Optimal Federation Method for Embedding Internet of Things in Software-Defined Perimeter

Palmo, Yangchen; Tanimoto, Shigeaki; Satō, Hiroyuki; Kanai, Atsushi

doi:10.1109/mce.2022.3207862

Cited by 7 publications

(3 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A ZT-based framework for the IC design process to counter insider threats is proposed in [14]. Palmo et al in [22] proposed a method to securely embed resource-limiting IoT devices within software-defined perimeter (SDP), a ZT model proposed by the cloud security alliance (CSA). The use of endogenous security concepts to improve the internal structure of the ZT security model is proposed in [23].…”

Section: Insider Threatsmentioning

confidence: 99%

Light-Weight Security Protocol and Data Model for Chip-to-Chip Zero-Trust

2023

View full text Add to dashboard Cite

The semiconductor supply chain is vulnerable to multiple security attacks, such as hardware Trojan injection, intellectual property theft, and overproduction. The notion of zero-trust (ZT) -never trust, always verify -offers a promising opportunity for chip security by authenticating integrated circuits (ICs) when they are connected to critical computing systems. Before exchanging any data, the system establishes trust with the chip using industry security protocols. In this paper, we propose using the secure protocol and data model (SPDM) to establish chip-to-chip (C2C)-ZT communications. Furthermore, we present formal models for this solution and verify these models using state-of-the-art formal verification tools. The results show that the SPDM meets the requirements of the ZT architecture and can be used as a foundation for secure C2C interconnection. INDEX TERMSSecure protocol and data model (SPDM), automatic verification of internet security protocols and applications (AVISPA), secure protocol animator (SPAN), formal verification (FV). I. INTRODUCTIONASHFAQ AHMED (Senior Member, IEEE) received the M.S. and Ph.D. degrees from the

show abstract

Section: Insider Threatsmentioning

confidence: 99%

Light-Weight Security Protocol and Data Model for Chip-to-Chip Zero-Trust

2023

View full text Add to dashboard Cite

show abstract

“…To use blockchain technology to achieve zero trust for IoT, researchers are also attempting to optimize existing ZTAs and zero trust technologies. Palmo et al [50] found that ensuring the reliability of IoT itself is critical when embedding IoT devices into SDPs. In this regard, they analysed the federation evaluation method of the IoT gateway, federation evaluation method of identity provider (IdP) and federation evaluation method of certification authority.…”

Section: Application Of Zero Trust In the Iot Environmentmentioning

confidence: 99%

Theory and Application of Zero Trust Security: A Brief Survey

Kang,

Liu,

Wang

et al. 2023

Entropy

View full text Add to dashboard Cite

As cross-border access becomes more frequent, traditional perimeter-based network security models can no longer cope with evolving security requirements. Zero trust is a novel paradigm for cybersecurity based on the core concept of “never trust, always verify”. It attempts to protect against security risks related to internal threats by eliminating the demarcations between the internal and external network of traditional network perimeters. Nevertheless, research on the theory and application of zero trust is still in its infancy, and more extensive research is necessary to facilitate a deeper understanding of the paradigm in academia and the industry. In this paper, trust in cybersecurity is discussed, following which the origin, concepts, and principles related to zero trust are elaborated on. The characteristics, strengths, and weaknesses of the existing research are analysed in the context of zero trust achievements and their technical applications in Cloud and IoT environments. Finally, to support the development and application of zero trust in the future, the concept and its current challenges are analysed.

show abstract

“…The framework uses SDP to protect the security of the cloud and the inner layer of system by rejecting all unauthorized edge traffic. Y.-C. Palmo, et al [22] investigated and evaluated several federation methods to embed IoT devices into SDP and found that the identity provider (IdP) is the most effective methods. However, the IdP will costs lots of computing and storage resources to store the identity of the terminal.…”

Section: Related Workmentioning

confidence: 99%

Research on the Security Protection of Secondary Distribution System Based on Software defined Perimeters

Erxia Li,

Yuling Li

et al. 2023

Journal of Computers

View full text Add to dashboard Cite

<p>With the new technologies including big data, cloud computing, the Internet of Things (IoT), mobile Internet, and Artificial Intelligence (AI) coming into widespread in the secondary distribution system, it makes the network boundary more fuzzy, and the network security risk points and exposed surfaces significantly increase. Therefore, the traditional boundary-based security protection model has been unable to meet the protection needs. As one of the most popular security concepts at present, the zero trust mechanism can achieve the dynamic protection of information intranets. Based on the concept of zero trust security and software defined perimeter (SDP) technology, this paper designs and implements a security scheme suitable for the secondary distribution system and proposes a novel identity authentication model which can solve the problems of port exposure that existed in the traditional authentication scheme. In addition, the model applies the SM9 identification algorithm to reduce the computational cost of the encryption and decryption in the proposed scheme. Finally, the performance analysis demonstrates that the proposed scheme is effective and suitable for the secondary distribution system which can effectively resist multiple types of network attacks.</p> <p> </p>

show abstract

Optimal Federation Method for Embedding Internet of Things in Software-Defined Perimeter

Cited by 7 publications

References 11 publications

Light-Weight Security Protocol and Data Model for Chip-to-Chip Zero-Trust

Light-Weight Security Protocol and Data Model for Chip-to-Chip Zero-Trust

Theory and Application of Zero Trust Security: A Brief Survey

Research on the Security Protection of Secondary Distribution System Based on Software defined Perimeters

Contact Info

Product

Resources

About