Fortifying the Expanding Internet of Things Landscape: A Zero Trust Network Architecture Approach for Enhanced Security and Mitigating Resource Constraints

Authors

  • Mahammad Shaik Technical Lead - Software Application Development, Charles Schwab, Austin, Texas, USA Author
  • Srinivasan Venkataramanan Senior Software Engineer – American Tower Corporation, Woburn, Massachusetts, USA Author
  • Ashok Kumar Reddy Sadhu Graduate Assistant – Texas A&M Commerce, Texas, USA Author

Keywords:

Internet of Things (IoT), Zero Trust

Abstract

The exponential growth of IoT threatens security. For perimeter-based security, IoT ecosystems are too dynamic and fragmented. Low processor power, memory, and OS render resource-constrained devices susceptible. The article proposes Zero Trust IoT security.
Zero trust uses least privilege access control and "never trust, always verify" security. Since the network distrusts all devices and users, every interaction must be validated. No more castle-and-moat network security with Zero Trust. Instead, it divides the network and limits vital resources, assuming a breach.

References

1. Mohanray, S., & Ranganathan, K. (2020, April). Dissecting zero trust: research landscape and its implementation in IoT. In 2020 11th International Conference on Cloud Computing, Data Science & Engineering (CONFLUENCE) (pp. 122-127). IEEE.

2. Why Zero Trust Is Essential for IoT Security. (2020, June 17). IoT Insider. https://www.microsoft.com/en-us/security/blog/2020/05/05/how-to-apply-a-zero-trust-approach-to-your-iot-solutions/

3. Sandhu, R. S., & Ahmad, P. (2019). Zero-trust security model. IEEE Communications Surveys & Tutorials, 21(2), 985-1017.

4. Ning, H., Liu, X., Bhargava, B., & Cui, L. (2013, April). Scalable and secure access control in the internet of things. In 2013 IEEE International Conference on Computer Communications (INFOCOM) (pp. 2744-2752). IEEE.

5. Zhang, Z., Yan, Y., Lee, P. P. C., & Lin, Z. (2017, February). LECC: A lightweight elliptic curve cryptography implementation for resource-constrained devices. In 2017 50th Annual IEEE International Symposium on Circuits and Systems (ISCAS) (pp. 1-4). IEEE.

6. Sun, Y., Li, M., Wang, G., & Liu, Z. (2020, August). Lightweight ChaCha20Poly1305 for stream ciphers and authenticated encryption. In Network and System Security (NSS), 2020 (pp. 1-12).

7. Thielecke, E., Zhao, S., Liu, X., & Zhang, X. (2017). Identity-based cryptography for the internet of things. IEEE Access, 5, 18295-18309.

8. Dorri, A., Moustafa, N., & Choo, K. K. R. (2017). Blockchain for IoT security: A comprehensive survey. IEEE Communications Surveys & Tutorials, 21(4), 3076-3098.

9. Zhang, Y., Chen, L., & Xiang, Y. (2019, August). A blockchain-based pseudonym changing scheme for enhancing user privacy in identity-based internet of things. In 2019 IEEE International Conference on Computational Science and Engineering (CSE) (Vol. 2, pp. 123-128). IEEE.

10. Lin, J., Shen, W., & Liu, C. (2017, September). Secure and efficient identity-based authentication and key agreement for dynamic groups in the internet of things. In 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm) (pp. 1-6). IEEE.

11. Islam, S. H., Kkhan, A., & Gupta, M. (2018, December). Lightweight and dynamic access control for the internet of things. In 2018 17th IEEE International Conference on Trust, Security and Privacy (TrustCom) (pp. 80-89). IEEE.

12. Guo, D., Zhu, H., Zhou, Z., & Li, H. (2016, October). Context-aware access control for IoT applications: A fog computing approach. In 2016 IEEE International Conference on Green Computing and Communications (GreenCom) (pp. 147-152). IEEE.

13. Al-Balawi, Z., & Mouratidis, A. (2017, June). Context-aware and attribute-based access control for the internet of things. In 2017 IEEE International Conference on Cloud Engineering (ICEC) (pp. 241-246). IEEE.

14. Xue, Y., Shen, W., & Liu, C. (2019, April). Attribute-based access control for the internet of medical things. In 2019 IEEE International Conference on Internet of Things (iThings) and IEEE Green Internet of Things (GIoT) (Vol. 1, pp. 1-4). IEEE.

15. Yu, R., Qian, Y., Zhu, Z., & He, G. (2018, December). A framework for attribute-based access control with policy inheritance in the internet of things.

Downloads

Published

20-10-2020

Issue

Vol. 1 No. 1 (2020): Journal of Science & Technology

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

How to Cite

[1]
Mahammad Shaik, Srinivasan Venkataramanan, and Ashok Kumar Reddy Sadhu, “Fortifying the Expanding Internet of Things Landscape: A Zero Trust Network Architecture Approach for Enhanced Security and Mitigating Resource Constraints”, J. Sci. Tech., vol. 1, no. 1, pp. 170–191, Oct. 2020, Accessed: Apr. 29, 2025. [Online]. Available: https://tsbpublisher.org/jst/article/view/73