Pub Date : 2025-04-15DOI: 10.1109/JSAC.2025.3559116
Hongru Li;Jiawei Shao;Hengtao He;Shenghui Song;Jun Zhang;Khaled B. Letaief
Task-oriented communication aims to extract and transmit task-relevant information to significantly reduce the communication overhead and transmission latency. However, the unpredictable distribution shifts between training and test data, including domain shift and semantic shift, can dramatically undermine the system performance. In order to tackle these challenges, it is crucial to ensure that the encoded features can generalize to domain-shifted data and detect semantic-shifted data, while remaining compact for transmission. In this paper, we propose a novel approach based on the information bottleneck (IB) principle and invariant risk minimization (IRM) framework. The proposed method aims to extract compact and informative features that possess high capability for effective domain-shift generalization and accurate semantic-shift detection without any knowledge of the test data during training. Specifically, we propose an invariant feature encoding approach based on the IB principle and IRM framework for domain-shift generalization, which aims to find the causal relationship between the input data and task result by minimizing the complexity and domain dependence of the encoded feature. Furthermore, we enhance the task-oriented communication with the label-dependent feature encoding approach for semantic-shift detection which achieves joint gains in IB optimization and detection performance. To avoid the intractable computation of the IB-based objective, we leverage variational approximation to derive a tractable upper bound for optimization. Extensive simulation results on image classification tasks demonstrate that the proposed scheme outperforms state-of-the-art approaches and achieves a better rate-distortion tradeoff.
{"title":"Tackling Distribution Shifts in Task-Oriented Communication With Information Bottleneck","authors":"Hongru Li;Jiawei Shao;Hengtao He;Shenghui Song;Jun Zhang;Khaled B. Letaief","doi":"10.1109/JSAC.2025.3559116","DOIUrl":"10.1109/JSAC.2025.3559116","url":null,"abstract":"Task-oriented communication aims to extract and transmit task-relevant information to significantly reduce the communication overhead and transmission latency. However, the <italic>unpredictable</i> distribution shifts between training and test data, including <italic>domain shift</i> and <italic>semantic shift</i>, can dramatically undermine the system performance. In order to tackle these challenges, it is crucial to ensure that the encoded features can generalize to <italic>domain-shifted</i> data and detect <italic>semantic-shifted</i> data, while remaining compact for transmission. In this paper, we propose a novel approach based on the information bottleneck (IB) principle and invariant risk minimization (IRM) framework. The proposed method aims to extract compact and informative features that possess high capability for effective <italic>domain-shift generalization</i> and accurate <italic>semantic-shift detection</i> without any knowledge of the test data during training. Specifically, we propose an invariant feature encoding approach based on the IB principle and IRM framework for <italic>domain-shift</i> generalization, which aims to find the causal relationship between the input data and task result by minimizing the complexity and domain dependence of the encoded feature. Furthermore, we enhance the task-oriented communication with the label-dependent feature encoding approach for <italic>semantic-shift detection</i> which achieves joint gains in IB optimization and detection performance. To avoid the intractable computation of the IB-based objective, we leverage variational approximation to derive a tractable upper bound for optimization. Extensive simulation results on image classification tasks demonstrate that the proposed scheme outperforms state-of-the-art approaches and achieves a better rate-distortion tradeoff.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 7","pages":"2667-2683"},"PeriodicalIF":0.0,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10964522","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143836716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-15DOI: 10.1109/JSAC.2025.3560012
Xiaokang Zhou;Wei Liang;Kevin I-Kai Wang;Katsutoshi Yada;Laurence T. Yang;Jianhua Ma;Qun Jin
The rapid development and usage of digital technologies in modern intelligent systems and applications bring critical challenges on data security and privacy. It is essential to allow cross-organizational data sharing to achieve smart service provisioning, while preventing unauthorized access and data leak to ensure end users’ efficient and secure collaborations. Federated Learning (FL) offers a promising pathway to enable innovative collaboration across multiple organizations. However, more stringent security policies are needed to ensure authenticity of participating entities, safeguard data during communication, and prevent malicious activities. In this paper, we propose a Decentralized Federated Graph Learning (FGL) with Lightweight Zero Trust Architecture (ZTA) model, named DFGL-LZTA, to provide context-aware security with dynamic defense policy update, while maintaining computational and communication efficiency in resource-constrained environments, for highly distributed and heterogeneous systems in next-generation networking. Specifically, with a re-designed lightweight ZTA, which leverages adaptive privacy preservation and reputation-based aggregation together to tackle multi-level security threats (e.g., data-level, model-level, and identity-level attacks), a Proximal Policy Optimization (PPO) based Deep Reinforcement Learning (DRL) agent is introduced to enable the real-time and adaptive security policy update and optimization based on contextual features. A hierarchical Graph Attention Network (GAT) mechanism is then improved and applied to facilitate the dynamic subgraph learning in local training with a layer-wise architecture, while a so-called sparse global aggregation scheme is developed to balance the communication efficiency and model robustness in a P2P manner. Experiments and evaluations conducted based on two open-source datasets and one synthetic dataset demonstrate the usefulness of our proposed model in terms of training performance, computational and communication efficiency, and model accuracy, compared with other four state-of-the-art methods for next-generation networking security in modern distributed learning systems.
{"title":"Decentralized Federated Graph Learning With Lightweight Zero Trust Architecture for Next-Generation Networking Security","authors":"Xiaokang Zhou;Wei Liang;Kevin I-Kai Wang;Katsutoshi Yada;Laurence T. Yang;Jianhua Ma;Qun Jin","doi":"10.1109/JSAC.2025.3560012","DOIUrl":"10.1109/JSAC.2025.3560012","url":null,"abstract":"The rapid development and usage of digital technologies in modern intelligent systems and applications bring critical challenges on data security and privacy. It is essential to allow cross-organizational data sharing to achieve smart service provisioning, while preventing unauthorized access and data leak to ensure end users’ efficient and secure collaborations. Federated Learning (FL) offers a promising pathway to enable innovative collaboration across multiple organizations. However, more stringent security policies are needed to ensure authenticity of participating entities, safeguard data during communication, and prevent malicious activities. In this paper, we propose a Decentralized Federated Graph Learning (FGL) with Lightweight Zero Trust Architecture (ZTA) model, named DFGL-LZTA, to provide context-aware security with dynamic defense policy update, while maintaining computational and communication efficiency in resource-constrained environments, for highly distributed and heterogeneous systems in next-generation networking. Specifically, with a re-designed lightweight ZTA, which leverages adaptive privacy preservation and reputation-based aggregation together to tackle multi-level security threats (e.g., data-level, model-level, and identity-level attacks), a Proximal Policy Optimization (PPO) based Deep Reinforcement Learning (DRL) agent is introduced to enable the real-time and adaptive security policy update and optimization based on contextual features. A hierarchical Graph Attention Network (GAT) mechanism is then improved and applied to facilitate the dynamic subgraph learning in local training with a layer-wise architecture, while a so-called sparse global aggregation scheme is developed to balance the communication efficiency and model robustness in a P2P manner. Experiments and evaluations conducted based on two open-source datasets and one synthetic dataset demonstrate the usefulness of our proposed model in terms of training performance, computational and communication efficiency, and model accuracy, compared with other four state-of-the-art methods for next-generation networking security in modern distributed learning systems.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"1908-1922"},"PeriodicalIF":0.0,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143836715","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-15DOI: 10.1109/JSAC.2025.3560036
Xiang Wu;Baowen Zou;Chuanchuan Lu;Lili Wang;Yongting Zhang;Huanhuan Wang
With a growing security threat in wireless communication networks, a promising method for secure next-generation networks is a zero-trust framework focusing on authentication schemes. How to analyze the risks involved in authentication is a challenge. This study quantifies authentication risks within the zero-trust framework and introduces a privacy domain prevention-control theory. The theory encompasses dynamic privacy risk assessment, intelligent risk classification, and automated selection of privacy protection schemes. First, a dynamic privacy risk assessment method, based on physical entity relationships, is proposed to evaluate all privacy risks. Second, a five-category risk classification method is designed to categorize privacy risks, facilitating the selection of prevention-control schemes, with its rationality mathematically validated. Additionally, an Analytical Hierarchy Process (AHP)-based method is introduced to guide the optimal selection of prevention-control schemes for various scenarios. Finally, the practical application of the theory in medicine multi-modal computing scene of wireless body area networks demonstrates its effectiveness. The experimental results also show the superiority and feasibility of the proposed methods.
{"title":"Dynamic Security Computing Framework With Zero Trust Based on Privacy Domain Prevention and Control Theory","authors":"Xiang Wu;Baowen Zou;Chuanchuan Lu;Lili Wang;Yongting Zhang;Huanhuan Wang","doi":"10.1109/JSAC.2025.3560036","DOIUrl":"10.1109/JSAC.2025.3560036","url":null,"abstract":"With a growing security threat in wireless communication networks, a promising method for secure next-generation networks is a zero-trust framework focusing on authentication schemes. How to analyze the risks involved in authentication is a challenge. This study quantifies authentication risks within the zero-trust framework and introduces a privacy domain prevention-control theory. The theory encompasses dynamic privacy risk assessment, intelligent risk classification, and automated selection of privacy protection schemes. First, a dynamic privacy risk assessment method, based on physical entity relationships, is proposed to evaluate all privacy risks. Second, a five-category risk classification method is designed to categorize privacy risks, facilitating the selection of prevention-control schemes, with its rationality mathematically validated. Additionally, an Analytical Hierarchy Process (AHP)-based method is introduced to guide the optimal selection of prevention-control schemes for various scenarios. Finally, the practical application of the theory in medicine multi-modal computing scene of wireless body area networks demonstrates its effectiveness. The experimental results also show the superiority and feasibility of the proposed methods.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2266-2278"},"PeriodicalIF":0.0,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143836721","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zero trust is a security paradigm whose fundamental philosophy is that every access to a resource must be explicitly verified, without assuming trust based on origin or identity. In a federated environment composed of multiple domains, ensuring zero trust guarantees for accessing shared resources is a challenge, as information on requesters is generated by their originating domain, yet requires explicit verification from the domain owning the resource. This paper proposes a method for federating zero trust architectures, ensuring the preservation of zero trust guarantees when accessing federated resources. The proposed approach relies on remote attestation, enabling continuous authentication and monitoring of requesters, without requiring intrusive software installations on every device within the federation. Moreover, this paper proposes a proof-of-concept architecture that combines several open-source products, to build an architecture with advanced zero trust maturity level. The feasibility of the proposed federation method is demonstrated through this proof-of-concept, providing detailed information on the federation procedure and its implementation.
{"title":"Building a Zero Trust Federation","authors":"Alexandre Poirrier;Laurent Cailleux;Thomas Heide Clausen","doi":"10.1109/JSAC.2025.3560014","DOIUrl":"10.1109/JSAC.2025.3560014","url":null,"abstract":"Zero trust is a security paradigm whose fundamental philosophy is that every access to a resource must be explicitly verified, without assuming trust based on origin or identity. In a federated environment composed of multiple domains, ensuring zero trust guarantees for accessing shared resources is a challenge, as information on requesters is generated by their originating domain, yet requires explicit verification from the domain owning the resource. This paper proposes a method for federating zero trust architectures, ensuring the preservation of zero trust guarantees when accessing federated resources. The proposed approach relies on remote attestation, enabling continuous authentication and monitoring of requesters, without requiring intrusive software installations on every device within the federation. Moreover, this paper proposes a proof-of-concept architecture that combines several open-source products, to build an architecture with advanced zero trust maturity level. The feasibility of the proposed federation method is demonstrated through this proof-of-concept, providing detailed information on the federation procedure and its implementation.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2113-2125"},"PeriodicalIF":0.0,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143831759","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The rapid evolution of blockchain has established it as a critical enabler for decentralized zero-trust services and networks. Without relying on traditional trust mechanisms such as pre-established mutual trust or central authentication, blockchain facilitates trust-free services via smart contract. Smart contracts offer verifiable software trust for various blockchain-enabled services (BESs) while protecting participants’ interests. However, the impact of blockchain on BES remains underexplored and unclear. In this work, we consider a general BES framework suitable for diverse decentralized zero-trust services and assess the role of blockchain in BES. We first build an $M/G/1$ -type queuing model for BES and establish the stability conditions using matrix analytic methods. Based on the stability conditions, we identify the blockchain scalability and server capability as two critical bottlenecks of BES. We further use a tandem queuing model to describe the BES latency of the assembling and service phases. We analytically characterize the properties such as the convexity of service-phase latency with respect to traffic intensity, and highlight the BES pooling effects from traffic offloading and resource sharing. At last, we verify our conclusions through simulations and explore potential pathways for more efficient BES frameworks.
{"title":"Blockchain-Enabled Decentralized Services and Networks: Assessing Roles and Impacts","authors":"Xintong Ling;Yuwei Le;Shiyi Chen;Jiaheng Wang;Xiaoyang Zhou","doi":"10.1109/JSAC.2025.3560044","DOIUrl":"10.1109/JSAC.2025.3560044","url":null,"abstract":"The rapid evolution of blockchain has established it as a critical enabler for decentralized zero-trust services and networks. Without relying on traditional trust mechanisms such as pre-established mutual trust or central authentication, blockchain facilitates trust-free services via smart contract. Smart contracts offer verifiable software trust for various blockchain-enabled services (BESs) while protecting participants’ interests. However, the impact of blockchain on BES remains underexplored and unclear. In this work, we consider a general BES framework suitable for diverse decentralized zero-trust services and assess the role of blockchain in BES. We first build an <inline-formula> <tex-math>$M/G/1$ </tex-math></inline-formula>-type queuing model for BES and establish the stability conditions using matrix analytic methods. Based on the stability conditions, we identify the blockchain scalability and server capability as two critical bottlenecks of BES. We further use a tandem queuing model to describe the BES latency of the assembling and service phases. We analytically characterize the properties such as the convexity of service-phase latency with respect to traffic intensity, and highlight the BES pooling effects from traffic offloading and resource sharing. At last, we verify our conclusions through simulations and explore potential pathways for more efficient BES frameworks.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2141-2154"},"PeriodicalIF":0.0,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143831720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-14DOI: 10.1109/JSAC.2025.3559122
Rajesh Mishra;Syed Jafar;Sriram Vishwanath;Hyeji Kim
In this paper, we consider a K-user interference channel where interference among the users is neither too strong nor too weak, a scenario that is relatively underexplored in the literature. We propose a novel deep learning-based approach to design the encoder and decoder functions that aim to maximize the sumrate of the interference channel for discrete constellations. We first consider the MaxSINR algorithm, a state-of-the-art linear scheme for Gaussian inputs, as the baseline and then propose a modified version of the algorithm for discrete inputs. We then propose a neural network-based approach that learns a non-linear constellation mapping with the objective of maximizing the sumrate. We provide numerical results to show that the constellations learned by the neural network-based approach provide enhanced alignments, not just in beamforming directions but also in terms of the effective constellation at the receiver, thereby leading to improved sum-rate performance.
{"title":"Enhancing K-User Interference Alignment for Discrete Constellations via Learning","authors":"Rajesh Mishra;Syed Jafar;Sriram Vishwanath;Hyeji Kim","doi":"10.1109/JSAC.2025.3559122","DOIUrl":"10.1109/JSAC.2025.3559122","url":null,"abstract":"In this paper, we consider a <italic>K</i>-user interference channel where interference among the users is neither too strong nor too weak, a scenario that is relatively underexplored in the literature. We propose a novel deep learning-based approach to design the encoder and decoder functions that aim to maximize the sumrate of the interference channel for discrete constellations. We first consider the MaxSINR algorithm, a state-of-the-art linear scheme for Gaussian inputs, as the baseline and then propose a modified version of the algorithm for discrete inputs. We then propose a neural network-based approach that learns a non-linear constellation mapping with the objective of maximizing the sumrate. We provide numerical results to show that the constellations learned by the neural network-based approach provide enhanced alignments, not just in beamforming directions but also in terms of the effective constellation at the receiver, thereby leading to improved sum-rate performance.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 7","pages":"2405-2416"},"PeriodicalIF":0.0,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143831761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-14DOI: 10.1109/JSAC.2025.3560040
Manh Tien Anh Nguyen;Van Tong;Sondes Bannour Souihi;Sami Souihi
Web applications have become integral to daily life due to the migration of applications and data to cloud-based platforms, increasing their vulnerability to attacks. This paper addresses the need for robust intrusion detection systems by proposing a system grounded in Zero Trust architecture, which mandates continuous monitoring and multi-layered defenses. The Zero Trust principles ensure ongoing threat assessment and comprehensive protection against various attack vectors. Building on these foundational Zero Trust principles, our study introduces a system designed to not only distinguish normal HTTP requests from well-known attack patterns but also detect emerging types of anomalous attacks. Our system consists of two models that integrate Natural Language Processing approaches, Deep Learning techniques, and Transfer Learning strategies. The first model is employed to detect new anomalous HTTP requests that differ from normal requests. HTTP requests identified as anomalous are transmitted to the second model in charge of classifying specific categories of both well-known and novel attacks. Experiments show that our end-to-end system achieves the average F1-score of 89% on the combination of the CAPEC dataset and the zero-shot CSIC dataset. The proposed system proves also to be able to identify anomalous requests with a minimal latency of 4.8 milliseconds in production settings.
{"title":"Zero Trust: Deep Learning and NLP for HTTP Anomaly Detection in IDS","authors":"Manh Tien Anh Nguyen;Van Tong;Sondes Bannour Souihi;Sami Souihi","doi":"10.1109/JSAC.2025.3560040","DOIUrl":"10.1109/JSAC.2025.3560040","url":null,"abstract":"Web applications have become integral to daily life due to the migration of applications and data to cloud-based platforms, increasing their vulnerability to attacks. This paper addresses the need for robust intrusion detection systems by proposing a system grounded in Zero Trust architecture, which mandates continuous monitoring and multi-layered defenses. The Zero Trust principles ensure ongoing threat assessment and comprehensive protection against various attack vectors. Building on these foundational Zero Trust principles, our study introduces a system designed to not only distinguish normal HTTP requests from well-known attack patterns but also detect emerging types of anomalous attacks. Our system consists of two models that integrate Natural Language Processing approaches, Deep Learning techniques, and Transfer Learning strategies. The first model is employed to detect new anomalous HTTP requests that differ from normal requests. HTTP requests identified as anomalous are transmitted to the second model in charge of classifying specific categories of both well-known and novel attacks. Experiments show that our end-to-end system achieves the average F1-score of 89% on the combination of the CAPEC dataset and the zero-shot CSIC dataset. The proposed system proves also to be able to identify anomalous requests with a minimal latency of 4.8 milliseconds in production settings.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2215-2229"},"PeriodicalIF":0.0,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143831760","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-11DOI: 10.1109/JSAC.2025.3560039
Shiva Raj Pokhrel;Gang Li;Robin Doss;Surya Nepal
Next-generation networks demand security that evolves as fast as threats do. Our pioneering decentralized Zero Trust Architecture (dZTA), proposed in this paper, redefines protection for IoT and remote collaboration, merging Zero Trust’s ironclad access controls with blockchain’s transparency and federated learning’s privacy-first analytics. Unlike traditional models, dZTA enforces security at every layer: a distributed policy engine eliminates single points of failure, cross-network analytics optimize WiFi-8, satellite, and 6G performance under real-world stressors, and anti-leakage protocols safeguard IoT ecosystems. Rigorous real-world simulations confirm dZTA’s dual triumph—uncompromising security and seamless efficiency—proving its readiness to secure tomorrow’s hyperconnected world.
{"title":"Toward Decentralized Operationalization of Zero Trust Architecture for Next Generation Networks","authors":"Shiva Raj Pokhrel;Gang Li;Robin Doss;Surya Nepal","doi":"10.1109/JSAC.2025.3560039","DOIUrl":"10.1109/JSAC.2025.3560039","url":null,"abstract":"Next-generation networks demand security that evolves as fast as threats do. Our pioneering decentralized Zero Trust Architecture (dZTA), proposed in this paper, redefines protection for IoT and remote collaboration, merging Zero Trust’s ironclad access controls with blockchain’s transparency and federated learning’s privacy-first analytics. Unlike traditional models, dZTA enforces security at every layer: a distributed policy engine eliminates single points of failure, cross-network analytics optimize WiFi-8, satellite, and 6G performance under real-world stressors, and anti-leakage protocols safeguard IoT ecosystems. Rigorous real-world simulations confirm dZTA’s dual triumph—uncompromising security and seamless efficiency—proving its readiness to secure tomorrow’s hyperconnected world.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"1998-2010"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security and privacy on the Internet rely on the Public Key Infrastructure (PKI), which is based on unlimited trust in a set of predefined certification authorities included in the users’ root stores. However, the architecture of the PKI is no longer appropriate for the current threat landscape and security principles. Specifically, the implicit and permanent trust given to certification authorities collides with the rising zero trust approach, a cyber-security model that mandates that trust must never be granted implicitly or permanently to any entity. This work offers a zero trust perspective on the PKI and root store composition. Using navigation datasets collected from users’ browsers and passive monitors, we analyze their actual needs and identify the portion of root stores that are useful for their activity. We propose several zero trust policies to manage root stores that shrink the large perimeter of trust allowed by commercial root stores. Our experiments show that less than half of the root certificates included in the Mozilla root store are indeed used for navigation, while only 14 cover 99% of the traffic of our users. Moreover, implementing such policies requires little effort for a company, providing a practical way for managing root stores with up-to-date security principles.
{"title":"A Zero Trust Data-Driven Perspective on PKI Root Stores","authors":"Mauro Farina;Damiano Ravalico;Martino Trevisan;Alberto Bartoli","doi":"10.1109/JSAC.2025.3560006","DOIUrl":"10.1109/JSAC.2025.3560006","url":null,"abstract":"Security and privacy on the Internet rely on the Public Key Infrastructure (PKI), which is based on unlimited trust in a set of predefined certification authorities included in the users’ root stores. However, the architecture of the PKI is no longer appropriate for the current threat landscape and security principles. Specifically, the implicit and permanent trust given to certification authorities collides with the rising zero trust approach, a cyber-security model that mandates that trust must never be granted implicitly or permanently to any entity. This work offers a zero trust perspective on the PKI and root store composition. Using navigation datasets collected from users’ browsers and passive monitors, we analyze their actual needs and identify the portion of root stores that are useful for their activity. We propose several zero trust policies to manage root stores that shrink the large perimeter of trust allowed by commercial root stores. Our experiments show that less than half of the root certificates included in the Mozilla root store are indeed used for navigation, while only 14 cover 99% of the traffic of our users. Moreover, implementing such policies requires little effort for a company, providing a practical way for managing root stores with up-to-date security principles.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2200-2214"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Federated Learning (FL) allows healthcare organizations to train models using diverse datasets while maintaining patient confidentiality collaboratively. While promising, FL faces challenges in optimizing model accuracy and communication efficiency. To address these, we propose an algorithm that combines feature selection with synthetic data generation, specifically targeting medical datasets. Our method eliminates irrelevant local features, identifies globally relevant ones, and uses synthetic data to initialize model parameters, improving convergence. It also employs a zero-trust model, ensuring that data remain on local devices and only learned weights are shared with the central server, enhancing security. The algorithm improves accuracy and computational efficiency, achieving communication efficiency gains of 4 to 14 through backward elimination and threshold variation techniques. Tested on a federated diabetic dataset, the approach demonstrates significant improvements in the performance and trustworthiness of FL systems for medical applications.
{"title":"Enhancing Federated Feature Selection Through Synthetic Data and Zero Trust Integration","authors":"Nisha Thorakkattu Madathil;Saed Alrabaee;Abdelkader Nasreddine Belkacem","doi":"10.1109/JSAC.2025.3560037","DOIUrl":"10.1109/JSAC.2025.3560037","url":null,"abstract":"Federated Learning (FL) allows healthcare organizations to train models using diverse datasets while maintaining patient confidentiality collaboratively. While promising, FL faces challenges in optimizing model accuracy and communication efficiency. To address these, we propose an algorithm that combines feature selection with synthetic data generation, specifically targeting medical datasets. Our method eliminates irrelevant local features, identifies globally relevant ones, and uses synthetic data to initialize model parameters, improving convergence. It also employs a zero-trust model, ensuring that data remain on local devices and only learned weights are shared with the central server, enhancing security. The algorithm improves accuracy and computational efficiency, achieving communication efficiency gains of 4 to 14 through backward elimination and threshold variation techniques. Tested on a federated diabetic dataset, the approach demonstrates significant improvements in the performance and trustworthiness of FL systems for medical applications.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2126-2140"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822737","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: