generation “Industrial Internet of Things” (IIoT) will support “Machine-to-Machine” (M2M) communications for smart Cyber-Physical-Systems and Industry 4.0, and require guaranteed cyber-security. This paper explores hardware-enforced cyber-security for critical infrastructures. It examines a quantum-safe “Software-Defined-Deterministic IIoT” (SDD-IIoT), with a new forwarding-plane (sub-layer-3a) for deterministic M2M traffic flows. A “Software-Defined Networking” (SDN) control plane controls many “Software-Defined-Deterministic Wide-Area Networks” (SDD-WANs), realized with FPGAs. The SDN control plane provides an “Admission-Control/Access-Control” system for network-bandwidth, using collaborating Artificial Intelligence (AI)-based “Zero Trust Architectures” (ZTAs). Hardware-enforced access-control eliminates all congestion, BufferBloat, and DoS/DDoS attacks, significantly reduces buffer-sizes, and supports ultra-reliable-low-latency communications in the forwarding-plane. The forwarding-plane can: (i) Encrypt/Authenticate M2M flows using quantum-safe ciphers, to withstand attacks by Quantum Computers; (ii) Implement “guaranteed intrusion detection systems” in FPGAs, to detect cyber-attacks embedded within billions of IIoT packets; (iii) Provide guaranteed immunity to external cyber-attacks, and exceptionally strong immunity to internal cyber-attacks; (iv) Save USD 100s of billions annually by exploiting FPGAs; and (v) Enable hybrid Classical-Quantum networks, by integrating a “quantum key distribution” (QKD) network with a classical forwarding plane with exceptionally strong cyber-security, determined by the computational hardness of cracking Symmetric Key Cryptography. Extensive experimental results for an SDD-WAN over the European Union are reported. Full article

The metaverse is touted as an exciting new technology amalgamation facilitating next-level immersive experiences for users. However, initial experiences indicate that a host of privacy, security and control issues will need to be effectively resolved for its vision to be realized. This paper highlights the security issues that will need to be resolved in the metaverse and the underlying enabling technologies/platforms. It also discussed the broader challenges confronting the developers, the service providers and other stakeholders in the metaverse ecosystem which if left unaddressed may hamper its broad adoption and appeal. Finally, some ideas on building a viable Zero-Trust Architecture (ZTA) model for the metaverse are presented. Full article

Recently, networks have shifted from traditional in-house servers to third-party-managed cloud platforms due to its cost-effectiveness and increased accessibility toward its management. However, the network remains reactive, with less accountability and oversight of its overall security. Several emerging technologies have restructured our approach to the security of cloud networks; one such approach is the zero-trust network architecture (ZTNA), where no entity is implicitly trusted in the network, regardless of its origin or scope of access. The network rewards trusted behaviour and proactively predicts threats based on its users’ behaviour. The zero-trust network architecture is still at a nascent stage, and there are many frameworks and models to follow. The primary focus of this survey is to compare the novel requirement-specific features used by state-of-the-art research models for zero-trust cloud networks. In this manner, the features are categorized across nine parameters into three main types: zero-trust-based cloud network models, frameworks and proofs-of-concept. ZTNA, when wholly realized, enables network administrators to tackle critical issues such as how to inhibit internal and external cyber threats, enhance the visibility of the network, automate the calculation of trust for network entities and orchestrate security for users. The paper further focuses on domain-specific issues plaguing modern cloud computing networks, which leverage choosing and implementing features necessary for future networks and incorporate intelligent security orchestration, automation and response. The paper also discusses challenges associated with cloud platforms and requirements for migrating to zero-trust architecture. Finally, possible future research directions are discussed, wherein new technologies can be incorporated into the ZTA to build robust trust-based enterprise networks deployed in the cloud. Full article