Zero trust is a security paradigm whose fundamental philosophy is that every access to a resource must be explicitly verified, without assuming trust based on origin or identity. In a federated environment composed of multiple domains, ensuring zero trust guarantees for accessing shared resources is a challenge, as information on requesters is generated by their originating domain, yet requires explicit verification from the domain owning the resource. This paper proposes a method for federating zero trust architectures, ensuring the preservation of zero trust guarantees when accessing federated resources. The proposed approach relies on remote attestation, enabling continuous authentication and monitoring of requesters, without requiring intrusive software installations on every device within the federation. Moreover, this paper proposes a proof-of-concept architecture that combines several open-source products, to build an architecture with advanced zero trust maturity level. The feasibility of the proposed federation method is demonstrated through this proof-of-concept, providing detailed information on the federation procedure and its implementation.
{"title":"Building a Zero Trust Federation","authors":"Alexandre Poirrier;Laurent Cailleux;Thomas Heide Clausen","doi":"10.1109/JSAC.2025.3560014","DOIUrl":"10.1109/JSAC.2025.3560014","url":null,"abstract":"Zero trust is a security paradigm whose fundamental philosophy is that every access to a resource must be explicitly verified, without assuming trust based on origin or identity. In a federated environment composed of multiple domains, ensuring zero trust guarantees for accessing shared resources is a challenge, as information on requesters is generated by their originating domain, yet requires explicit verification from the domain owning the resource. This paper proposes a method for federating zero trust architectures, ensuring the preservation of zero trust guarantees when accessing federated resources. The proposed approach relies on remote attestation, enabling continuous authentication and monitoring of requesters, without requiring intrusive software installations on every device within the federation. Moreover, this paper proposes a proof-of-concept architecture that combines several open-source products, to build an architecture with advanced zero trust maturity level. The feasibility of the proposed federation method is demonstrated through this proof-of-concept, providing detailed information on the federation procedure and its implementation.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2113-2125"},"PeriodicalIF":0.0,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143831759","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The rapid evolution of blockchain has established it as a critical enabler for decentralized zero-trust services and networks. Without relying on traditional trust mechanisms such as pre-established mutual trust or central authentication, blockchain facilitates trust-free services via smart contract. Smart contracts offer verifiable software trust for various blockchain-enabled services (BESs) while protecting participants’ interests. However, the impact of blockchain on BES remains underexplored and unclear. In this work, we consider a general BES framework suitable for diverse decentralized zero-trust services and assess the role of blockchain in BES. We first build an $M/G/1$ -type queuing model for BES and establish the stability conditions using matrix analytic methods. Based on the stability conditions, we identify the blockchain scalability and server capability as two critical bottlenecks of BES. We further use a tandem queuing model to describe the BES latency of the assembling and service phases. We analytically characterize the properties such as the convexity of service-phase latency with respect to traffic intensity, and highlight the BES pooling effects from traffic offloading and resource sharing. At last, we verify our conclusions through simulations and explore potential pathways for more efficient BES frameworks.
{"title":"Blockchain-Enabled Decentralized Services and Networks: Assessing Roles and Impacts","authors":"Xintong Ling;Yuwei Le;Shiyi Chen;Jiaheng Wang;Xiaoyang Zhou","doi":"10.1109/JSAC.2025.3560044","DOIUrl":"10.1109/JSAC.2025.3560044","url":null,"abstract":"The rapid evolution of blockchain has established it as a critical enabler for decentralized zero-trust services and networks. Without relying on traditional trust mechanisms such as pre-established mutual trust or central authentication, blockchain facilitates trust-free services via smart contract. Smart contracts offer verifiable software trust for various blockchain-enabled services (BESs) while protecting participants’ interests. However, the impact of blockchain on BES remains underexplored and unclear. In this work, we consider a general BES framework suitable for diverse decentralized zero-trust services and assess the role of blockchain in BES. We first build an <inline-formula> <tex-math>$M/G/1$ </tex-math></inline-formula>-type queuing model for BES and establish the stability conditions using matrix analytic methods. Based on the stability conditions, we identify the blockchain scalability and server capability as two critical bottlenecks of BES. We further use a tandem queuing model to describe the BES latency of the assembling and service phases. We analytically characterize the properties such as the convexity of service-phase latency with respect to traffic intensity, and highlight the BES pooling effects from traffic offloading and resource sharing. At last, we verify our conclusions through simulations and explore potential pathways for more efficient BES frameworks.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2141-2154"},"PeriodicalIF":0.0,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143831720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-14DOI: 10.1109/JSAC.2025.3559122
Rajesh Mishra;Syed Jafar;Sriram Vishwanath;Hyeji Kim
In this paper, we consider a K-user interference channel where interference among the users is neither too strong nor too weak, a scenario that is relatively underexplored in the literature. We propose a novel deep learning-based approach to design the encoder and decoder functions that aim to maximize the sumrate of the interference channel for discrete constellations. We first consider the MaxSINR algorithm, a state-of-the-art linear scheme for Gaussian inputs, as the baseline and then propose a modified version of the algorithm for discrete inputs. We then propose a neural network-based approach that learns a non-linear constellation mapping with the objective of maximizing the sumrate. We provide numerical results to show that the constellations learned by the neural network-based approach provide enhanced alignments, not just in beamforming directions but also in terms of the effective constellation at the receiver, thereby leading to improved sum-rate performance.
{"title":"Enhancing K-User Interference Alignment for Discrete Constellations via Learning","authors":"Rajesh Mishra;Syed Jafar;Sriram Vishwanath;Hyeji Kim","doi":"10.1109/JSAC.2025.3559122","DOIUrl":"10.1109/JSAC.2025.3559122","url":null,"abstract":"In this paper, we consider a <italic>K</i>-user interference channel where interference among the users is neither too strong nor too weak, a scenario that is relatively underexplored in the literature. We propose a novel deep learning-based approach to design the encoder and decoder functions that aim to maximize the sumrate of the interference channel for discrete constellations. We first consider the MaxSINR algorithm, a state-of-the-art linear scheme for Gaussian inputs, as the baseline and then propose a modified version of the algorithm for discrete inputs. We then propose a neural network-based approach that learns a non-linear constellation mapping with the objective of maximizing the sumrate. We provide numerical results to show that the constellations learned by the neural network-based approach provide enhanced alignments, not just in beamforming directions but also in terms of the effective constellation at the receiver, thereby leading to improved sum-rate performance.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 7","pages":"2405-2416"},"PeriodicalIF":0.0,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143831761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-14DOI: 10.1109/JSAC.2025.3560040
Manh Tien Anh Nguyen;Van Tong;Sondes Bannour Souihi;Sami Souihi
Web applications have become integral to daily life due to the migration of applications and data to cloud-based platforms, increasing their vulnerability to attacks. This paper addresses the need for robust intrusion detection systems by proposing a system grounded in Zero Trust architecture, which mandates continuous monitoring and multi-layered defenses. The Zero Trust principles ensure ongoing threat assessment and comprehensive protection against various attack vectors. Building on these foundational Zero Trust principles, our study introduces a system designed to not only distinguish normal HTTP requests from well-known attack patterns but also detect emerging types of anomalous attacks. Our system consists of two models that integrate Natural Language Processing approaches, Deep Learning techniques, and Transfer Learning strategies. The first model is employed to detect new anomalous HTTP requests that differ from normal requests. HTTP requests identified as anomalous are transmitted to the second model in charge of classifying specific categories of both well-known and novel attacks. Experiments show that our end-to-end system achieves the average F1-score of 89% on the combination of the CAPEC dataset and the zero-shot CSIC dataset. The proposed system proves also to be able to identify anomalous requests with a minimal latency of 4.8 milliseconds in production settings.
{"title":"Zero Trust: Deep Learning and NLP for HTTP Anomaly Detection in IDS","authors":"Manh Tien Anh Nguyen;Van Tong;Sondes Bannour Souihi;Sami Souihi","doi":"10.1109/JSAC.2025.3560040","DOIUrl":"10.1109/JSAC.2025.3560040","url":null,"abstract":"Web applications have become integral to daily life due to the migration of applications and data to cloud-based platforms, increasing their vulnerability to attacks. This paper addresses the need for robust intrusion detection systems by proposing a system grounded in Zero Trust architecture, which mandates continuous monitoring and multi-layered defenses. The Zero Trust principles ensure ongoing threat assessment and comprehensive protection against various attack vectors. Building on these foundational Zero Trust principles, our study introduces a system designed to not only distinguish normal HTTP requests from well-known attack patterns but also detect emerging types of anomalous attacks. Our system consists of two models that integrate Natural Language Processing approaches, Deep Learning techniques, and Transfer Learning strategies. The first model is employed to detect new anomalous HTTP requests that differ from normal requests. HTTP requests identified as anomalous are transmitted to the second model in charge of classifying specific categories of both well-known and novel attacks. Experiments show that our end-to-end system achieves the average F1-score of 89% on the combination of the CAPEC dataset and the zero-shot CSIC dataset. The proposed system proves also to be able to identify anomalous requests with a minimal latency of 4.8 milliseconds in production settings.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2215-2229"},"PeriodicalIF":0.0,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143831760","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-11DOI: 10.1109/JSAC.2025.3560039
Shiva Raj Pokhrel;Gang Li;Robin Doss;Surya Nepal
Next-generation networks demand security that evolves as fast as threats do. Our pioneering decentralized Zero Trust Architecture (dZTA), proposed in this paper, redefines protection for IoT and remote collaboration, merging Zero Trust’s ironclad access controls with blockchain’s transparency and federated learning’s privacy-first analytics. Unlike traditional models, dZTA enforces security at every layer: a distributed policy engine eliminates single points of failure, cross-network analytics optimize WiFi-8, satellite, and 6G performance under real-world stressors, and anti-leakage protocols safeguard IoT ecosystems. Rigorous real-world simulations confirm dZTA’s dual triumph—uncompromising security and seamless efficiency—proving its readiness to secure tomorrow’s hyperconnected world.
{"title":"Toward Decentralized Operationalization of Zero Trust Architecture for Next Generation Networks","authors":"Shiva Raj Pokhrel;Gang Li;Robin Doss;Surya Nepal","doi":"10.1109/JSAC.2025.3560039","DOIUrl":"10.1109/JSAC.2025.3560039","url":null,"abstract":"Next-generation networks demand security that evolves as fast as threats do. Our pioneering decentralized Zero Trust Architecture (dZTA), proposed in this paper, redefines protection for IoT and remote collaboration, merging Zero Trust’s ironclad access controls with blockchain’s transparency and federated learning’s privacy-first analytics. Unlike traditional models, dZTA enforces security at every layer: a distributed policy engine eliminates single points of failure, cross-network analytics optimize WiFi-8, satellite, and 6G performance under real-world stressors, and anti-leakage protocols safeguard IoT ecosystems. Rigorous real-world simulations confirm dZTA’s dual triumph—uncompromising security and seamless efficiency—proving its readiness to secure tomorrow’s hyperconnected world.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"1998-2010"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security and privacy on the Internet rely on the Public Key Infrastructure (PKI), which is based on unlimited trust in a set of predefined certification authorities included in the users’ root stores. However, the architecture of the PKI is no longer appropriate for the current threat landscape and security principles. Specifically, the implicit and permanent trust given to certification authorities collides with the rising zero trust approach, a cyber-security model that mandates that trust must never be granted implicitly or permanently to any entity. This work offers a zero trust perspective on the PKI and root store composition. Using navigation datasets collected from users’ browsers and passive monitors, we analyze their actual needs and identify the portion of root stores that are useful for their activity. We propose several zero trust policies to manage root stores that shrink the large perimeter of trust allowed by commercial root stores. Our experiments show that less than half of the root certificates included in the Mozilla root store are indeed used for navigation, while only 14 cover 99% of the traffic of our users. Moreover, implementing such policies requires little effort for a company, providing a practical way for managing root stores with up-to-date security principles.
{"title":"A Zero Trust Data-Driven Perspective on PKI Root Stores","authors":"Mauro Farina;Damiano Ravalico;Martino Trevisan;Alberto Bartoli","doi":"10.1109/JSAC.2025.3560006","DOIUrl":"10.1109/JSAC.2025.3560006","url":null,"abstract":"Security and privacy on the Internet rely on the Public Key Infrastructure (PKI), which is based on unlimited trust in a set of predefined certification authorities included in the users’ root stores. However, the architecture of the PKI is no longer appropriate for the current threat landscape and security principles. Specifically, the implicit and permanent trust given to certification authorities collides with the rising zero trust approach, a cyber-security model that mandates that trust must never be granted implicitly or permanently to any entity. This work offers a zero trust perspective on the PKI and root store composition. Using navigation datasets collected from users’ browsers and passive monitors, we analyze their actual needs and identify the portion of root stores that are useful for their activity. We propose several zero trust policies to manage root stores that shrink the large perimeter of trust allowed by commercial root stores. Our experiments show that less than half of the root certificates included in the Mozilla root store are indeed used for navigation, while only 14 cover 99% of the traffic of our users. Moreover, implementing such policies requires little effort for a company, providing a practical way for managing root stores with up-to-date security principles.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2200-2214"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Federated Learning (FL) allows healthcare organizations to train models using diverse datasets while maintaining patient confidentiality collaboratively. While promising, FL faces challenges in optimizing model accuracy and communication efficiency. To address these, we propose an algorithm that combines feature selection with synthetic data generation, specifically targeting medical datasets. Our method eliminates irrelevant local features, identifies globally relevant ones, and uses synthetic data to initialize model parameters, improving convergence. It also employs a zero-trust model, ensuring that data remain on local devices and only learned weights are shared with the central server, enhancing security. The algorithm improves accuracy and computational efficiency, achieving communication efficiency gains of 4 to 14 through backward elimination and threshold variation techniques. Tested on a federated diabetic dataset, the approach demonstrates significant improvements in the performance and trustworthiness of FL systems for medical applications.
{"title":"Enhancing Federated Feature Selection Through Synthetic Data and Zero Trust Integration","authors":"Nisha Thorakkattu Madathil;Saed Alrabaee;Abdelkader Nasreddine Belkacem","doi":"10.1109/JSAC.2025.3560037","DOIUrl":"10.1109/JSAC.2025.3560037","url":null,"abstract":"Federated Learning (FL) allows healthcare organizations to train models using diverse datasets while maintaining patient confidentiality collaboratively. While promising, FL faces challenges in optimizing model accuracy and communication efficiency. To address these, we propose an algorithm that combines feature selection with synthetic data generation, specifically targeting medical datasets. Our method eliminates irrelevant local features, identifies globally relevant ones, and uses synthetic data to initialize model parameters, improving convergence. It also employs a zero-trust model, ensuring that data remain on local devices and only learned weights are shared with the central server, enhancing security. The algorithm improves accuracy and computational efficiency, achieving communication efficiency gains of 4 to 14 through backward elimination and threshold variation techniques. Tested on a federated diabetic dataset, the approach demonstrates significant improvements in the performance and trustworthiness of FL systems for medical applications.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2126-2140"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822737","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-11DOI: 10.1109/JSAC.2025.3560001
Bin Cao;Xianrui Zhao;Zhihan Lyu
In today’s increasingly complex and dynamic cyber threat environment, Zero Trust Architecture (ZTA) has emerged as a promising solution to address the limitations of traditional intrusion detection methods. While Intrusion Detection Systems (IDS) are essential for safeguarding organizational information assets, traditional methods have the risk of exposing security policies by collecting and utilizing alarm data, potentially revealing attack paths to adversaries. To overcome this challenge, we propose a novel intrusion detection strategy based on ZTA, emphasizing the protection of alarm data privacy. Additionally, we introduce an adaptive sparse connective evolutionary neural architecture search (ASCE-NAS) framework, which enables the automatic evolution of intrusion detection model structures to enhance adaptability and performance in dynamic environments. Notably, ASCE-NAS can also be beneficial for integrated sensing and computing chips and systems, contributing to a more secure and efficient cybersecurity framework to effectively combat evolving threats and attack methods.
{"title":"Evolutionary Intrusion Detection Strategy Under Zero Trust Architecture","authors":"Bin Cao;Xianrui Zhao;Zhihan Lyu","doi":"10.1109/JSAC.2025.3560001","DOIUrl":"10.1109/JSAC.2025.3560001","url":null,"abstract":"In today’s increasingly complex and dynamic cyber threat environment, Zero Trust Architecture (ZTA) has emerged as a promising solution to address the limitations of traditional intrusion detection methods. While Intrusion Detection Systems (IDS) are essential for safeguarding organizational information assets, traditional methods have the risk of exposing security policies by collecting and utilizing alarm data, potentially revealing attack paths to adversaries. To overcome this challenge, we propose a novel intrusion detection strategy based on ZTA, emphasizing the protection of alarm data privacy. Additionally, we introduce an adaptive sparse connective evolutionary neural architecture search (ASCE-NAS) framework, which enables the automatic evolution of intrusion detection model structures to enhance adaptability and performance in dynamic environments. Notably, ASCE-NAS can also be beneficial for integrated sensing and computing chips and systems, contributing to a more secure and efficient cybersecurity framework to effectively combat evolving threats and attack methods.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2100-2112"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zero-trust has emerged as a promising security paradigm for next-generation networks (NGN). However, conventional cryptographic schemes struggle with continuous and dynamic authentication due to their coarse granularity and cumbersome processes. Radio frequency fingerprint identification (RFFI), as a prospective solution, enables physical-layer user-transparent identity authentication. Whereas, facing the dynamic topology and device mobility of NGN, such as Internet of Vehicles (IoV), Drone networks, etc., there exists a current deficiency in addressing the significant performance degradation across different receivers. In this paper, we propose a novel RFFI scheme for zero-trust continuous authentication in dynamic NGN environments, enabling unified high-performance cross-receiver identification. A two-stage unsupervised domain adaptation model is designed to extract receiver-independent transmitter-specific features. The receiver-side impact on RFFI, modeled as domain shift, is addressed through adversarial training for global alignment and local maximum mean discrepancy (LMMD)-based subdomain adaptation for eliminating subdomain confusion. Moreover, we further optimize RFFI through data augmentation to enhance robustness, multi-sample fusion inference to handle dynamic uncertainties, and an adaptive few-sample selection strategy for efficient fine-tuning. Extensive experiments on public datasets demonstrate the excellent performance of our proposed scheme in cross-receiver zero-trust wireless networks.
{"title":"Receiver-Agnostic Radio Frequency Fingerprint Identification for Zero-Trust Wireless Networks","authors":"Kunling Li;Jiazhong Bao;Xin Xie;Jianan Hong;Cunqing Hua","doi":"10.1109/JSAC.2025.3560002","DOIUrl":"10.1109/JSAC.2025.3560002","url":null,"abstract":"Zero-trust has emerged as a promising security paradigm for next-generation networks (NGN). However, conventional cryptographic schemes struggle with continuous and dynamic authentication due to their coarse granularity and cumbersome processes. Radio frequency fingerprint identification (RFFI), as a prospective solution, enables physical-layer user-transparent identity authentication. Whereas, facing the dynamic topology and device mobility of NGN, such as Internet of Vehicles (IoV), Drone networks, etc., there exists a current deficiency in addressing the significant performance degradation across different receivers. In this paper, we propose a novel RFFI scheme for zero-trust continuous authentication in dynamic NGN environments, enabling unified high-performance cross-receiver identification. A two-stage unsupervised domain adaptation model is designed to extract receiver-independent transmitter-specific features. The receiver-side impact on RFFI, modeled as domain shift, is addressed through adversarial training for global alignment and local maximum mean discrepancy (LMMD)-based subdomain adaptation for eliminating subdomain confusion. Moreover, we further optimize RFFI through data augmentation to enhance robustness, multi-sample fusion inference to handle dynamic uncertainties, and an adaptive few-sample selection strategy for efficient fine-tuning. Extensive experiments on public datasets demonstrate the excellent performance of our proposed scheme in cross-receiver zero-trust wireless networks.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"1981-1997"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822676","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In edge computing, the Zero-Trust Security Model (ZTSM), as a key enabling technology for next-generation networks, plays a crucial role in providing authentication for addressing data sharing concerns, such as frequent data breaches, data misuse, and cyberattacks. However, due to the complexity and diversity of edge environments, ZTSM struggles to meet the security requirements of data sharing frameworks solely through enhanced authentication. Consequently, such frameworks with ZTSM still face challenges in ensuring data integrity, evaluating various node behaviors, and coping with the increasing complexity of node attributes. To address these issues, we propose a blockchain-enabled secure, fair and scalable data sharing framework in a zero-trust edge-end environment in this paper. Specifically, we first propose a Merkle forest-based data storage model for the classified storage of loosely coupled data, consequently enhancing the scalability of the model. Then, we design a node behavior-based reputation assessment mechanism to ensure fairness during data sharing. Moreover, a data sharing protocol supervised by smart contract is proposed, working with the aforementioned storage and assessment schemes, to ensure the security of data sharing. Finally, comprehensive security analysis validates the security, fairness and scalability of the proposed framework. Extensive experimental results show that, as transaction volume grows, the time cost of data traversal in the storage model becomes progressively more efficient. Additionally, when the size of the smart contract is increased tenfold, the maximum time cost of the data sharing protocol rises by only 4.98 times.
{"title":"Blockchain-Enabled Secure, Fair, and Scalable Data Sharing in Zero-Trust Edge-End Environment","authors":"Xiaolong Xu;Ke Meng;Haolong Xiang;Guangming Cui;Xiaoyu Xia;Wanchun Dou","doi":"10.1109/JSAC.2025.3560007","DOIUrl":"10.1109/JSAC.2025.3560007","url":null,"abstract":"In edge computing, the Zero-Trust Security Model (ZTSM), as a key enabling technology for next-generation networks, plays a crucial role in providing authentication for addressing data sharing concerns, such as frequent data breaches, data misuse, and cyberattacks. However, due to the complexity and diversity of edge environments, ZTSM struggles to meet the security requirements of data sharing frameworks solely through enhanced authentication. Consequently, such frameworks with ZTSM still face challenges in ensuring data integrity, evaluating various node behaviors, and coping with the increasing complexity of node attributes. To address these issues, we propose a blockchain-enabled secure, fair and scalable data sharing framework in a zero-trust edge-end environment in this paper. Specifically, we first propose a Merkle forest-based data storage model for the classified storage of loosely coupled data, consequently enhancing the scalability of the model. Then, we design a node behavior-based reputation assessment mechanism to ensure fairness during data sharing. Moreover, a data sharing protocol supervised by smart contract is proposed, working with the aforementioned storage and assessment schemes, to ensure the security of data sharing. Finally, comprehensive security analysis validates the security, fairness and scalability of the proposed framework. Extensive experimental results show that, as transaction volume grows, the time cost of data traversal in the storage model becomes progressively more efficient. Additionally, when the size of the smart contract is increased tenfold, the maximum time cost of the data sharing protocol rises by only 4.98 times.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2056-2069"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: