Distributed Identity for Zero Trust and Segmented Access Control: A Novel Approach to Securing Network Infrastructure

• URL: http://arxiv.org/abs/2501.09032v1
• Date: Tue, 14 Jan 2025 00:02:02 GMT
• Title: Distributed Identity for Zero Trust and Segmented Access Control: A Novel Approach to Securing Network Infrastructure
• Authors: Sina Ahmadi,
• Abstract summary: This study assesses security improvements achieved when distributed identity is employed with ZTA principle. The study suggests adopting distributed identities can enhance overall security postures by an order of magnitude. The research recommends refining technical standards, expanding the use of distributed identity in practice, and its applications for the contemporary digital security landscape.
• Score: 4.169915659794567
• License:
• Abstract: "Distributed Identity" refers to the transition from centralized identity systems using Decentralized Identifiers (DID) and Verifiable Credentials (VC) for secure and privacy-preserving authentications. With distributed identity, control of identity data is returned to the user, making credential-based attacks impossible due to the lack of a single point of failure. This study assesses the security improvements achieved when distributed identity is employed with the ZTA principle, particularly concerning lateral movements within segmented networks. It also considers areas such as the implementation specifications of the framework, the advantages and disadvantages of the method to organizations, and the issues of compatibility and generalizability. Furthermore, the study highlights privacy and regulatory compliance, including the General Data Protection Regulation (GDPR) and California Consumer Data Privacy Act (CCPA), analyzing potential solutions to these problems. The study implies that adopting distributed identities can enhance overall security postures by an order of magnitude, providing contextual and least-privilege authorization and user privacy. The research recommends refining technical standards, expanding the use of distributed identity in practice, and discussing its applications for the contemporary digital security landscape.

Related papers

• 2FA: Navigating the Challenges and Solutions for Inclusive Access [55.2480439325792]
  Two-Factor Authentication (2FA) has emerged as a critical solution to protect online activities. This paper examines the intricacies of deploying 2FA in a way that is secure and accessible to all users. An analysis was conducted to examine the implementation and availability of various 2FA methods across popular online platforms.
  arXiv  Detail & Related papers  (2025-02-17T12:23:53Z)
• Assessing the Trustworthiness of Electronic Identity Management Systems: Framework and Insights from Inception to Deployment [9.132025152225447]
  This paper introduces an integrated Digital Identity Systems Trustworthiness Assessment Framework (DISTAF) It is supported by over 65 mechanisms and over 400 metrics derived from international standards and technical guidelines. We demonstrate the application of DISTAF through a real-world implementation using a Modular Open Source Identity Platform (MOSIP) instance.
  arXiv  Detail & Related papers  (2025-02-15T11:26:30Z)
• SLVC-DIDA: Signature-less Verifiable Credential-based Issuer-hiding and Multi-party Authentication for Decentralized Identity [15.346928617367338]
  Verifiable Credential techniques are used to facilitate decentralized DID-based access control across multiple entities. Existing DID schemes generally rely on a distributed public key infrastructure that also causes challenges. This paper proposes a Permanent-Hiding (PIH)-based DID-based multi-party authentication framework with a signature-less VC model, named SLVC-DIDA.
  arXiv  Detail & Related papers  (2025-01-19T13:58:01Z)
• Towards an identity management solution on Arweave [0.0]
  This paper explores the potential of using Arweave network to develop an identity management solution. By harnessing Arweave's permanent storage, our solution offers users Self-Sovereign Identity (SSI) framework.
  arXiv  Detail & Related papers  (2024-12-18T14:01:31Z)
• F-RBA: A Federated Learning-based Framework for Risk-based Authentication [0.5999777817331317]
  We propose a Federated Risk-based Authentication (F-RBA) framework that leverages Federated Learning to ensure privacy-centric training. F-RBA introduces a distributed architecture where risk assessment occurs locally on users' devices. By facilitating real-time risk evaluation across devices while maintaining unified user profiles, F-RBA achieves a balance between data protection, security, and scalability.
  arXiv  Detail & Related papers  (2024-12-16T19:42:30Z)
• Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [46.404531555921906]
  We propose an architecture for blockchain-based PAISs aimed at preserving both confidentiality and transparency. Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.
  arXiv  Detail & Related papers  (2024-12-07T20:18:36Z)
• Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC) ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic. We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• Privacy-Enhanced Adaptive Authentication: User Profiling with Privacy Guarantees [0.6554326244334866]
  This paper introduces a novel privacy-enhanced adaptive authentication protocol. It dynamically adjusts authentication requirements based on real-time risk assessments. By adhering to data protection regulations such as CCPA, our protocol not only enhances security but also fosters user trust.
  arXiv  Detail & Related papers  (2024-10-27T19:11:33Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• HFORD: High-Fidelity and Occlusion-Robust De-identification for Face Privacy Protection [60.63915939982923]
  Face de-identification is a practical way to solve the identity protection problem. The existing facial de-identification methods have revealed several problems. We present a High-Fidelity and Occlusion-Robust De-identification (HFORD) method to deal with these issues.
  arXiv  Detail & Related papers  (2023-11-15T08:59:02Z)
• Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
  The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
  arXiv  Detail & Related papers  (2023-10-12T09:33:50Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.