Loading...

Table of Content

    15 October 2024, Volume 10 Issue 10
    Research for Zero Trust Security Model
    2024, 10(10):  886. 
    Asbtract ( )   PDF (2270KB) ( )  
    References | Related Articles | Metrics
    Zero trust is considered a new security paradigm. From the perspective of security models, this paper reveals the deepening and integration of security models in zero trust architecture, with “identity and data” as the main focus. Zero trust establishes a panoramic control object chain with identity at its core, builds defenseindepth mechanisms around object attributes, functions, and lifecycles, and centrally redirects the flow of information between objects. It integrates information channels to achieve layered protection and finegrained, dynamic access control. Finally, from an attacker’s perspective, it sets up proactive defense mechanisms at key nodes in the information flow path. Since zero trust systems are bound to become highvalue assets, this paper also explores the essential issues of inherent security and resilient service capabilities in zerotrust systems. Through the analysis of the security models embedded in zerotrust and its inherent security, this paper aims to provide a clearer technical development path for the architectural design, technological evolution, and selfprotection of zero trust in its application.
    A Retrospective and Future Development Study of Zero Trust Architecture
    2024, 10(10):  896. 
    Asbtract ( )   PDF (1683KB) ( )  
    References | Related Articles | Metrics
    With the rapid development of the internet, big data, and cloud computing, the zero trust architecture has been proposed as a new security paradigm to address the challenges of modern digitalization. This security model is built on never inherently trusting any internal or external requests, emphasizing that access must be granted through constant verification and monitoring. The core principles of zero trust include comprehensive identity verification, access control, least privilege, pervasive encryption, and continuous risk assessment and response. This article primarily reviews the development history of zero trust architecture, elaborates on the basic concepts of the zero zrust mechanism, and finally summarizes the future development of zero trust architecture.
    Design of SDP Trust Evaluation Model Based on Federated Learning
    2024, 10(10):  903. 
    Asbtract ( )   PDF (1860KB) ( )  
    References | Related Articles | Metrics
    With the increasing blurring of network boundaries, zero trust has emerged as a new paradigm for network security defense. A federated learningbased SDP trust evaluation model and its deployment method are proposed to address the issues of low trust evaluation efficiency and difficulty in effectively protecting user data privacy in the face of massive contextual information and diverse terminal scenarios brought by the zero trust security architecture in the era of big data. This model adopts a decentralized approach to train a global model without sharing raw data, protecting the user data privacy of each distributed SDP controller node. Through experiments and comparative analysis, it has been proven that this zero trust evaluation model can effectively classify malicious and legitimate data streams, and its efficiency is superior to similar literature schemes.
    Research and Implementation of Intelligent Permission Management 
    2024, 10(10):  912. 
    Asbtract ( )   PDF (2784KB) ( )  
    References | Related Articles | Metrics
    The zero trust model puts forward new requirements and challenges for actual businesses in various scenarios. In the past, in the practice of permission management, administrators often manually granted users permissions. However, there are many problems with this method, especially in the face of personnel transfer, permission change, and outdated information, the system cannot automatically adjust the permission in time, which may lead to security problems, and even provide hackers with a breakthrough in attack, causing serious security risks. In order to solve these problems, it is necessary to closely integrate business needs in practical applications to realize the intelligent understanding, adjustment, and allocation of permissions. The purpose of this paper is to discuss the research and practice of building an intelligent permission management system under the zero trust model, so as to provide enterprises with a more secure and efficient permission management solution.
    Application of Behavior Anomaly Detection in Zero Trust Access #br# Control Method#br#
    2024, 10(10):  921. 
    Asbtract ( )   PDF (1620KB) ( )  
    References | Related Articles | Metrics
    Zero trust is a solution to the problem of fuzzy network boundaries and has been widely used in many access control methods. Most zerotrust access control methods only use statistical methods to calculate trust values, which has poor ability to prevent unknown risks and lacks adaptability to different users. A zerotrust access control method that applies behavior anomaly detection was proposed to solve those problems. The proposed method designed a trust engine that included a behavior anomaly detection strategy, which can use autoencoders and bidirectional long shortterm memory neural networks to characterize user behavior patterns. The proposed method used the mean square error loss function to describe the degree of abnormality in user behavior, and calculated the trust value together with other elements. The proposed method used abnormal behavior representation values to set trust thresholds and adaptively adjust access policies. The experimental results show that the proposed method is sensitive to the correlation between user behaviors. The proposed method can detect the abnormal behaviors and stop the authorization, which achieve  continuous trust evaluation and finegrained access control.
    Zerotrust Dynamic Authentication to Resist APT Identity Compromise 
    2024, 10(10):  928. 
    Asbtract ( )   PDF (2924KB) ( )  
    References | Related Articles | Metrics
    The deep integration of newgeneration information technology and industrial systems has improved the connectivity of industrial control systems and industrial equipment networks, making the industrial Internet a key target for APT attacks. In view of the problem that existing methods that prefer static authentication make it difficult to identify the “puppet identity” obtained by APT attackers controlling internal compromised terminals, thereby causing sensitive data leakage, a zerotrust dynamic authentication solution for the industrial Internet is proposed. Fusion of CNNBiLSTM to build a hybrid neural network, and use its time series characteristics to design a behavioral factor prediction model. Features are extracted through a deep convolutional network composed of multiple residual blocks, and a twoway long shortterm memory network performs time series analysis to generate behavioral factor predictions for the subject, which serve as important credentials for zerotrust dynamic authentication. In order to quickly identify the “puppet identity”, the IPKSPA dynamic authentication mechanism is designed by incorporating behavioral factors. Use lightweight identification public key technology to adapt to the massive number of terminals in the industrial Internet, and use zerotrust singlepackage authorization technology to hide the boundaries of industrial control networks. Security analysis and experimental results show that the proposed dynamic authentication scheme has better “puppet identity” identification capabilities and is helpful in combating the threat of data theft caused by APT identity compromise in the industrial Internet environment.
    Data Sharing Access Control Method for Distribution Terminal IoT #br# Based on Zero Trust Architecture and Least Privilege Principle#br#
    2024, 10(10):  937. 
    Asbtract ( )   PDF (1282KB) ( )  
    References | Related Articles | Metrics
    To maximize the security of IoT data sharing in distribution terminals, a data sharing access control method for distribution terminal IoT based on zero trust architecture and least privilege principle is proposed. We have developed a zerotrustbased IoT data sharing access control framework, which verifies user identity and access control permissions through identity authentication modules. After user access, IDS modules identify obvious network attack behaviors, while behavior trust measurement proxies in user behavior measurement modules, calculate user trust based on historical user behavior measurement data stored in trust measurement databases, and periodically evaluate user behavior trust levels, identify longterm and highly covert network attack behaviors. These proxies also periodically evaluate user behavior trust levels, identify longterm and highly covert network attack behaviors, and use behavioral trustbased access decision agents to allocate user roles based on the user trust level and the principle of least privilege, formulating and implementing access decisions. The IoT controller dynamically adjusts user resource access permissions based on trust measurement results, and achieves dynamic adjustment of user distribution terminal IoT resource access permissions by sending flow tables. The experimental results show that this method can accurately control the shared access of IoT data, and has more comprehensive performance. It has the least redundant permissions while completing user access tasks, which not only meets user access requirements but also ensures network data security.
    A Blockchain Access Control Model for Grain Traceability Based on #br# Zerotrust Mechanism#br#
    2024, 10(10):  944. 
    Asbtract ( )   PDF (2180KB) ( )  
    References | Related Articles | Metrics
    Aiming at the problems of malicious access, untrustworthy data sources, and identity forgery in the existing blockchainbased grain traceability model, a blockchain access control model for grain traceability based on a zerotrust mechanism is proposed. Based on the zerotrust security model and the concept of “never trust, always verify”, the blockchain is combined with tokenbased access control (TBAC). Using tokens as credentials to access resources, while introducing user trust analysis, establishing a dynamic and flexible authorization mechanism to achieve finegrained access control. Adding the blockchain smart contract to guarantee the automatic and trustworthy judgment of access control, TBAC is utilized to realize tokenbased access control; secondly, based on the user’s access behavior, Fuzzy Hierarchical Hierarchy Analysis (FAHP) is used so as to obtain the calculation method of the user’s trust value and to design the corresponding access control policy. Experimental results show that the method can correctly and efficiently respond to access requests, and dynamically grant users access rights on the basis of ensuring effective access to grain traceability data, realizing safe and reliable data access control.
    A Paillier Optimization Algorithm Combining Multiple Prime Numbers  and Public Modules#br#
    2024, 10(10):  952. 
    Asbtract ( )   PDF (1247KB) ( )  
    References | Related Articles | Metrics
    Skyline query is designed to select a set of suitable points from a large number of data points, which provides a key technique for multiobjective optimization of locationoriented objects. Plaintext Skyline query will cause data leakage. Homomorphic encryption Paillier is adopted to protect data and implement ciphertext Skyline query. To address the low efficiency of the Paillier encryption and decryption the MPGPaillier (multiple primegenerator Paillier) algorithm, which is combined with multiple primes and common modules, is proposed to prove the correctness and security of the algorithm. Experimental comparison and analysis show that MPGPaillier has significant improvement over Paillier and MPPaillier (multiple primePaillier) algorithms in terms of encryption and decryption efficiency.
    A Federated Learning Privacy Protection Method for Multikey Homomorphic  Encryption in the Internet of Things
    2024, 10(10):  958. 
    Asbtract ( )   PDF (1704KB) ( )  
    References | Related Articles | Metrics
    With federated learning, multiple distributed IoT devices can jointly train a global model by updating the transmission model without leaking raw data. However, federated learning systems are susceptible to model inference attacks, resulting in compromised system robustness and data privacy. A federated learning privacy protection method for multikey homomorphic encryption in the Internet of Things is proposed to address the issues of existing federated learning solutions being unable to protect the confidentiality of shared gradients and resisting collusion attacks initiated by clients and servers. This method utilizes multikey homomorphic encryption to achieve gradient update confidentiality protection. Firstly, by using proxy reencryption technology, the ciphertext under different public keys is converted into encrypted data under the public key, ensuring that the cloud server can decrypt the gradient ciphertext. Then, IoT devices use their own public key and random secret factor to encrypt local gradient data, which can resist collusion attacks initiated by malicious devices and servers. Secondly, an identity authentication method based on hybrid cryptography was designed to achieve realtime verification of the identities of participants in federated modeling. In addition, in order to further reduce client computing costs, some decryption calculations are coordinated with trusted servers for computation, and users only need a small amount of computation. A comprehensive analysis was conducted on the proposed solution to evaluate its safety and efficiency. The results indicate that the proposed scheme meets the expected security requirements. Experimental simulation shows that compared to existing schemes, this scheme has lower computational overhead and can achieve faster and more accurate model training.
    Privacypreserving Scheme for SVM Training Based on Minibatch SGD
    2024, 10(10):  967. 
    Asbtract ( )   PDF (1350KB) ( )  
    References | Related Articles | Metrics
    When using a support vector machine (SVM) to process sensitive data, privacy protection is very important. The existing SVM privacypreserving schemes are trained based on batch gradient descent (BGD) algorithm, and they have huge computational overhead. To solve this problem, this paper proposed a privacypreserving scheme for SVM training based on minibatch stochastic gradient descent (Minibatch SGD). Firstly, it designed the SVM training algorithm based on Minibatch SGD. Then, on this basis, it perturbed the model weights by multiplication, used the hardness assumption of integer factorization to ensure the privacy of the model, engaged the homomorphic cryptosystem to encrypt the data, performed SVM training, and then applied the homomorphic hash function for verification. Finally, it constructed the SVM privacypreserving scheme. Against security threats, the paper demonstrated data privacy, model privacy, and model correctness. It carried out simulation experiments and analysis of the scheme. The results show that the proposed scheme can save 92.4% of the computation time on average, while the classification performance is close to the existing schemes.
    Research on Security Risk and Governance Path of Large Models
    2024, 10(10):  975. 
    Asbtract ( )   PDF (1104KB) ( )  
    References | Related Articles | Metrics