Abstract
With the increasing threat of cyber attacks on critical infrastructures, the need for robust security measures has become more pressing. In response, decentralized secure computation has gained traction as an effective approach to minimizing the risks associated with such threats. We introduce this computation into the decentralized registration and authentication applications, and present the PRISM scheme. To ensure the security of the registration phase, the threshold secret sharing (TSS) technique is used to protect the credential against single-point failures. The threshold oblivious pseudorandom function (TOPRF) technique further enhance the security of PRISM scheme in the password-based authentication phase, by allowing the user to reconstruct the authentication messages from any subset of t parties and pass the verification. This study is a work in progress, and we are currently analyzing the detailed scheme and its security to better understand the practicality of our PRISM scheme. The theoretical security analysis demonstrates that our PRISM scheme achieves the properties of privacy preservation, unpredictability, and obliviousness. Experimental evaluation of the performance and practicability of our scheme will be presented in the full version.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gilman, E., Barth, D.: Zero Trust Networks. O’Reilly Media, Sebastopol (2017)
Ali, B., Hijjawi, S., Campbell, L.H., Gregory, M.A., Li, S.: A maturity framework for zero-trust security in multiaccess edge computing. Secur. Commun. Netw. 2022 (2022)
He, Y., Huang, D., Chen, L., Ni, Y., Ma, X.: A survey on zero trust architecture: challenges and future trends. Wirel. Commun. Mob. Comput. 2022 (2022)
Jarecki, S., Kiayias, A., Krawczyk, H., Xu, J.: TOPPSS: cost-minimal password-protected secret sharing based on threshold OPRF. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 39–58. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_3
Liu, Y., et al.: A blockchain-based decentralized, fair and authenticated information sharing scheme in zero trust internet-of-things. IEEE Trans. Comput. 72, 501–512 (2022)
Mehraj, S., Banday, M.T.: Establishing a zero trust strategy in cloud computing environment. In 2020 International Conference on Computer Communication and Informatics (ICCCI), pp. 1–6. IEEE (2020)
Tang, F., Ma, C., Cheng, K.: Privacy-preserving authentication scheme based on zero trust architecture. Digital Commun. Netw. (2023)
Sonnino, A., Al-Bassam, M., Bano, S., Meiklejohn, S., Danezis, G.: Coconut: threshold issuance selective disclosure credentials with applications to distributed ledgers. arXiv preprint arXiv:1802.07344 (2018)
Xiaojian, Z., Liandong, C., Jie, F., Xiangqun, W., Qi, W.: Power IoT security protection architecture based on zero trust framework. In: 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP), pp. 166–170. IEEE (2021)
Li, S., Iqbal, M., Saxena, N.: Future industry internet of things with zero-trust security. Inf. Syst. Front. pp. 1–14 (2022)
Dhar, S., Bose, I.: Securing Iot devices using zero trust and blockchain. J. Organ. Comput. Electron. Commer. 31(1), 18–34 (2021)
García-Teodoro, P., Camacho, J., Maciá-Fernández, G., Gómez-Hernández, J.A., López-Marín, V.J.: A novel zero-trust network access control scheme based on the security profile of devices and users. Comput. Netw. 212, 109068 (2022)
DHS. Zero trust architecture guide, published by the U.S. department of homeland security in 2018. https://www.cisa.gov/news-events/news/cisa-releases-cloud-security-technical-reference-architecture-and-zero-trust. Accessed 18 Feb 2023
Cisco. Zero trust secure access. https://www.cisco.com/c/en/us/products/security/zero-trust.html. Accessed 18 Feb 2023
Hao, F., van Oorschot, P.C.: SoK: password-authenticated key exchange-theory, practice, standardization and real-world lessons. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pp. 697–711 (2022)
Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)
Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In Proceedings of the 10th ACM conference on Computer and Communications Security, pp. 241–250 (2003)
Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_33
Jarecki, S., Krawczyk, H., Xu, J.: OPAQUE: an asymmetric PAKE protocol secure against pre-computation attacks. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 456–486. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_15
Chen, C.-M., Wang, K.-H., Yeh, K.-H., Xiang, B., Tsu-Yang, W.: Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications. J. Ambient Intell. Humanized Comput. 10, 3133–3142 (2019)
Miao, P.: Towards Secure Computation with Optimal Complexity. University of California, Berkeley (2019)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_17
Erwig, A., Faust, S., Riahi, S.: Large-scale non-interactive threshold cryptosystems through anonymity. IACR Cryptol. ePrint Arch. 2021, 1290 (2021)
Agrawal, S., Miao, P., Mohassel, P., Mukherjee, P.: PASTA: password-based threshold authentication. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 2042–2059 (2018)
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptology 20, 51–83 (2007)
Acknowledgements
We would like to acknowledge that PRISM was conceived of and tested by TIDE Foundation as part of a broader decentralized identity and access management framework. PRISM in this context is intended to allow typical web users high-level security authentication in the form of the simplest, most ubiquitous experience.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, F. et al. (2023). WiP: Towards Zero Trust Authentication in Critical Industrial Infrastructures with PRISM. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2023. Lecture Notes in Computer Science, vol 13907. Springer, Cham. https://doi.org/10.1007/978-3-031-41181-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-031-41181-6_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-41180-9
Online ISBN: 978-3-031-41181-6
eBook Packages: Computer ScienceComputer Science (R0)