USER IN ZERO TRUST NETWORK ACCESS ARCHITECHTURE ENSURING SECURITY

Abstract

The zero trust network security model has become a serious alternative to the traditional network model. As it is known, when the network structures were first established, providing security was not the main goal. The widespread use of the Internet, the increase in the amount of shared information, and easy accessibility have brought concerns about information security into our lives. Zero trust stepped in at this point and brought a brand new understanding with the concept of "never trust - Always verify". This understanding, which was accepted in a short time, gradually caused companies to segment their network structures and develop integrated products. Zero trust security model consists of User, Data, Device, Application and Network traffic components. The most important of these components is the end point devices, which are described as users. Because a cyber attack starts at an endpoint and its target ends at an endpoint. In this context, the article will emphasize the importance of the endpoint in zero trust architecture, and the benefits of extending the Zero trust security platform to the end user.

Keywords

• Endpoint authentication and authorization
• endpoint secure access
• zero trust architechture
• zero trust network architechture.

SIFIR GÜVEN AĞ ERİŞİM MİMARİSİNDE KULLANICI GÜVENLİĞİNİN SAĞLANMASI

Abstract

Sıfır güven ağ güvenlik modeli, geleneksel ağ modeline ciddi bir alternatif haline gelmiştir. Bilindiği gibi ağ yapıları ilk kurulduğunda asıl amaç güvenliği sağlamak değildi. İnternetin yaygınlaşması, paylaşılan bilgi miktarının artması ve kolay ulaşılabilir olması bilgi güvenliği ile ilgili endişeleri hayatımıza sokmuştur. Sıfır güven bu noktada devreye girmiş ve "asla güvenme-her zaman doğrula" kavramıyla yepyeni bir anlayış getirmiştir. Kısa sürede kabul gören bu anlayış, şirketlerin giderek ağ yapılarını segmentlere ayırmalarına ve entegre ürünler geliştirmelerine neden olmuştur. Sıfır güven güvenlik modeli Kullanıcı, Veri, Cihaz, Uygulama ve Ağ trafiği bileşenlerinden oluşur. Bu bileşenlerden en önemlisi, kullanıcı olarak tanımlanan uç nokta cihazlarıdır. Çünkü siber saldırı bir uç noktada başlar ve hedefi bir uç noktada biter. Bu bağlamda makale, sıfır güven mimarisinde uç noktanın önemini ve Sıfır güven güvenlik platformunu son kullanıcıya genişletmenin faydalarını vurgulayacaktır.

Keywords

• Kullanıcı doğrulanması yetkilendirilmesi
• kullanıcı erişim güvenliği
• sıfır güven mimarisi
• sıfır güven ağ mimarisi.

References

1. Assunção, P. (2019, January, 16-16). A zero trust approach to network security, Proceedings of the Digital Privacy and Security Conference. Portugal, 65-72. https://doi.org/10.11228/dpsc.01.01.007
2. Belal A., Mark A., Gregory & Li, S. (2021, Nov, 24-26). Uplifting Healthcare cyber resilience with a multi-access edge computing zero-trust security model, 31st International Telecommunication Networks and Applications Conference (ITNAC), Australia, 192-195. https://doi.org /10.1109/ITNAC53136.2021.9652141
3. Bicakci, K., Uzunay, Y. & Khan, M. (2021, December, 2-3). Towards zero trust: the design and ımplementation of a secure end-point device for remote working, 14th International Conference on Information Security and Cryptology, Ankara, Türkiye, 28-33. https://doi.org/10.1109/iscturkey53027.2021.9654298
4. Camphell, M. (2020). Beyond zero trust: Trust is a vulnerability. Computer, 53(10), 110-113. https://doi: 10.1109/MC.2020.3011081
5. Chen, B., Qiao, S., Zhao, J., Liu, D. Shi, X., Lyu, M., Chen, H., & Lu, H. (2021, July, 1-1). A security awareness and protection system for 5g smart healthcare based on zero-trust architecture, IEEE Internet of Things Journal, 8(13), China. https://doi.org/10.1109/jiot.2020.3041042
6. Chen, R., Shu, F., Huang, S., Huang, L., Liu, H., Liu, J., & Lei, K. (2021). BIdm: A Blockchain-Enabled Cross-Domain Identity Management System, Journal of Communications and Information Networks, 6(1), 44-58.
7. Chen, L., Dai, Z., Chen, M., & Li, N.(2021, May, 29-30) Research on the security protection framework of power mobile ınternet services based on zero trust. 6th International Conference on Smart Grid and Electrical Automation (ICSGEA), China, 65-68. https://doi.org/10.1109/ICSGEA53208.2021.00021. Dabrowski, M., & Pacyna, P. (2022, January, 14-16). Blockchain-based identity discovery between heterogenous identity management systems. 6th International Conference on Cryptography Security and Privacy (CSP), Poland, 131-137. https://doi.org/10.1109/CSP55486.2022.00032
8. Dayna, E., Si Ya N., De Cusatis C., & Sager, A. (2017). Autonomic security for zero trust networks, National Science Foundation under CCDNI Integregation (Area 4): Application Aware Software Defined Networks for Secure Cloud Services, NY-USA. 288-293. https://doi.org/10.1109/uemcon.2017.8249053

9. DeCusatis, C., & Liengtiraphani, P., (2016, Nov, 18-20). Implementing zero trust cloud networks with transport access control and first packet authentication. IEEE International Conference on Smart Cloud, USA. 5-10. https://doi.org/10.1109/smartcloud.2016.22
10. Dhar, S., & Bose, I., (2021). Securing Iot devices using zero trust and blockchain, Journal of Organization Computing and Electronic Commerce, 31(1), 18-34. https://doi.org/0.1080/10919392.2020.1831870
11. D’Silva, D., & D. Ambawade, D., (2021, April, 02-04). Building a zero trust architecture using kubernetes. 6th International Conference for Convergence in Technology (I2CT), Pune, India. 1-8. https://doi.org/10.1109/I2CT51068.2021.9418203
12. Elisa Bertino, E., & Brancik, K., (2021, Aralık, 10-14). Services for zero trust architectures - a research road- map. IEEE International Conference on Web Services (ICWS), USA, 14-20. https://doi.org/10.1109/ICWS53863.2021.00016
13. Fang, W., & Guan, X., (2022, March, 04-06). Research on iOS Remote security access technology based on zero trust. IEEE 6th Information Technology and Mechatronics Engineering Conference (ITOEC), China. 238-241. https://doi.org/10.1109/ITOEC53115.2022.973-4455
14. Hatayema, K., Kotani, D., & Okabe, Y. (2021, March, 22-26). Zero Trust Federation: Sharing Context under User Control towards Zero Trust in Identity Federation, PerFlow 2021: International Workshop on Persavive Information Flow, Kyoto, Japan, 514-519. https://doi.org/10.1109/PERCOMWORKSHOPS51409.2021.9431116
15. Hosney, E., Abdel Halim, I.T., & Yousef, A.H. (2022, Mart, 09-10). An artificial intelligence approach for deploying zero trust architecture (zta), 5th International Conference on Computing and Informatics (ICCI), Egypt, 343-350. https://doi.org/10.1109/ICCI54321.2022.9756117
16. Kang, C., Li, E., Li, Y., Wang, L., Liu, Y., & Han, Z. (2022, May, 27-29). Dynamic access control architecture distribution master station based on extended trust evaluation. IEEE 5th International Electrical and Energy Conference (CIEEC), China, 506-510. https://doi.org/10.1109/CIEEC54735.2022.9846041
17. Kuperberg, M. (2020). Blockchain-based ıdentity management: A survey From the enterprise and ecosystem perspective, IEEE Transactions on Engineering Management, 67(4), 1008-1027.
18. Liu, J.,Wang, H., Xian, M., & Kong,C., (2020, December, 25-27). A small LAN zero trust network model based on elastic stack, 5th International Conference on Mechanical, Control and Computer Engineering (ICMCCE), China. 1075-1078. https://doi.org/10.1109/ICMCCE51767.2020.00236
19. Melo, T., Amaral, S. & Gondim, J.J.C, (2021, Nov, 18-19). Integrating zero trust in the cyber supply chain security, 6th Workshop on Communication Networks and Power Systems (WCNPS 2021), Brasil. https://doi.org/10.1109/WCNPS53648.2021.9626299
20. Meng, L., Huang, D., An, J., Zhou, X., & Lin,F. (2022). A continuous authentication protocol without trust authority for zero trust architecture, China Communications Magazine, 19(8), 198-213.
21. Patil, A., Karkal, G.,Wadhwa, J., Sawood, M., & Reddy, K.D, (2020, Dec, 10-13). Design and implementation of a consensus algorithm to build zero trust model. IEEE 17th India Council International Conference (INDICON), India. https://doi.org/10.1109/indicon49873.2020.9342207
22. Rodigari, S., O’Shea, D., McCarthy, P., McCarry, M., & McSweeney, S., (2021, Sept, 5-10). Performance analysis of zero-trust multi-cloud. IEEE 14th International Conference on Cloud Computing, Ireland. 730-732. https://doi.org/10.1109/cloud53861.2021.00097
23. Rocha, B.C., Melo, L.P. & Sousa Jr, R.T., (2021, Nov, 18-19). Preventing APT attacks on LAN networks with connected IoT devices using a zero trust based security. 6th Workshop on Communication Networks and Power Systems (WCNPS), Brasil https://doi.org/20.2209/wcnps53648.2021.926270
24. Rose, S., Borchert, O., Mitchell, S. & Connelly, S. (2020), Zero trust architecture, special publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, Stafford. https://doi.org/10.6028/NIST.SP.800-207
25. Samaniego, M. & Deters, R. (2018, July, 2-7). Zero-trust hierarchical management in IoT. IEEE International Congress on Internet of Things, Canada, 88-94. https://doi.org/10.1109/ICIOT.2018.00019
26. Sheikh, N., Pawar M., & Lawrence,W., (2021, May, 10-13). Zero trust using Network Micro Segmentation. IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 1-6, https://doi.org/10.1109/INFOCOM-WKSHPS51825.2021.9484645
27. Srour, L., Kayssi, A., & Chelab, A.(2006, September, 1-1). Reputation-based algorithm for managing trust in file sharing networks. 2006 Securecomm and Workshops, Lebanon. 1-10, https://doi.org/10.1109/SECCOMW.2006.359538.
28. Syed, N. F., Shah, S. W., Shaghaghi,A., Anwar, A., Baig, Z., & Doss,R.,(2022). Zero trust architecture (ZTA): A comprehensive survey, IEEE Access, 57143-57179, https://doi.org/ 10.1109/ACCESS.2022.3174679.
29. Tao,Y., Lei, Z., & Ruxiang, P., (2018, Dec, 11-13). Fine-grained big data security method based on zero trust model, 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS), China, 1040-1045. https://doi.org/10.1109/ICPADS.2018.00140
30. Tian, X., & Song, H., (2021). A zero trust method based on BLP and BIBA model, 2021 14th International Symposium on Computational Inteeligence and Design (ISCID), 96-100. https://doi.org/10.1109/ISCID52796.2021.00031
31. Vanickis, R., Jacob, P., Lee, B., & Dehghanzadeh, S. (2020, June, 21-22). Access control policy enforcement for zero-trust networking. European Union’s Horizon 2020 research and Innovation programme under grant agreement 700071, Ireland.
32. Wang, S., Pei, R., & Zhang, Y., (2019). EIDM: A ethereum-based cloud user identity management protocol, IEEE Access Multidisciplinary | Rapid Review | Open Access Journal, 7, 115281-115291. https://doi.org/10.1109/access.2019.2933989
33. Wu, G.Y.,Yan, H.W., & Wang, Z.J.,(2021, Aug, 13-15). Real identity based access control technology under zero trust architecture. International Conference on wireless Communications and Smart Grid (ICWCSG), China, 18-22. https://doi.org/ 10.1109/ICWCSG53609.2021.00-011
34. Wu, K., Shi, J.,Guo, Z., Zhang, Z., & Cai,J. (2021, June, 25-27). Research on security strategy of power ınternet of things devices based on zero trust. International Conference on Computer Engineering and Application (ICCEA), China, 79-83. https://doi.org/0.1109/ICCEA53728.2021.00023
35. Xiaojan, Z., Liandong, C., Jie, F., Xiangqun,W., & Qi,W. (2021, Jan, 8-10). Power IoT security protection architecture based on zero trust framework. IEEE 5th International Conference on Cryptography, Security and Privacy, China, 166-170. https://doi.org/10.1109/csp51677.2021.9357607
36. Yang, D., Zhao,Y.,Wu, K., Guo, X., Peng, H. (2021, October 29 - November 1). An efficient authentication scheme based on zero trust for UAV swarm. 2021 International Conference on Networking and Network Applications (NaNA), China, 356-360. https://doi.org/10.1109/NaNA53684.2021.00068
37. Zhang, F & Jiang, X., (2021, March, 26-28). The zero trust security platform for data trusteeship, 2021 4th International Conference on Advanced Electronic Materials, Computers and Software Engineering (AEMCSE), China, 1014-1017. https://doi.org/10.1109/AEMCSE51986.2021.00207
38. Zhang, P., Tian, C.Shang, T., Liu, L., Li, L.,Wang,W., & Zhao,Y. (2021, May, 14-16). Dynamic access control technology based on zero-trust light verification network model. IEEE 3rd International Conference on Communications, Information System and Computer Engineering (CISCE), China, 712-715.