Verify and trust: A multidimensional survey of zero-trust security in the age of IoT

Azad, Muhammad Ajmal and Abdullah, Sidrah and Arshad, Junaid and Lallie, Harjinder and Ahmed, Yussuf (2024) Verify and trust: A multidimensional survey of zero-trust security in the age of IoT. Internet of Things, 27. p. 101227. ISSN 2542-6605

[thumbnail of 1-s2.0-S2542660524001689-main.pdf]
Preview
Text
1-s2.0-S2542660524001689-main.pdf - Published Version
Available under License Creative Commons Attribution.

Download (2MB)

Abstract

The zero-trust (ZT) model assumes that all users, devices, and network traffic should not considered as trusted until proven. The Zero-trust model emphasizes the importance of verifying and authenticating every user and device, and limiting access to resources based on the principle of least privilege. Under the principle of the zero-trust model, devices are granted access after they have been successfully presented with their authentication credentials and access rights based on different factors, such as user identity, device health, location, and behaviour. Access controls are then continuously evaluated and updated as user properties, locations and behaviour change. The zero-trust model can be applied in various domains (healthcare, manufacturing, financial services, government etc.) to provide a comprehensive approach to cybersecurity that helps organizations to reduce risk and protect critical assets. This paper aims to provide a comprehensive and in-depth analysis of the zero-trust model, its principles, and its applications, as well as to propose recommendations for organizations looking to adopt this approach. We explore the major components of the zero-trust framework and their integration across different practical domains. Finally, we provide insightful discussions on open research issues within the zero-trust model in terms of the security and privacy of users and devices. This paper should help researchers and practitioners understand the importance of a zero-trust framework and adopt the zero-trust model for effective security, privacy, and resilience of their networks.

Item Type: Article
Identification Number: 10.1016/j.iot.2024.101227
Dates:
Date
Event
15 May 2024
Accepted
27 May 2024
Published Online
Uncontrolled Keywords: Blockchain, Zero-trust architecture, Authentication and authorization, Policy-based authorization
Subjects: CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science
Divisions: Faculty of Computing, Engineering and the Built Environment > College of Computing
Depositing User: Gemma Tonks
Date Deposited: 16 Aug 2024 13:56
Last Modified: 16 Aug 2024 13:56
URI: https://www.open-access.bcu.ac.uk/id/eprint/15698

Actions (login required)

View Item View Item

Research

In this section...