PDF
Abstract
Zero trust architecture is an end-to-end approach for server resources and data security which contains identity authentication, access control, dynamic evaluation, and so on. This work focuses on authentication technology in the zero trust network. In this paper, a Traceable Universal Designated Verifier Signature (TUDVS) is used to construct a privacy-preserving authentication scheme for zero trust architecture. Specifically, when a client requests access to server resources, we want to protect the client's access privacy which means that the server administrator cannot disclose the client's access behavior to any third party. In addition, the security of the proposed scheme is proved and its efficiency is analyzed. Finally, TUDVS is applied to the single packet authorization scenario of the zero trust architecture to prove the practicability of the proposed scheme.
Keywords
Zero trust architecture
/
Privacy-preserving
/
Authentication
/
Anonymity revocation
Cite this article
Download citation ▾
Fei Tang, Chunliang Ma, Kefei Cheng.
Privacy-preserving authentication scheme based on zero trust architecture.
, 2024, 10(5): 1211-1220 DOI:10.1016/j.dcan.2023.01.021
| [1] |
E. Gilman, D. Bass, Zero Trust Networks: Building Security System in Untrusted Network, Posts and telecommunications press, Beijing, 2019.
|
| [2] |
Palo alto networks, Zero trust network architecture with John Kingdervag-Video, 2021. https://www.paloaltonetworks.com/resources/videos/zero-trust. (Accessed 26 March 2021).
|
| [3] |
R. Ward, B. Beyer, BeyondCorp: a new approach to enterprise security, Login Mag. USENIX Sage 39 (6) (2014) 6-11.
|
| [4] |
S. Rose, O. Borchert, S. Connelly, Zero Trust Architecture, NIST Special Publication, New York, 2020.
|
| [5] |
C. DeCusatis, P. Liengtiraphan, Implementing zero trust cloud networks with transport access control and first packet authentication, in: Proceedings of the 2016 IEEE International Conference on Smart Cloud, IEEE, 2016, pp. 5-10.
|
| [6] |
D. Eidle, S.Y. Ni, C. Decusatis, Autonomic security for zero trust networks, in: Proceedings of the 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), IEEE, 2017, pp. 288-293.
|
| [7] |
B. Chen, S. Qiao, J. Zhao, A security awareness and protection system for 5G smart healthcare based on zero-trust architecture, IEEE Internet Things J. 8 (13) (2020) 10248-10263.
|
| [8] |
Y.Z. Liu, X.H. Hao, W. Ren, et al., A blockchain-based decentralized, fair and authenticated information sharing scheme in zero trust internet-of-things, IEEE Trans. Comput. (2022) ahead of print.
|
| [9] |
J. Wang, J.H. Chen, N. Xiong, et al., S-BDS: an effective blockchain-based data storage scheme in zero-trust IoT, ACM Trans. Internet Technol. (2022) ahead of print.
|
| [10] |
Y. Bello, A.R. Hussein, M. Ulema, et al., On sustained zero trust conceptualization security for mobile core networks in 5G and beyond, IEEE Trans. Netw. Serv. Manag. 19 (2) (2022) 1876-1889.
|
| [11] |
F. Wang, G. S Li, Y. Wang, et al., Privacy-aware traffic flow prediction based on multi-party sensor data with zero trust in smart city, ACM Trans. Internet Technol.(2022) ahead of print.
|
| [12] |
A. Stern, H.Y. Wang, F. Rahman, et al., ACED-IT: assuring confidential electronic design against insider threats in a zero trust environment, IEEE Trans. Comput. Aided Des. Integrated Circ. Syst. 41 (10) (2021) 3202-3215.
|
| [13] |
Z. Guo, Y. Liu, H. Zhang, Z. Liu, Research on identity authentication mechanism of IoT devices based on zero trust architecture, Inf. Technol. Netw. Secur. 39 (11)(2020) 23-30.
|
| [14] |
S. Mehraj, M. Banday, Establishing a zero trust strategy in cloud computing enviroment, in: Proceedings of the 2020 International Conference on Computer Communication and Informatics (ICCCI), IEEE, 2020, pp. 1-6.
|
| [15] |
M. Sultana, A. Hossain, F. Laila, Towards developing a secure medical image sharing system based on zero trust principles and blockchain technology, BMC Med. Inf. Decis. Making 20 (1) (2020) 1-10.
|
| [16] |
D. Chen, Z. Xiong, Y. Zhang, et al., A uniform identity authentication method based on cookie ticket,in:Proceedings of the 2016 3rd International Conference on Information Science and Control Engineering (ICISCE), IEEE, 2016, pp. 134-138.
|
| [17] |
S.A. Chaudhry, K. Yahya, S. Garg, et al., LAS-SG: an elliptic curve based lightweight authentication scheme for smart grid environments, IEEE Trans. Ind. Inf. 19 (2)(2022) 1504-1511.
|
| [18] |
A. Gutmann, K. Renaud, J. Maguire, et al., Zeta-zero-trust authentication: relying on innate human ability, not technology,in:Proceedings of the 2016 IEEE European Symposium on Security and Privacy (EuroSP), IEEE, 2016, pp. 357-371.
|
| [19] |
S.W. Shah, N.F. Syed, A. Shaghaghi, et al., LCDA: lightweight continuous device-to-device authentication for a zero trust architecture (ZTA), Comput. Secur. (108)(2021) 102351.
|
| [20] |
R. Sun, Z. Zhang, Building zero trust network based on multi-factor authentication, J. Bei Jing Inst. Technol. 36 (1) (2020) 21-26.
|
| [21] |
M. Zhang, C. Xu, M. Huang, Research on multi-server lightweight multi-factor authentication protocol in telemedicine environment, Inf. Netw. Secur. 10 (2019) 42-49.
|
| [22] |
C. He, B. Peng, M. Cui, Research on the design of zero trust firewall based on single packet authorization, J. SW Minzu Univ. (Nat. Sci. Ed.) 47 (2) (2021) 181-186.
|
| [23] |
J. Chang, H. Wang, F. Wang, et al., PKI security for identity-based signature scheme, IEEE Access (8) (2020) 17833-17841.
|
| [24] |
J. Hwang, L. Chen, H. Cho, et al., Short dynamic group signature scheme supporting controllable linkability, IEEE Trans. Inf. Forensics Secur. 10 (6) (2015) 1109-1124.
|
| [25] |
O. Kurbatov, P. Kravchenko, N. Poluyanenko, et al., Using ring signatures for an anonymous E-voting system,in:Proceedings of the 2019 IEEE International Conference on Advanced Trends in Information Theory (ATIT), IEEE, 2019, pp. 187-190.
|
| [26] |
D.W. Huang, X.Y. Yang, H.B. Chen, Ring signature scheme with revocable annoymity, Comput. Eng. Appl. 46 (24) (2010) 88-90.
|
| [27] |
A. Scafuro, B. Zhang, One-time traceable ring signatures, in: Proceedings of the 2021 European Symposium on Research in Computer Security, Springer, Cham, 2021, pp. 481-500.
|
| [28] |
R. Steinfeld, L. Bull, H. Wang, et al., Universal designated-verifier signatures,in: Proceedings of the 9th International Conference on the Theory and Application of Cryptology and Information Security, 2003, pp. 523-542.
|
| [29] |
F. Zhu, Y. Zhang, C. Lin, et al., A universal designated multi-verifier transitive signature scheme,in:Proceedings of the 2016 International Conference on Information Security and Cryptology, Springer, 2017, pp. 180-195.
|
| [30] |
P. Rastegari, M. Berenjkoub, M. Dakhilalian, et al., Universal designated verifier signature scheme with non-delegatability in the standard model, Inf. Sci. 479 (2019) 321-334.
|
| [31] |
M. Wang, Y. Zhang, J. Ma, et al., A universal designated multi verifiers content extraction signature scheme, Int. J. Comput. Sci. Eng. 21 (1) (2020) 49-59.
|
| [32] |
F.J. Feng, X.S. Li, L.T. Wang, Design and implementation of identity authentication system based on fingerprint recognition and cryptography, in: Proceedings of the 2016 2nd IEEE International Conference on Computer and Communications (ICCC), IEEE, 2016, pp. 254-257.
|
| [33] |
S. Satam, P. Satam, S. Hariri, Multi-level bluetooth intrusion detection system, in: Proceedings of the 2020 IEEE 17th International Conference on Computer Systems and Applications (AICCSA), IEEE, 2020, pp. 1-8.
|
| [34] |
F. Zhang, W. Susilo, Y. Mu, et al., Identity-based universal designated verifier signatures,in:Proceedings of the 2005 International Conference on Embedded and Ubiquitous Computing, Springer, 2005, pp. 825-834.
|
| [35] |
S. Goldwasser, S. Micali, R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks, SIAM J. Comput. 17 (2) (1988) 281-308.
|
| [36] |
F. Cao, Z. Cao, An identity based universal designated verifier signature scheme secure in the standard model, J. Syst. Software 82 (4) (2009) 643-649.
|
| [37] |
C. He, B. Peng, M. Cui, Research on the design of zero trust firewall based on single packet authorization, J. SW Minzu Univ. (Nat. Sci. Ed.) 47 (2) (2021) 181-186.
|
