Skip to main content
SpringerLink
Log in

Applying Zero Trust Architecture and Probability-Based Authentication to Preserve Security and Privacy of Data in the Cloud

  • Chapter
  • First Online:
Emerging Trends in Cybersecurity Applications

Abstract

With the convenience of Cloud computing (CC) comes changes and challenges to cybersecurity. Organisational networks have changed, and the traditional perimeter-style defence is ineffective in CC architecture. Tracking the location of data processes within CC poses challenges to organisations to preserve data privacy (Sun, IEEE Access 7:147420–147452, 2019). Zero trust (ZT) architecture offers a way to use familiar network, cyber, and software security tools in a purpose-fit way to protect data in the Cloud. Probability-based authentication (PBA) uses more identifiers about user entities such as device, location, and activity to help identify bad actors and restrict access (Wiefling S, Lo Iacono L, Dürmuth M, Is this really you? An empirical study on risk-based authentication applied in the wild. In: ICT systems security and privacy protection, Cham, pp 134–148, 2019). This chapter provides an overview of how to apply security and preserve data privacy in the Cloud.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. P.J. Sun, Privacy protection and data security in cloud computing: A survey, challenges, and solutions. IEEE Access 7, 147420–147452 (2019). https://doi.org/10.1109/ACCESS.2019.2946185

    Article  Google Scholar 

  2. S. Wiefling, L. Lo Iacono, M. Dürmuth, in ICT Systems Security and Privacy Protection. Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild (Cham, 2019), Springer International Publishing, pp. 134–148. https://doi.org/10.1007/978-3-030-22312-0_10

  3. E. Gilman, D. Barth, in Zero Trust Networks (O’Reilly, 2017). Available: https://learning.oreilly.com/library/view/zero-trust-networks/9781491962183/. Accessed 18 Dec 2021. [Online]

  4. P. Suryateja, Threats and vulnerabilities of cloud computing: A review. Int. J. Comput. Sci. Eng. 6 (2018). https://doi.org/10.26438/ijcse/v6i3.298303

  5. M. Sepczuk, Z. Kotulski, A new risk-based authentication management model oriented on user’s experience. Comput. Secur. 73, 17–33 (2018). https://doi.org/10.1016/j.cose.2017.10.002

    Article  Google Scholar 

  6. S. Wiefling, M. Dürmuth, L.L. Iacono, What’s in score for website users: A data-driven long-term study on risk-based authentication characteristics. arXiv:2101.10681 [cs] 12675, 361–381 (2021). https://doi.org/10.1007/978-3-662-64331-0_19

    Article  Google Scholar 

  7. C. Cunningham, D. Holmes, J. Pollard, in The Eight Business and Security Benefits of Zero Trust (2019), p. 18

    Google Scholar 

  8. M.A. Islam, H. Mahmud, S. Ren, X. Wang, in 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA). Paying to Save: Reducing Cost of Colocation Data Center Via Rewards (2015), pp. 235–245. https://doi.org/10.1109/HPCA.2015.7056036

  9. H. Baron, S. Heide, S. Mahmud, J. Yeoh, in Cloud Security Complexity. Cloud Security Alliance (2019). Available: https://cloudsecurityalliance.org/artifacts/cloud-security-complexity/. Accessed 01 Dec 2021. [Online]

  10. Amazon Web Services, Regions and Zones – Amazon Elastic Compute Cloud. Available: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html. Accessed 25 Nov 2021. [Online]

  11. S. Yi, Z. Hao, Z. Qin, Q. Li, in 2015 Third IEEE Workshop on Hot Topics in Web Systems and Technologies. Fog Computing: Platform and Applications (2015), pp. 73–78. https://doi.org/10.1109/HotWeb.2015.22

  12. L. Shooshtarian, D. Lan, A. Taherkordi, in Pervasive Systems, Algorithms and Networks. A Clustering-Based Approach to Efficient Resource Allocation in Fog Computing (Cham, 2019), Springer International Publishing, pp. 207–224. https://doi.org/10.1007/978-3-030-30143-9_17

  13. Global Cyber Alliance, IoT Policy and Attack Report (2021). Available: https://www.globalcyberalliance.org/reports_publications/iot-policy-and-attack-report/. Accessed 19 Dec 2021. [Online]

  14. R. Sobers, 98 Must-Know Data Breach Statistics for 2021 | Varonis (2020)

    Google Scholar 

  15. Australian Cyber Security Centre, ACSC Annual Cyber Threat Report 2020–21. Available: https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-2020-21. Accessed 25 Nov 2021. [Online]

  16. IBM Corporation, Cost of a Data Breach Report 2021 (2021). Available: https://www.ibm.com/au-en/security/data-breach. Accessed 16 Feb 2022. [Online]

  17. P.A. Legg, in 2015 IEEE Symposium on Visualization for Cyber Security. Visualizing the Insider Threat: Challenges and Tools for Identifying Malicious User Activity (2015), pp. 1–7. https://doi.org/10.1109/VIZSEC.2015.7312772

  18. P. Sun, Security and privacy protection in cloud computing: Discussions and challenges. J. Netw. Comput. Appl. 160, 102642 (2020). https://doi.org/10.1016/j.jnca.2020.102642

    Article  Google Scholar 

  19. A. Aljumah, T.A. Ahanger, Cyber security threats, challenges and defence mechanisms in cloud computing. IET Commun. 14(7), 1185–1191 (2020). https://doi.org/10.1049/iet-com.2019.0040

    Article  Google Scholar 

  20. A. Singh, K. Chatterjee, Cloud security issues and challenges: A survey. J. Netw. Comput. Appl. 79, 88–115 (2017). https://doi.org/10.1016/j.jnca.2016.11.027

    Article  Google Scholar 

  21. I. Gul, M. Hussain, Distributed cloud intrusion detection model. Int. J. Adv. Sci. Technol. 34, 71–82 (2011)

    Google Scholar 

  22. A. Mantelero, The future of data protection: Gold standard vs. global standard. Comput. Law Secur. Rev. 40, 105500 (2021). https://doi.org/10.1016/j.clsr.2020.105500

    Article  Google Scholar 

  23. C. Nast, in Wired UK. Why Amazon’s £636m GDPR Fine Really Matters. Available: https://www.wired.co.uk/article/amazon-gdpr-fine. Accessed 26 Nov 2021. [Online]

  24. European Parliament, in Regulation (EU) 2016/679. Council of the European Union (2016). [Online]. Available: http://data.europa.eu/eli/reg/2016/679/oj

  25. A. Bendovschi, Cyber-attacks – Trends, patterns and security countermeasures. Procedia Econ. Financ. 28, 24–31 (2015). https://doi.org/10.1016/S2212-5671(15)01077-1

    Article  Google Scholar 

  26. A. Shalaginov, J.W. Johnsen, K. Franke, in 2017 IEEE International Conference on Big Data (Big Data). Cyber Crime Investigations in the Era of Big Data (2017), pp. 3672–3676. https://doi.org/10.1109/BigData.2017.8258362

  27. D. Buil-Gil, F. Miró-Llinares, A. Moneva, S. Kemp, N. Díaz-Castaño, Cybercrime and shifts in opportunities during COVID-19: A preliminary analysis in the UK. Eur. Soc. 23(sup1), S47–S59 (2021). https://doi.org/10.1080/14616696.2020.1804973

    Article  Google Scholar 

  28. S. Monteith, M. Bauer, M. Alda, J. Geddes, P.C. Whybrow, T. Glenn, Increasing cybercrime since the pandemic: Concerns for psychiatry. Curr. Psychiatry Rep. 23(4), 18 (2021). https://doi.org/10.1007/s11920-021-01228-w

    Article  Google Scholar 

  29. S.G.A. van de Weijer, R. Leukfeldt, W. Bernasco, Determinants of reporting cybercrime: A comparison between identity theft, consumer fraud, and hacking. Eur. J. Criminol. 16(4), 486–508 (2019). https://doi.org/10.1177/1477370818773610

    Article  Google Scholar 

  30. The White House, Executive Order 14028, Improving the Nation’s Cybersecurity (2021). https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/. Accessed 19 Dec 2021

  31. The Australian Cyber Security Centre, Essential Eight Maturity Model | Cyber.gov.au (2021). Available: https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-maturity-model. Accessed 29 Oct 2021. [Online]

  32. BeyondCorp, Run Zero Trust Security Like Google. http://www.beyondcorp.com/. Accessed 15 Dec 2021

  33. R. Ward, B. Beyer, BeyondCorp: A new approach to enterprise security. Google Res. 39(6), 6–11 (2014)

    Google Scholar 

  34. H. Okhravi, F.T. Sheldon, in Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research. Data Diodes in Support of Trustworthy Cyber Infrastructure (New York, 2010), pp. 1–4. https://doi.org/10.1145/1852666.1852692

  35. B.-S. Jeon, J.-C. Na, in 2016 18th International Conference on Advanced Communication Technology (ICACT). A Study of Cyber Security Policy in Industrial Control System Using Data Diodes (2016), pp. 314–317. https://doi.org/10.1109/ICACT.2016.7423374

  36. Y. Zhang, G. Zhang, Y. Liu, D. Hu, Research on services encapsulation and virtualization access model of machine for cloud manufacturing. J. Intell. Manuf. 28(5), 1109–1123 (2017). https://doi.org/10.1007/s10845-015-1064-2

    Article  Google Scholar 

  37. Attorney-General’s Department, Policy 8: Sensitive and Classified Information. Australian Government 2021. Available: https://www.protectivesecurity.gov.au/system/files/2021-11/pspf-policy-8-sensitive-and-classified-information.pdf. Accessed 16 Feb 2022. [Online]

  38. European Union Agency for Cybersecurity, Considerations on the Traffic Light Protocol. https://www.enisa.europa.eu/topics/csirts-in-europe/glossary/considerations-on-the-traffic-light-protocol. Accessed 15 Dec 2021

  39. Cybersecurity & Infrastructure Security Agency, Traffic Light Protocol (TLP) Definitions and Usage. Available: https://www.cisa.gov/tlp. Accessed 15 Dec 2021. [Online]

  40. S. Rao, D. Mahto, D. Yadav, D. Khan, The AES-256 cryptosystem resists quantum attacks. Int. J. Adv. Res. Comput. Sci. 8, 404–408 (2017)

    Google Scholar 

  41. Amazon Web Services, Protecting Data Using Client-Side Encryption (2022). Available: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingClientSideEncryption.html. Accessed 21 Dec 2021. [Online]

  42. Google Cloud, Client-Side Encryption Keys. Available: https://cloud.google.com/storage/docs/encryption/client-side-keys. Accessed 21 Dec 2021. [Online]

  43. Google Developers, I Want to Encrypt Data (2021). Available: https://developers.google.com/tink/encrypt-data. Accessed 21 Dec 2021. [Online]

  44. P. Arpaia, F. Bonavolontà, A. Cioffi, in 2020 IEEE International Workshop on Metrology for Industry 4.0 IoT. Security Vulnerability in Internet of Things Sensor Networks Protected by Advanced Encryption Standard (2020), pp. 452–457. https://doi.org/10.1109/MetroInd4.0IoT48571.2020.9138236

  45. M. Forhad, S. Riaz, M. Hossain, M. Das, An improvement of advanced encryption standard. 18, 159–166 (2018)

    Google Scholar 

  46. R. Saha, G. Geetha, G. Kumar, T. Kim, RK-AES: An improved version of AES using a new key generation process with random keys. Secur. Commun. Netw. 2018, e9802475 (2018). https://doi.org/10.1155/2018/9802475

    Article  Google Scholar 

  47. I.A. Awan, M. Shiraz, M.U. Hashmi, Q. Shaheen, R. Akhtar, A. Ditta, Secure framework enhancing AES algorithm in cloud computing. Secur. Commun. Netw. 2020, e8863345 (2020). https://doi.org/10.1155/2020/8863345

    Article  Google Scholar 

  48. Google Cloud, Encryption at Rest in Google Cloud (2020). Available: https://cloud.google.com/security/encryption/default-encryption. Accessed 14 Dec 2021. [Online]

  49. A. Younis, K. Kifayat, M. Merabti, An access control model for cloud computing. J. Inf. Secur. Appl. 19(1), 45–60 (2014). https://doi.org/10.1016/j.jisa.2014.04.003

    Article  Google Scholar 

  50. D.F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn, R. Chandramouli, Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001). https://doi.org/10.1145/501978.501980

    Article  Google Scholar 

  51. V.C. Hu, D.R. Kuhn, D.F. Ferraiolo, J. Voas, Attribute-based access control. Computer 48(2), 85–88 (2015). https://doi.org/10.1109/MC.2015.33

    Article  Google Scholar 

  52. R. Chandramouli, S.L. Garfinkel, J.S. Nightingale, S.W. Rose, Trustworthy Email (2016). Available: http://www.nist.gov/publications/trustworthy-email. Accessed 25 Nov 2021. [Online]

  53. S.J. Nightingale, Email Authentication Mechanisms: DMARC, SPF and DKIM. National Institute of Standards and Technology, Gaithersburg, MD, NIST TN 1945 (2017). https://doi.org/10.6028/NIST.TN.1945

  54. G. Kambourakis, G.D. Gil, I. Sanchez, What email servers can tell to Johnny: An empirical study of provider-to-provider email security. IEEE Access 8, 130066–130081 (2020). https://doi.org/10.1109/ACCESS.2020.3009122

    Article  Google Scholar 

  55. S. Bax, T. McGill, V. Hobbs, Maladaptive behaviour in response to email phishing threats: The roles of rewards and response costs. Comput. Secur. 106, 102278 (2021). https://doi.org/10.1016/j.cose.2021.102278

    Article  Google Scholar 

  56. Z. Durumeric et al., in Proceedings of the 2015 Internet Measurement Conference. Neither Snow nor Rain nor MITM…: An Empirical Analysis of Email Delivery Security (New York, 2015), pp. 27–39. https://doi.org/10.1145/2815675.2815695

  57. I.D. Foster, J. Larson, M. Masich, A.C. Snoeren, S. Savage, K. Levchenko, in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Security by Any Other Name: On the Effectiveness of Provider Based Email Security (New York, 2015), pp. 450–464. https://doi.org/10.1145/2810103.2813607

  58. M. Haider, H. Mohammed, A survey of email service; attacks, security methods and protocols. Int. J. Comput. Appl. 162, 31–40 (2017). https://doi.org/10.5120/ijca2017913417

    Article  Google Scholar 

  59. J. Chen, V. Paxson, J. Jiang, in Composition Kills: A Case Study of Email Sender Authentication, p. 18

    Google Scholar 

  60. M. Braverman-Blumenstyk, Learn how Microsoft strengthens IoT and OT security with Zero Trust. Microsoft Security Blog (2021). https://www.microsoft.com/security/blog/2021/11/08/learn-how-microsoft-strengthens-iot-and-ot-security-with-zero-trust/. Accessed 19 Dec 2021

  61. Microsoft, Implementing a Zero Trust security model at Microsoft. Microsoft | Inside Track, 2022. https://www.microsoft.com/en-us/insidetrack/implementing-a-zero-trust-security-model-at-microsoft. Accessed 19 Dec 2021

  62. S. Wachter, Normative challenges of identification in the Internet of Things: Privacy, profiling, discrimination, and the GDPR. Comput. Law Secur. Rev. 34(3), 436–449 (2018). https://doi.org/10.1016/j.clsr.2018.02.002

    Article  MathSciNet  Google Scholar 

  63. W. Wang, J. Han, M. Song, X. Wang, in 2011 6th International Conference on Pervasive Computing and Applications. The Design of a Trust and Role Based Access Control Model in Cloud Computing (2011), pp. 330–334. https://doi.org/10.1109/ICPCA.2011.6106526

  64. A. Ometov, S. Bezzateev, N. Mäkitalo, S. Andreev, T. Mikkonen, Y. Koucheryavy, Multi-factor authentication: A survey. Cryptography. 2(1), Art. no. 1 (2018). https://doi.org/10.3390/cryptography2010001

  65. R.A. Grimes, Hacking Multifactor Authentication (Wiley, Newark, 2020)

    Book  Google Scholar 

  66. C. Jacomme, S. Kremer, An extensive formal analysis of multi-factor authentication protocols. ACM Trans. Privacy Secur. 24(2), 1–34 (2021). https://doi.org/10.1145/3440712

    Article  Google Scholar 

  67. E. Grosse, M. Upadhyay, Authentication at scale. IEEE Secur. Privacy 11(1), 15–22 (2013). https://doi.org/10.1109/MSP.2012.162

    Article  Google Scholar 

  68. M. Anathi, K. Vijayakumar, An intelligent approach for dynamic network traffic restriction using MAC address verification. Comput. Commun. 154, 559–564 (2020). https://doi.org/10.1016/j.comcom.2020.02.021

    Article  Google Scholar 

  69. M.R. Shahid, G. Blanc, Z. Zhang, H. Debar, in 2018 IEEE International Conference on Big Data (Big Data). IoT Devices Recognition Through Network Traffic Analysis (2018), pp. 5187–5192. https://doi.org/10.1109/BigData.2018.8622243

  70. M. Laštovička, P. Čeleda, in Security of Networks and Services in an All-Connected World. Situational Awareness: Detecting Critical Dependencies and Devices in a Network (Cham, 2017), pp. 173–178. https://doi.org/10.1007/978-3-319-60774-0_17

Download references

Author information

Authors and Affiliations

  1. Charles Sturt University, Bathurst, Australia

    Yvette Colomb, Peter White, Rafiqul Islam & Abeer Alsadoon

Authors
  1. Yvette Colomb
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peter White
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rafiqul Islam
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Abeer Alsadoon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yvette Colomb .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, MI, USA

    Kevin Daimi

  2. Kent Institute Australia, Sydney, NSW, Australia

    Abeer Alsadoon

  3. Ulster University, Ulster, UK

    Cathryn Peoples

  4. EPITA Engineering School, Paris, France

    Nour El Madhoun

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Colomb, Y., White, P., Islam, R., Alsadoon, A. (2023). Applying Zero Trust Architecture and Probability-Based Authentication to Preserve Security and Privacy of Data in the Cloud. In: Daimi, K., Alsadoon, A., Peoples, C., El Madhoun, N. (eds) Emerging Trends in Cybersecurity Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-09640-2_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-09640-2_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-09639-6

  • Online ISBN: 978-3-031-09640-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation