Secure enrollment token delivery mechanism for Zero Trust networks using blockchain

IF 0.7 4区计算机科学 Q4 ENGINEERING, ELECTRICAL & ELECTRONIC IEICE Transactions on Communications Pub Date : 2023-01-01 DOI:10.1587/transcom.2022tmp0005

Javier Jose Diaz Rivera, Waleed Akbar, T. Khan, Afaq Muhammad, Wang-Cheol Song

{"title":"Secure enrollment token delivery mechanism for Zero Trust networks using blockchain","authors":"Javier Jose Diaz Rivera, Waleed Akbar, T. Khan, Afaq Muhammad, Wang-Cheol Song","doi":"10.1587/transcom.2022tmp0005","DOIUrl":null,"url":null,"abstract":"SUMMARY Zero Trust Networking (ZTN) is a security model where no default trust is given to entities in a network infrastructure. The first bastion of security for achieving ZTN is strong identity verification. Several standard methods for assuring a robust identity exist (E.g., OAuth2.0, OpenID Connect). These standards employ JSON Web Tokens (JWT) during the authentication process. However, the use of JWT for One Time Token (OTT) enrollment has a latent security issue. A third party can intercept a JWT, and the payload information can be exposed, revealing the details of the enrollment server. Furthermore, an intercepted JWT could be used for enrollment by an impersonator as long as the JWT remains active. Our proposed mechanism aims to secure the ownership of the OTT by including the JWT as encrypted metadata into a Non-Fungible Token (NFT). The mechanism uses the blockchain Public Key of the intended owner for encrypting the JWT. The blockchain assures the JWT ownership by mapping it to the intended owner’s blockchain public address. Our proposed mechanism is applied to an emerging Zero Trust framework (OpenZiti) alongside a permissioned Ethereum blockchain using Hyperledger Besu. The Zero Trust Framework provides enrollment functionality. At the same time, our proposed mechanism based on blockchain and NFT assures the secure distribution of OTTs that is used for the enrollment of identities.","PeriodicalId":50385,"journal":{"name":"IEICE Transactions on Communications","volume":null,"pages":null},"PeriodicalIF":0.7000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEICE Transactions on Communications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1587/transcom.2022tmp0005","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

SUMMARY Zero Trust Networking (ZTN) is a security model where no default trust is given to entities in a network infrastructure. The first bastion of security for achieving ZTN is strong identity verification. Several standard methods for assuring a robust identity exist (E.g., OAuth2.0, OpenID Connect). These standards employ JSON Web Tokens (JWT) during the authentication process. However, the use of JWT for One Time Token (OTT) enrollment has a latent security issue. A third party can intercept a JWT, and the payload information can be exposed, revealing the details of the enrollment server. Furthermore, an intercepted JWT could be used for enrollment by an impersonator as long as the JWT remains active. Our proposed mechanism aims to secure the ownership of the OTT by including the JWT as encrypted metadata into a Non-Fungible Token (NFT). The mechanism uses the blockchain Public Key of the intended owner for encrypting the JWT. The blockchain assures the JWT ownership by mapping it to the intended owner’s blockchain public address. Our proposed mechanism is applied to an emerging Zero Trust framework (OpenZiti) alongside a permissioned Ethereum blockchain using Hyperledger Besu. The Zero Trust Framework provides enrollment functionality. At the same time, our proposed mechanism based on blockchain and NFT assures the secure distribution of OTTs that is used for the enrollment of identities.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

使用区块链的零信任网络的安全注册令牌传递机制

零信任网络(Zero Trust Networking, ZTN)是一种安全模型，在这种模型中，网络基础设施中的实体没有默认的信任。实现ZTN的第一个安全堡垒是强大的身份验证。有几种标准方法可以保证强健的身份(例如，OAuth2.0, OpenID Connect)。这些标准在身份验证过程中使用JSON Web令牌(JWT)。然而，使用JWT进行一次性令牌(OTT)注册有一个潜在的安全问题。第三方可以拦截JWT，并且可以公开有效负载信息，从而揭示注册服务器的详细信息。此外，只要JWT保持活动状态，被截获的JWT就可以被模仿者用于注册。我们提出的机制旨在通过将JWT作为加密元数据包含到不可替代令牌(NFT)中来确保OTT的所有权。该机制使用预期所有者的区块链公钥对JWT进行加密。区块链通过将JWT所有权映射到预期所有者的区块链公共地址来确保JWT所有权。我们提出的机制应用于新兴的零信任框架(OpenZiti)以及使用Hyperledger Besu的许可以太坊区块链。零信任框架提供注册功能。同时，我们提出的基于区块链和NFT的机制保证了用于身份登记的ott的安全分发。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEICE Transactions on Communications 工程技术-电信学

CiteScore

1.40

自引率

28.60%

发文量

101

审稿时长

3.7 months

期刊介绍： The IEICE Transactions on Communications is an all-electronic journal published occasionally by the Institute of Electronics, Information and Communication Engineers (IEICE) and edited by the Communications Society in IEICE. The IEICE Transactions on Communications publishes original, peer-reviewed papers that embrace the entire field of communications, including: - Fundamental Theories for Communications - Energy in Electronics Communications - Transmission Systems and Transmission Equipment for Communications - Optical Fiber for Communications - Fiber-Optic Transmission for Communications - Network System - Network - Internet - Network Management/Operation - Antennas and Propagation - Electromagnetic Compatibility (EMC) - Wireless Communication Technologies - Terrestrial Wireless Communication/Broadcasting Technologies - Satellite Communications - Sensing - Navigation, Guidance and Control Systems - Space Utilization Systems for Communications - Multimedia Systems for Communication