USER IN ZERO TRUST NETWORK ACCESS ARCHITECHTURE ENSURING SECURITY

Yıl 2023, Cilt: 22 Sayı: 43, 215 - 232, 29.06.2023

Abbas Bulut , Muhammed Ali Aydın Abdül Halim Zaim

https://doi.org/10.55071/ticaretfbd.1102276

Öz

The zero trust network security model has become a serious alternative to the traditional network model. As it is known, when the network structures were first established, providing security was not the main goal. The widespread use of the Internet, the increase in the amount of shared information, and easy accessibility have brought concerns about information security into our lives. Zero trust stepped in at this point and brought a brand new understanding with the concept of "never trust - Always verify". This understanding, which was accepted in a short time, gradually caused companies to segment their network structures and develop integrated products. Zero trust security model consists of User, Data, Device, Application and Network traffic components. The most important of these components is the end point devices, which are described as users. Because a cyber attack starts at an endpoint and its target ends at an endpoint. In this context, the article will emphasize the importance of the endpoint in zero trust architecture, and the benefits of extending the Zero trust security platform to the end user.

Anahtar Kelimeler

Endpoint authentication and authorization, endpoint secure access, zero trust architechture, zero trust network architechture.

SIFIR GÜVEN AĞ ERİŞİM MİMARİSİNDE KULLANICI GÜVENLİĞİNİN SAĞLANMASI

Öz

Sıfır güven ağ güvenlik modeli, geleneksel ağ modeline ciddi bir alternatif haline gelmiştir. Bilindiği gibi ağ yapıları ilk kurulduğunda asıl amaç güvenliği sağlamak değildi. İnternetin yaygınlaşması, paylaşılan bilgi miktarının artması ve kolay ulaşılabilir olması bilgi güvenliği ile ilgili endişeleri hayatımıza sokmuştur. Sıfır güven bu noktada devreye girmiş ve "asla güvenme-her zaman doğrula" kavramıyla yepyeni bir anlayış getirmiştir. Kısa sürede kabul gören bu anlayış, şirketlerin giderek ağ yapılarını segmentlere ayırmalarına ve entegre ürünler geliştirmelerine neden olmuştur. Sıfır güven güvenlik modeli Kullanıcı, Veri, Cihaz, Uygulama ve Ağ trafiği bileşenlerinden oluşur. Bu bileşenlerden en önemlisi, kullanıcı olarak tanımlanan uç nokta cihazlarıdır. Çünkü siber saldırı bir uç noktada başlar ve hedefi bir uç noktada biter. Bu bağlamda makale, sıfır güven mimarisinde uç noktanın önemini ve Sıfır güven güvenlik platformunu son kullanıcıya genişletmenin faydalarını vurgulayacaktır.

Anahtar Kelimeler

Kullanıcı doğrulanması yetkilendirilmesi, kullanıcı erişim güvenliği, sıfır güven mimarisi, sıfır güven ağ mimarisi.

Kaynakça

• Assunção, P. (2019, January, 16-16). A zero trust approach to network security, Proceedings of the Digital Privacy and Security Conference. Portugal, 65-72. https://doi.org/10.11228/dpsc.01.01.007
• Belal A., Mark A., Gregory & Li, S. (2021, Nov, 24-26). Uplifting Healthcare cyber resilience with a multi-access edge computing zero-trust security model, 31st International Telecommunication Networks and Applications Conference (ITNAC), Australia, 192-195. https://doi.org /10.1109/ITNAC53136.2021.9652141
• Bicakci, K., Uzunay, Y. & Khan, M. (2021, December, 2-3). Towards zero trust: the design and ımplementation of a secure end-point device for remote working, 14th International Conference on Information Security and Cryptology, Ankara, Türkiye, 28-33. https://doi.org/10.1109/iscturkey53027.2021.9654298
• Camphell, M. (2020). Beyond zero trust: Trust is a vulnerability. Computer, 53(10), 110-113. https://doi: 10.1109/MC.2020.3011081
• Chen, B., Qiao, S., Zhao, J., Liu, D. Shi, X., Lyu, M., Chen, H., & Lu, H. (2021, July, 1-1). A security awareness and protection system for 5g smart healthcare based on zero-trust architecture, IEEE Internet of Things Journal, 8(13), China. https://doi.org/10.1109/jiot.2020.3041042
• Chen, R., Shu, F., Huang, S., Huang, L., Liu, H., Liu, J., & Lei, K. (2021). BIdm: A Blockchain-Enabled Cross-Domain Identity Management System, Journal of Communications and Information Networks, 6(1), 44-58.
• Chen, L., Dai, Z., Chen, M., & Li, N.(2021, May, 29-30) Research on the security protection framework of power mobile ınternet services based on zero trust. 6th International Conference on Smart Grid and Electrical Automation (ICSGEA), China, 65-68. https://doi.org/10.1109/ICSGEA53208.2021.00021. Dabrowski, M., & Pacyna, P. (2022, January, 14-16). Blockchain-based identity discovery between heterogenous identity management systems. 6th International Conference on Cryptography Security and Privacy (CSP), Poland, 131-137. https://doi.org/10.1109/CSP55486.2022.00032
• Dayna, E., Si Ya N., De Cusatis C., & Sager, A. (2017). Autonomic security for zero trust networks, National Science Foundation under CCDNI Integregation (Area 4): Application Aware Software Defined Networks for Secure Cloud Services, NY-USA. 288-293. https://doi.org/10.1109/uemcon.2017.8249053
• DeCusatis, C., & Liengtiraphani, P., (2016, Nov, 18-20). Implementing zero trust cloud networks with transport access control and first packet authentication. IEEE International Conference on Smart Cloud, USA. 5-10. https://doi.org/10.1109/smartcloud.2016.22
• Dhar, S., & Bose, I., (2021). Securing Iot devices using zero trust and blockchain, Journal of Organization Computing and Electronic Commerce, 31(1), 18-34. https://doi.org/0.1080/10919392.2020.1831870
• D’Silva, D., & D. Ambawade, D., (2021, April, 02-04). Building a zero trust architecture using kubernetes. 6th International Conference for Convergence in Technology (I2CT), Pune, India. 1-8. https://doi.org/10.1109/I2CT51068.2021.9418203
• Elisa Bertino, E., & Brancik, K., (2021, Aralık, 10-14). Services for zero trust architectures - a research road- map. IEEE International Conference on Web Services (ICWS), USA, 14-20. https://doi.org/10.1109/ICWS53863.2021.00016
• Fang, W., & Guan, X., (2022, March, 04-06). Research on iOS Remote security access technology based on zero trust. IEEE 6th Information Technology and Mechatronics Engineering Conference (ITOEC), China. 238-241. https://doi.org/10.1109/ITOEC53115.2022.973-4455
• Hatayema, K., Kotani, D., & Okabe, Y. (2021, March, 22-26). Zero Trust Federation: Sharing Context under User Control towards Zero Trust in Identity Federation, PerFlow 2021: International Workshop on Persavive Information Flow, Kyoto, Japan, 514-519. https://doi.org/10.1109/PERCOMWORKSHOPS51409.2021.9431116
• Hosney, E., Abdel Halim, I.T., & Yousef, A.H. (2022, Mart, 09-10). An artificial intelligence approach for deploying zero trust architecture (zta), 5th International Conference on Computing and Informatics (ICCI), Egypt, 343-350. https://doi.org/10.1109/ICCI54321.2022.9756117
• Kang, C., Li, E., Li, Y., Wang, L., Liu, Y., & Han, Z. (2022, May, 27-29). Dynamic access control architecture distribution master station based on extended trust evaluation. IEEE 5th International Electrical and Energy Conference (CIEEC), China, 506-510. https://doi.org/10.1109/CIEEC54735.2022.9846041
• Kuperberg, M. (2020). Blockchain-based ıdentity management: A survey From the enterprise and ecosystem perspective, IEEE Transactions on Engineering Management, 67(4), 1008-1027.
• Liu, J.,Wang, H., Xian, M., & Kong,C., (2020, December, 25-27). A small LAN zero trust network model based on elastic stack, 5th International Conference on Mechanical, Control and Computer Engineering (ICMCCE), China. 1075-1078. https://doi.org/10.1109/ICMCCE51767.2020.00236
• Melo, T., Amaral, S. & Gondim, J.J.C, (2021, Nov, 18-19). Integrating zero trust in the cyber supply chain security, 6th Workshop on Communication Networks and Power Systems (WCNPS 2021), Brasil. https://doi.org/10.1109/WCNPS53648.2021.9626299
• Meng, L., Huang, D., An, J., Zhou, X., & Lin,F. (2022). A continuous authentication protocol without trust authority for zero trust architecture, China Communications Magazine, 19(8), 198-213.
• Patil, A., Karkal, G.,Wadhwa, J., Sawood, M., & Reddy, K.D, (2020, Dec, 10-13). Design and implementation of a consensus algorithm to build zero trust model. IEEE 17th India Council International Conference (INDICON), India. https://doi.org/10.1109/indicon49873.2020.9342207
• Rodigari, S., O’Shea, D., McCarthy, P., McCarry, M., & McSweeney, S., (2021, Sept, 5-10). Performance analysis of zero-trust multi-cloud. IEEE 14th International Conference on Cloud Computing, Ireland. 730-732. https://doi.org/10.1109/cloud53861.2021.00097
• Rocha, B.C., Melo, L.P. & Sousa Jr, R.T., (2021, Nov, 18-19). Preventing APT attacks on LAN networks with connected IoT devices using a zero trust based security. 6th Workshop on Communication Networks and Power Systems (WCNPS), Brasil https://doi.org/20.2209/wcnps53648.2021.926270
• Rose, S., Borchert, O., Mitchell, S. & Connelly, S. (2020), Zero trust architecture, special publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, Stafford. https://doi.org/10.6028/NIST.SP.800-207
• Samaniego, M. & Deters, R. (2018, July, 2-7). Zero-trust hierarchical management in IoT. IEEE International Congress on Internet of Things, Canada, 88-94. https://doi.org/10.1109/ICIOT.2018.00019
• Sheikh, N., Pawar M., & Lawrence,W., (2021, May, 10-13). Zero trust using Network Micro Segmentation. IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 1-6, https://doi.org/10.1109/INFOCOM-WKSHPS51825.2021.9484645
• Srour, L., Kayssi, A., & Chelab, A.(2006, September, 1-1). Reputation-based algorithm for managing trust in file sharing networks. 2006 Securecomm and Workshops, Lebanon. 1-10, https://doi.org/10.1109/SECCOMW.2006.359538.
• Syed, N. F., Shah, S. W., Shaghaghi,A., Anwar, A., Baig, Z., & Doss,R.,(2022). Zero trust architecture (ZTA): A comprehensive survey, IEEE Access, 57143-57179, https://doi.org/ 10.1109/ACCESS.2022.3174679.
• Tao,Y., Lei, Z., & Ruxiang, P., (2018, Dec, 11-13). Fine-grained big data security method based on zero trust model, 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS), China, 1040-1045. https://doi.org/10.1109/ICPADS.2018.00140
• Tian, X., & Song, H., (2021). A zero trust method based on BLP and BIBA model, 2021 14th International Symposium on Computational Inteeligence and Design (ISCID), 96-100. https://doi.org/10.1109/ISCID52796.2021.00031
• Vanickis, R., Jacob, P., Lee, B., & Dehghanzadeh, S. (2020, June, 21-22). Access control policy enforcement for zero-trust networking. European Union’s Horizon 2020 research and Innovation programme under grant agreement 700071, Ireland.
• Wang, S., Pei, R., & Zhang, Y., (2019). EIDM: A ethereum-based cloud user identity management protocol, IEEE Access Multidisciplinary | Rapid Review | Open Access Journal, 7, 115281-115291. https://doi.org/10.1109/access.2019.2933989
• Wu, G.Y.,Yan, H.W., & Wang, Z.J.,(2021, Aug, 13-15). Real identity based access control technology under zero trust architecture. International Conference on wireless Communications and Smart Grid (ICWCSG), China, 18-22. https://doi.org/ 10.1109/ICWCSG53609.2021.00-011
• Wu, K., Shi, J.,Guo, Z., Zhang, Z., & Cai,J. (2021, June, 25-27). Research on security strategy of power ınternet of things devices based on zero trust. International Conference on Computer Engineering and Application (ICCEA), China, 79-83. https://doi.org/0.1109/ICCEA53728.2021.00023
• Xiaojan, Z., Liandong, C., Jie, F., Xiangqun,W., & Qi,W. (2021, Jan, 8-10). Power IoT security protection architecture based on zero trust framework. IEEE 5th International Conference on Cryptography, Security and Privacy, China, 166-170. https://doi.org/10.1109/csp51677.2021.9357607
• Yang, D., Zhao,Y.,Wu, K., Guo, X., Peng, H. (2021, October 29 - November 1). An efficient authentication scheme based on zero trust for UAV swarm. 2021 International Conference on Networking and Network Applications (NaNA), China, 356-360. https://doi.org/10.1109/NaNA53684.2021.00068
• Zhang, F & Jiang, X., (2021, March, 26-28). The zero trust security platform for data trusteeship, 2021 4th International Conference on Advanced Electronic Materials, Computers and Software Engineering (AEMCSE), China, 1014-1017. https://doi.org/10.1109/AEMCSE51986.2021.00207
• Zhang, P., Tian, C.Shang, T., Liu, L., Li, L.,Wang,W., & Zhao,Y. (2021, May, 14-16). Dynamic access control technology based on zero-trust light verification network model. IEEE 3rd International Conference on Communications, Information System and Computer Engineering (CISCE), China, 712-715.