Dynamic Authentication and Granularized Authorization with a Cross-Domain Zero Trust Architecture for Federated Learning in Large-Scale IoT Networks

TL;DR

This paper introduces a dynamic, privacy-preserving cross-domain authentication and authorization framework for large-scale IoT networks, leveraging zero trust architecture and decentralized federated learning to enhance security and efficiency.

Contribution

It proposes a novel integration of zero trust architecture with decentralized federated learning for secure, efficient, and granular cross-domain IoT authentication and authorization.

Findings

Lower latency and higher throughput demonstrated in simulations.

Enhanced security with confidentiality, integrity, and availability.

Efficient data sharing via compressed federated learning models.

Abstract

With the increasing number of connected devices and complex networks involved, current domain-specific security techniques become inadequate for diverse large-scale Internet of Things (IoT) systems applications. While cross-domain authentication and authorization brings lots of security improvement, it creates new challenges of efficiency and security. Zero trust architecture (ZTA), an emerging network security architecture, offers a more granular and robust security environment for IoT systems. However, extensive cross-domain data exchange in ZTA can cause reduced authentication and authorization efficiency and data privacy concerns. Therefore, in this paper, we propose a dynamic authentication and granularized authorization scheme based on ZTA integrated with decentralized federated learning (DFL) for cross-domain IoT networks. Specifically, device requests in the cross-domain process are continuously monitored and evaluated, and only necessary access permissions are granted. To protect user data privacy and reduce latency, we integrate DFL with ZTA to securely and efficiently share device data across different domains. Particularly, the DFL model is compressed to reduce the network transmission load. Meanwhile, a dynamic adaptive weight adjustment mechanism is proposed to enable the DFL model to adapt to data characteristics from different domains. We analyze the performance of the proposed scheme in terms of security proof, including confidentiality, integrity and availability. Simulation results demonstrate the superior performance of the proposed scheme in terms of lower latency and higher throughput compared to other existing representative schemes.