TY - GEN
T1 - Authentication and Authorization in Zero Trust IoT
T2 - 35th Irish Systems and Signals Conference, ISSC 2024
AU - James, Meha
AU - Newe, Thomas
AU - O'Shea, Donna
AU - O'Mahony, George D.
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - A critical challenge in implementing Zero trust (ZT) in Internet of Things (IoT) environments is ensuring secure authentication and authorization mechanisms. The work in this article delves into the intricate realm of ZT by critically examining the state-of-the-art authentication and authorization processes within the ZT framework for IoT. Despite the wealth of work on ZT and Zero Trust Architecture (ZTA), notable research gaps persist, specifically in identity authentication and fine-grained access control. Given the vast and diverse ecosystem of IoT devices, device identification complexities arise from a lack of unique hardware identifiers, rendering traditional methods susceptible to cyber-attacks, such as, spoofing. For dynamic IoT environments, achieving the optimal implementation in access policies poses a significant challenge. Numerous ZTA methodologies, integrating access controls, blockchain frameworks, and advancements in Artificial Intelligence (AI) and Machine Learning (ML), have been implemented to tackle these challenges. However, research gaps remain, particularly in understanding the behavioral aspects within these frameworks. As a result, this article focuses on identifying how device behavioral aspects can improve authentication and authorization in ZT for IoT. Finally, the article concludes by highlighting how these challenges can serve as future research directions.
AB - A critical challenge in implementing Zero trust (ZT) in Internet of Things (IoT) environments is ensuring secure authentication and authorization mechanisms. The work in this article delves into the intricate realm of ZT by critically examining the state-of-the-art authentication and authorization processes within the ZT framework for IoT. Despite the wealth of work on ZT and Zero Trust Architecture (ZTA), notable research gaps persist, specifically in identity authentication and fine-grained access control. Given the vast and diverse ecosystem of IoT devices, device identification complexities arise from a lack of unique hardware identifiers, rendering traditional methods susceptible to cyber-attacks, such as, spoofing. For dynamic IoT environments, achieving the optimal implementation in access policies poses a significant challenge. Numerous ZTA methodologies, integrating access controls, blockchain frameworks, and advancements in Artificial Intelligence (AI) and Machine Learning (ML), have been implemented to tackle these challenges. However, research gaps remain, particularly in understanding the behavioral aspects within these frameworks. As a result, this article focuses on identifying how device behavioral aspects can improve authentication and authorization in ZT for IoT. Finally, the article concludes by highlighting how these challenges can serve as future research directions.
KW - Access Control
KW - Authentication
KW - Authorization
KW - Behavioral Aspects
KW - Zero Trust
KW - Zero Trust Architectures
KW - ─IoT networks
UR - http://www.scopus.com/inward/record.url?scp=85201151785&partnerID=8YFLogxK
U2 - 10.1109/ISSC61953.2024.10603175
DO - 10.1109/ISSC61953.2024.10603175
M3 - Conference contribution
AN - SCOPUS:85201151785
T3 - Proceedings of the 35th Irish Systems and Signals Conference, ISSC 2024
BT - Proceedings of the 35th Irish Systems and Signals Conference, ISSC 2024
A2 - Zheng, Huiru
A2 - Cleland, Ian
A2 - Moore, Adrian
A2 - Wang, Haiying
A2 - Glass, David
A2 - Rafferty, Joe
A2 - Bond, Raymond
A2 - Wallace, Jonathan
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 13 June 2024 through 14 June 2024
ER -