Skip to main content
SpringerLink
Log in

WiP: Towards Zero Trust Authentication in Critical Industrial Infrastructures with PRISM

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13907))

Included in the following conference series:

  • 453 Accesses

Abstract

With the increasing threat of cyber attacks on critical infrastructures, the need for robust security measures has become more pressing. In response, decentralized secure computation has gained traction as an effective approach to minimizing the risks associated with such threats. We introduce this computation into the decentralized registration and authentication applications, and present the PRISM scheme. To ensure the security of the registration phase, the threshold secret sharing (TSS) technique is used to protect the credential against single-point failures. The threshold oblivious pseudorandom function (TOPRF) technique further enhance the security of PRISM scheme in the password-based authentication phase, by allowing the user to reconstruct the authentication messages from any subset of t parties and pass the verification. This study is a work in progress, and we are currently analyzing the detailed scheme and its security to better understand the practicality of our PRISM scheme. The theoretical security analysis demonstrates that our PRISM scheme achieves the properties of privacy preservation, unpredictability, and obliviousness. Experimental evaluation of the performance and practicability of our scheme will be presented in the full version.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Gilman, E., Barth, D.: Zero Trust Networks. O’Reilly Media, Sebastopol (2017)

    Google Scholar 

  2. Ali, B., Hijjawi, S., Campbell, L.H., Gregory, M.A., Li, S.: A maturity framework for zero-trust security in multiaccess edge computing. Secur. Commun. Netw. 2022 (2022)

    Google Scholar 

  3. He, Y., Huang, D., Chen, L., Ni, Y., Ma, X.: A survey on zero trust architecture: challenges and future trends. Wirel. Commun. Mob. Comput. 2022 (2022)

    Google Scholar 

  4. Jarecki, S., Kiayias, A., Krawczyk, H., Xu, J.: TOPPSS: cost-minimal password-protected secret sharing based on threshold OPRF. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 39–58. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_3

    Chapter  Google Scholar 

  5. Liu, Y., et al.: A blockchain-based decentralized, fair and authenticated information sharing scheme in zero trust internet-of-things. IEEE Trans. Comput. 72, 501–512 (2022)

    Article  Google Scholar 

  6. Mehraj, S., Banday, M.T.: Establishing a zero trust strategy in cloud computing environment. In 2020 International Conference on Computer Communication and Informatics (ICCCI), pp. 1–6. IEEE (2020)

    Google Scholar 

  7. Tang, F., Ma, C., Cheng, K.: Privacy-preserving authentication scheme based on zero trust architecture. Digital Commun. Netw. (2023)

    Google Scholar 

  8. Sonnino, A., Al-Bassam, M., Bano, S., Meiklejohn, S., Danezis, G.: Coconut: threshold issuance selective disclosure credentials with applications to distributed ledgers. arXiv preprint arXiv:1802.07344 (2018)

  9. Xiaojian, Z., Liandong, C., Jie, F., Xiangqun, W., Qi, W.: Power IoT security protection architecture based on zero trust framework. In: 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP), pp. 166–170. IEEE (2021)

    Google Scholar 

  10. Li, S., Iqbal, M., Saxena, N.: Future industry internet of things with zero-trust security. Inf. Syst. Front. pp. 1–14 (2022)

    Google Scholar 

  11. Dhar, S., Bose, I.: Securing Iot devices using zero trust and blockchain. J. Organ. Comput. Electron. Commer. 31(1), 18–34 (2021)

    Article  Google Scholar 

  12. García-Teodoro, P., Camacho, J., Maciá-Fernández, G., Gómez-Hernández, J.A., López-Marín, V.J.: A novel zero-trust network access control scheme based on the security profile of devices and users. Comput. Netw. 212, 109068 (2022)

    Article  Google Scholar 

  13. DHS. Zero trust architecture guide, published by the U.S. department of homeland security in 2018. https://www.cisa.gov/news-events/news/cisa-releases-cloud-security-technical-reference-architecture-and-zero-trust. Accessed 18 Feb 2023

  14. Cisco. Zero trust secure access. https://www.cisco.com/c/en/us/products/security/zero-trust.html. Accessed 18 Feb 2023

  15. Hao, F., van Oorschot, P.C.: SoK: password-authenticated key exchange-theory, practice, standardization and real-world lessons. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pp. 697–711 (2022)

    Google Scholar 

  16. Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)

    Article  Google Scholar 

  17. Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In Proceedings of the 10th ACM conference on Computer and Communications Security, pp. 241–250 (2003)

    Google Scholar 

  18. Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_33

    Chapter  Google Scholar 

  19. Jarecki, S., Krawczyk, H., Xu, J.: OPAQUE: an asymmetric PAKE protocol secure against pre-computation attacks. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 456–486. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_15

    Chapter  Google Scholar 

  20. Chen, C.-M., Wang, K.-H., Yeh, K.-H., Xiang, B., Tsu-Yang, W.: Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications. J. Ambient Intell. Humanized Comput. 10, 3133–3142 (2019)

    Article  Google Scholar 

  21. Miao, P.: Towards Secure Computation with Optimal Complexity. University of California, Berkeley (2019)

    Google Scholar 

  22. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  23. Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_17

    Chapter  Google Scholar 

  24. Erwig, A., Faust, S., Riahi, S.: Large-scale non-interactive threshold cryptosystems through anonymity. IACR Cryptol. ePrint Arch. 2021, 1290 (2021)

    Google Scholar 

  25. Agrawal, S., Miao, P., Mohassel, P., Mukherjee, P.: PASTA: password-based threshold authentication. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 2042–2059 (2018)

    Google Scholar 

  26. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptology 20, 51–83 (2007)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgements

We would like to acknowledge that PRISM was conceived of and tested by TIDE Foundation as part of a broader decentralized identity and access management framework. PRISM in this context is intended to allow typical web users high-level security authentication in the form of the simplest, most ubiquitous experience.

Author information

Authors and Affiliations

  1. Deakin University, School of Information Technology, Waurn Ponds, VIC, 3216, Australia

    Fuyi Wang, Muna Al-Hawawreh & Robin Doss

  2. University of Electronic Science and Technology of China, Chengdu, 69121, China

    Yanping Wang

  3. Griffith University, School of Information and Communication Technology, Gold Coast, QLD, 4215, Australia

    Leo Yu Zhang

  4. TIDE Foundation, 65-71 Belmore Road, Randwick, NSW, 2031, Australia

    Yuval Hertzog, Michael Loewy, Dominique Valladolid & Julio Medeiros

Authors
  1. Fuyi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yanping Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Leo Yu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yuval Hertzog
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Michael Loewy
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Dominique Valladolid
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Julio Medeiros
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Muna Al-Hawawreh
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Robin Doss
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yanping Wang .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. Radboud University Nijmegen, Nijmegen, The Netherlands

    Lejla Batina

  3. Shandong University of Science and Technology, Qingdao, China

    Zengpeng Li

  4. University of Science and Technology of China, Hefei, China

    Jingqiang Lin

  5. University of Padua, Padua, Italy

    Eleonora Losiouk

  6. Concordia University, Montreal, QC, Canada

    Suryadipta Majumdar

  7. Illinois at Singapore Pte Ltd., Singapore, Singapore

    Daisuke Mashima

  8. Technical University Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  9. Radboud University Nijmegen, Nijmegen, The Netherlands

    Stjepan Picek

  10. Florida International University, Miami, FL, USA

    Mohammad Ashiqur Rahman

  11. Zhejiang Gongshang University, Hangzhou, China

    Jun Shao

  12. SECOM Co., Ltd., University of Tsukuba, Tokyo / Ibaraki, Japan

    Masaki Shimaoka

  13. Royal Holloway University of London, Egham, UK

    Ezekiel Soremekun

  14. University of Aizu, Aizuwakamatsu, Fukushima, Japan

    Chunhua Su

  15. Universiti Sains Malaysia, Gelugor, Malaysia

    Je Sen Teh

  16. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Aleksei Udovenko

  17. City University of Hong Kong, Hong Kong, Hong Kong

    Cong Wang

  18. Griffith University, Southport, QLD, Australia

    Leo Zhang

  19. Delft University of Technology, Delft, The Netherlands

    Yury Zhauniarovich

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, F. et al. (2023). WiP: Towards Zero Trust Authentication in Critical Industrial Infrastructures with PRISM. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2023. Lecture Notes in Computer Science, vol 13907. Springer, Cham. https://doi.org/10.1007/978-3-031-41181-6_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-41181-6_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-41180-9

  • Online ISBN: 978-3-031-41181-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation