Loading...
Toggle navigation
Home
About
About Journal
Editorial Board
Author Center
Current Issue
Just Accepted
Archive
Most Read Articles
Most Download Articles
Most Cited Articles
E-mail Alert
RSS
Reader Center
Online Submission
Manuscript Tracking
Instruction
Download
Review Center
Peer Review
Office Work
Editor-in-Chief
Subscription
Contact Us
中文
Table of Content
15 October 2024, Volume 10 Issue 10
Previous Issue
Research for Zero Trust Security Model
2024, 10(10): 886.
Asbtract
(
)
PDF
(2270KB) (
)
References
|
Related Articles
|
Metrics
Zero trust is considered a new security paradigm. From the perspective of security models, this paper reveals the deepening and integration of security models in zero trust architecture, with “identity and data” as the main focus. Zero trust establishes a panoramic control object chain with identity at its core, builds defenseindepth mechanisms around object attributes, functions, and lifecycles, and centrally redirects the flow of information between objects. It integrates information channels to achieve layered protection and finegrained, dynamic access control. Finally, from an attacker’s perspective, it sets up proactive defense mechanisms at key nodes in the information flow path. Since zero trust systems are bound to become highvalue assets, this paper also explores the essential issues of inherent security and resilient service capabilities in zerotrust systems. Through the analysis of the security models embedded in zerotrust and its inherent security, this paper aims to provide a clearer technical development path for the architectural design, technological evolution, and selfprotection of zero trust in its application.
A Retrospective and Future Development Study of Zero Trust Architecture
2024, 10(10): 896.
Asbtract
(
)
PDF
(1683KB) (
)
References
|
Related Articles
|
Metrics
With the rapid development of the internet, big data, and cloud computing, the zero trust architecture has been proposed as a new security paradigm to address the challenges of modern digitalization. This security model is built on never inherently trusting any internal or external requests, emphasizing that access must be granted through constant verification and monitoring. The core principles of zero trust include comprehensive identity verification, access control, least privilege, pervasive encryption, and continuous risk assessment and response. This article primarily reviews the development history of zero trust architecture, elaborates on the basic concepts of the zero zrust mechanism, and finally summarizes the future development of zero trust architecture.
Design of SDP Trust Evaluation Model Based on Federated Learning
2024, 10(10): 903.
Asbtract
(
)
PDF
(1860KB) (
)
References
|
Related Articles
|
Metrics
With the increasing blurring of network boundaries, zero trust has emerged as a new paradigm for network security defense. A federated learningbased SDP trust evaluation model and its deployment method are proposed to address the issues of low trust evaluation efficiency and difficulty in effectively protecting user data privacy in the face of massive contextual information and diverse terminal scenarios brought by the zero trust security architecture in the era of big data. This model adopts a decentralized approach to train a global model without sharing raw data, protecting the user data privacy of each distributed SDP controller node. Through experiments and comparative analysis, it has been proven that this zero trust evaluation model can effectively classify malicious and legitimate data streams, and its efficiency is superior to similar literature schemes.
Research and Implementation of Intelligent Permission Management
2024, 10(10): 912.
Asbtract
(
)
PDF
(2784KB) (
)
References
|
Related Articles
|
Metrics
The zero trust model puts forward new requirements and challenges for actual businesses in various scenarios. In the past, in the practice of permission management, administrators often manually granted users permissions. However, there are many problems with this method, especially in the face of personnel transfer, permission change, and outdated information, the system cannot automatically adjust the permission in time, which may lead to security problems, and even provide hackers with a breakthrough in attack, causing serious security risks. In order to solve these problems, it is necessary to closely integrate business needs in practical applications to realize the intelligent understanding, adjustment, and allocation of permissions. The purpose of this paper is to discuss the research and practice of building an intelligent permission management system under the zero trust model, so as to provide enterprises with a more secure and efficient permission management solution.
Application of Behavior Anomaly Detection in Zero Trust Access #br# Control Method#br#
2024, 10(10): 921.
Asbtract
(
)
PDF
(1620KB) (
)
References
|
Related Articles
|
Metrics
Zero trust is a solution to the problem of fuzzy network boundaries and has been widely used in many access control methods. Most zerotrust access control methods only use statistical methods to calculate trust values, which has poor ability to prevent unknown risks and lacks adaptability to different users. A zerotrust access control method that applies behavior anomaly detection was proposed to solve those problems. The proposed method designed a trust engine that included a behavior anomaly detection strategy, which can use autoencoders and bidirectional long shortterm memory neural networks to characterize user behavior patterns. The proposed method used the mean square error loss function to describe the degree of abnormality in user behavior, and calculated the trust value together with other elements. The proposed method used abnormal behavior representation values to set trust thresholds and adaptively adjust access policies. The experimental results show that the proposed method is sensitive to the correlation between user behaviors. The proposed method can detect the abnormal behaviors and stop the authorization, which achieve continuous trust evaluation and finegrained access control.
Zerotrust Dynamic Authentication to Resist APT Identity Compromise
2024, 10(10): 928.
Asbtract
(
)
PDF
(2924KB) (
)
References
|
Related Articles
|
Metrics
The deep integration of newgeneration information technology and industrial systems has improved the connectivity of industrial control systems and industrial equipment networks, making the industrial Internet a key target for APT attacks. In view of the problem that existing methods that prefer static authentication make it difficult to identify the “puppet identity” obtained by APT attackers controlling internal compromised terminals, thereby causing sensitive data leakage, a zerotrust dynamic authentication solution for the industrial Internet is proposed. Fusion of CNNBiLSTM to build a hybrid neural network, and use its time series characteristics to design a behavioral factor prediction model. Features are extracted through a deep convolutional network composed of multiple residual blocks, and a twoway long shortterm memory network performs time series analysis to generate behavioral factor predictions for the subject, which serve as important credentials for zerotrust dynamic authentication. In order to quickly identify the “puppet identity”, the IPKSPA dynamic authentication mechanism is designed by incorporating behavioral factors. Use lightweight identification public key technology to adapt to the massive number of terminals in the industrial Internet, and use zerotrust singlepackage authorization technology to hide the boundaries of industrial control networks. Security analysis and experimental results show that the proposed dynamic authentication scheme has better “puppet identity” identification capabilities and is helpful in combating the threat of data theft caused by APT identity compromise in the industrial Internet environment.
Data Sharing Access Control Method for Distribution Terminal IoT #br# Based on Zero Trust Architecture and Least Privilege Principle#br#
2024, 10(10): 937.
Asbtract
(
)
PDF
(1282KB) (
)
References
|
Related Articles
|
Metrics
To maximize the security of IoT data sharing in distribution terminals, a data sharing access control method for distribution terminal IoT based on zero trust architecture and least privilege principle is proposed. We have developed a zerotrustbased IoT data sharing access control framework, which verifies user identity and access control permissions through identity authentication modules. After user access, IDS modules identify obvious network attack behaviors, while behavior trust measurement proxies in user behavior measurement modules, calculate user trust based on historical user behavior measurement data stored in trust measurement databases, and periodically evaluate user behavior trust levels, identify longterm and highly covert network attack behaviors. These proxies also periodically evaluate user behavior trust levels, identify longterm and highly covert network attack behaviors, and use behavioral trustbased access decision agents to allocate user roles based on the user trust level and the principle of least privilege, formulating and implementing access decisions. The IoT controller dynamically adjusts user resource access permissions based on trust measurement results, and achieves dynamic adjustment of user distribution terminal IoT resource access permissions by sending flow tables. The experimental results show that this method can accurately control the shared access of IoT data, and has more comprehensive performance. It has the least redundant permissions while completing user access tasks, which not only meets user access requirements but also ensures network data security.
A Blockchain Access Control Model for Grain Traceability Based on #br# Zerotrust Mechanism#br#
2024, 10(10): 944.
Asbtract
(
)
PDF
(2180KB) (
)
References
|
Related Articles
|
Metrics
Aiming at the problems of malicious access, untrustworthy data sources, and identity forgery in the existing blockchainbased grain traceability model, a blockchain access control model for grain traceability based on a zerotrust mechanism is proposed. Based on the zerotrust security model and the concept of “never trust, always verify”, the blockchain is combined with tokenbased access control (TBAC). Using tokens as credentials to access resources, while introducing user trust analysis, establishing a dynamic and flexible authorization mechanism to achieve finegrained access control. Adding the blockchain smart contract to guarantee the automatic and trustworthy judgment of access control, TBAC is utilized to realize tokenbased access control; secondly, based on the user’s access behavior, Fuzzy Hierarchical Hierarchy Analysis (FAHP) is used so as to obtain the calculation method of the user’s trust value and to design the corresponding access control policy. Experimental results show that the method can correctly and efficiently respond to access requests, and dynamically grant users access rights on the basis of ensuring effective access to grain traceability data, realizing safe and reliable data access control.
A Paillier Optimization Algorithm Combining Multiple Prime Numbers and Public Modules#br#
2024, 10(10): 952.
Asbtract
(
)
PDF
(1247KB) (
)
References
|
Related Articles
|
Metrics
Skyline query is designed to select a set of suitable points from a large number of data points, which provides a key technique for multiobjective optimization of locationoriented objects. Plaintext Skyline query will cause data leakage. Homomorphic encryption Paillier is adopted to protect data and implement ciphertext Skyline query. To address the low efficiency of the Paillier encryption and decryption the MPGPaillier (multiple primegenerator Paillier) algorithm, which is combined with multiple primes and common modules, is proposed to prove the correctness and security of the algorithm. Experimental comparison and analysis show that MPGPaillier has significant improvement over Paillier and MPPaillier (multiple primePaillier) algorithms in terms of encryption and decryption efficiency.
A Federated Learning Privacy Protection Method for Multikey Homomorphic Encryption in the Internet of Things
2024, 10(10): 958.
Asbtract
(
)
PDF
(1704KB) (
)
References
|
Related Articles
|
Metrics
With federated learning, multiple distributed IoT devices can jointly train a global model by updating the transmission model without leaking raw data. However, federated learning systems are susceptible to model inference attacks, resulting in compromised system robustness and data privacy. A federated learning privacy protection method for multikey homomorphic encryption in the Internet of Things is proposed to address the issues of existing federated learning solutions being unable to protect the confidentiality of shared gradients and resisting collusion attacks initiated by clients and servers. This method utilizes multikey homomorphic encryption to achieve gradient update confidentiality protection. Firstly, by using proxy reencryption technology, the ciphertext under different public keys is converted into encrypted data under the public key, ensuring that the cloud server can decrypt the gradient ciphertext. Then, IoT devices use their own public key and random secret factor to encrypt local gradient data, which can resist collusion attacks initiated by malicious devices and servers. Secondly, an identity authentication method based on hybrid cryptography was designed to achieve realtime verification of the identities of participants in federated modeling. In addition, in order to further reduce client computing costs, some decryption calculations are coordinated with trusted servers for computation, and users only need a small amount of computation. A comprehensive analysis was conducted on the proposed solution to evaluate its safety and efficiency. The results indicate that the proposed scheme meets the expected security requirements. Experimental simulation shows that compared to existing schemes, this scheme has lower computational overhead and can achieve faster and more accurate model training.
Privacypreserving Scheme for SVM Training Based on Minibatch SGD
2024, 10(10): 967.
Asbtract
(
)
PDF
(1350KB) (
)
References
|
Related Articles
|
Metrics
When using a support vector machine (SVM) to process sensitive data, privacy protection is very important. The existing SVM privacypreserving schemes are trained based on batch gradient descent (BGD) algorithm, and they have huge computational overhead. To solve this problem, this paper proposed a privacypreserving scheme for SVM training based on minibatch stochastic gradient descent (Minibatch SGD). Firstly, it designed the SVM training algorithm based on Minibatch SGD. Then, on this basis, it perturbed the model weights by multiplication, used the hardness assumption of integer factorization to ensure the privacy of the model, engaged the homomorphic cryptosystem to encrypt the data, performed SVM training, and then applied the homomorphic hash function for verification. Finally, it constructed the SVM privacypreserving scheme. Against security threats, the paper demonstrated data privacy, model privacy, and model correctness. It carried out simulation experiments and analysis of the scheme. The results show that the proposed scheme can save 92.4% of the computation time on average, while the classification performance is close to the existing schemes.
Research on Security Risk and Governance Path of Large Models
2024, 10(10): 975.
Asbtract
(
)
PDF
(1104KB) (
)
References
|
Related Articles
|
Metrics
Author Center
Online Submission
Instruction
Template
Copyright Agreement
Review Center
Peer Review
Editor Work
Editor-in-Chief
Office Work