Identity authentication for edge devices based on zero‐trust architecture

Abstract

Device identity authentication is the first line of defense for edge computing security mechanisms. Many authentication schemes are often accompanied by high communication and computational overhead. In addition, due to the continuous enhancement of network virtualization and dynamics, the security requirements for logical boundaries of many enterprise information systems “cloudification,” and the huge data security challenges faced by enterprise core assets, all make the original "one‐time authentication, all the way" trust model no longer reliable. Therefore, the paper proposes a local identity authentication and roaming identity authentication protocol based on a zero‐trust architecture. First, we propose a revocable group signature scheme, the expiration time is bound to the key of each edge terminal device. According to this solution, since the identity authentication token generated by the expired key is invalid, it does not need to be included in the revocation list, which improves the efficiency of revocation checking. Compared with the current identity authentication protocol, this article not only builds a model based on the zero trust architecture, effectively solves the shortcomings of the network security protection architecture, but also considers the unforgeability of the expiration time, and realizes effective revocation and more efficient identity authentication.