1. Introduction

Looking at the history of Zero Trust (ZT), the United States Department of Defense first introduced the term “zero trust”. In May 2021, the United States Biden administration introduced a Zero Trust architecture (ZTA) to cope with large-scale cyber-attacks and advance cyber security [1,2]. The U.S. Department of Defense has also continued efforts to transition its cybersecurity policy to a ZT framework based on a common understanding at the organizational level. The ZT concept is gradually becoming a global standard in cybersecurity. Many prior ZT model research studies and works exploring theory and practical applications have been conducted in recent years. These works often focus on developing models and frameworks for ZT and analyzing its effectiveness in different environments.

Accordingly, the Republic of Korea government also announced the basic philosophy and core principles of ZTA in the domestic network environment. However, the concept of ZT is somewhat philosophical and has not been promoted in earnest because no model fits the Korean situation. The Korean government has announced the concept of ZT 1.0 and has presented it as a new security model, but companies and governments that have already established existing security systems are confused about the concept of ZT. Since companies have exploited this situation to use this architecture for marketing purposes, there is a need to correct misconceptions about it. In the Republic of Korea, whenever a new security concept is introduced, information security products that apply the concept tend to be released. Corporate security managers will feel reassured if they can deal with new threats no matter how much of a security budget amount is invested. So far, there are no security products released on the market to meet ZT standards. The concept of ZT has been relegated to a new security paradigm rather than a specific product group or solution.

The ZT concept has been widely introduced and applied, but there are still many gaps in research and practical application, especially in the Korean context. Although the ZT concept has been recognized, there needs to be more apparent models and specific guidelines for implementation in organizations, especially in corporate environments in Korea. Second, many companies and organizations still need to understand the ZT concept to avoid ineffective application or deviation from the basic principles of this model. Research should focus on developing specific security solutions based on the ZT principle. In addition, there is a demand to evaluate the effectiveness of ZT-based security solutions in organizational environments and demonstrate the feasibility and advantages of this model.

Therefore, this research aims to help security solutions that have already been or are scheduled to be introduced into existing corporate networks understand and implement the principle of ZT. Our research hopes to contribute to building a more effective information security system that helps organizations combat increasingly sophisticated cyber threats. The contribution of this research can be presented as follows:

• Proposing a ZT application model suitable for the Korean context, including operating principles and implementation guidelines.

• Creating and serving as an educational reference to raise awareness and understanding of ZT in the business community, helping to reduce misconceptions.

• Proposing evaluation criteria to analyze the effectiveness of ZT solutions, thereby providing valuable data and information for Korean enterprise security managers.

Therefore, this research aims to help security solutions that have already been or are scheduled to be introduced into existing corporate networks understand and implement the principle of ZT. Our research hopes to contribute to building a more effective information security system. The designed ZTA, as presented in Figure 1, consists of multiple layers to ensure network security. In the User/Device layer, users are classified into authenticated and unauthenticated groups, with access to risky applications based on multiple factors such as application, location, identity, and device. The Zero Trust Control Plane layer includes key components such as the Policy Enforcement Point (PEP), which enforces security policies; the Policy Decision Point (PDP), which determines the trust level of access requests through the Trust Engine and Policy Engine; the Policy Information Point (PIP), which provides the information needed to make decisions; and the Policy Administration Point (PAP), which monitors and administers security policies. Supported protocols in this layer include SAML/OIDC, RADIUS, WS-Fed, Kerberos/LDAP, OAUTH, SSH/RDP, SSL, Multi-Factor Authentication (MFA), Risk-Based Access (RBA), etc. Finally, the Protected Resources layer includes resources that must be protected, such as cloud, on-prem databases, APIs, applications, and specific functions.

Our ZTA model requires every access request to be checked and authenticated, regardless of origin. First, each user and device undergo a robust authentication process, often including multi-factor authentication (MFA) for added security. Next, the Zero Trust Control Plane layer analyzes the context of the access request, considering factors such as location, device, and security status to assess the level of risk. Based on this information, the PDP decides whether the request should be allowed. This decision can change over time. If approved, the PEP enforces security policies, granting access to specific resources. User and device activity is continuously monitored for anomalous behavior, with access revoked if suspicious. Security policies and information about users and devices are managed and updated regularly through PAPs and PIPs. Finally, resources such as clouds, databases, APIs, and applications are protected by multiple layers of security, including encryption and network access control. The ZTA model, with its continuous authentication and monitoring requirements, effectively protects resources and minimizes the risk of threats.

The structure of this paper is given as follows. Section 2 presents an overview of the ZTA, NIST SP 800-207 concept, Zero Trust Concept 1.0 provided by the Republic of Korea’s Ministry of Science and ICT, and related ZT design and deployment research. In Section 3, we propose the concept of ZTA and a network system that applies it to the design. In Section 4, the design and verification that we conducted to prove the stability of the network system is explained. Finally, Section 5 concludes and describes the necessity and plan to strengthen ZT security.

2. Background of Research

2.1. Zero Trust Architecture (ZTA) Concept

According to the ZTA-related document of the United States National Institute of Standards and Technology (NIST), the concept of ZT assumes that the network is always being breached and warrants minimal access rights to data and computing services that require protection [3]. The idea of ZT is based on the core principle of “Never Trust, Always Verify” and complements the existing perimeter security system.

ZT is not a stand-alone security solution, but rather a collection of concepts to secure a higher level of security. ZTA is an enterprise security plan that uses the idea of ZT including relationships between components, workflow design, and access policies [3]. There are six basic ZT principles. First, all types of access should not be trusted. Second, centralized policies should be managed consistently, with access control to be decided and implemented. Third, users and devices should be controlled and strongly authenticated. Fourth, access should be controlled in detail through resource classification and management. (granting minimum privileges). Fifth, logical perimeters should be created, with access to be allowed for each session and communication protection technology to be applied. Sixth, reliability should be continuously verified and controlled by monitoring and log-recording all states [4].

The three core principles underlying the use of the above six basic principles in terms of technology are first, strengthening the authentication system [3], second, micro-segmentation, and third, utilizing software-defined perimeter techniques.

Figure 2 above shows the access control principle. The core security function of a ZTA is access control policy, and trust authentication permission for access to all resources is determined by communication between the policy decision point (PDP) and policy enforcement point (PEP). ZTA is divided into either the control area or the data area.

The logical space where the access control policy is determined is called the control plane, and the logical space where the policy is implemented and the access subject accesses the company’s resources is called the data plane. Input elements that provide data generated internally and externally to the company exist in PDP and PEP and provide various information necessary for access decisions. The important point here is that each area should interact systematically to satisfy the principles of the ZTA as shown in Table 1 below.

Table 1 delineates the seven basic principles that comprise ZT components. Principle 1 classifies all data and personally owned devices as resources as well since the perimeter of work is expanded to personal devices due to the impact of COVID-19. Principle 2 is the basic principle of ZTA “Never Trust, Always Verify”, inferring that all networks must be protected, which is an important item in this paper. In other words, confidentiality and integrity must be protected. Principle 5 means that the condition of assets should be monitored and actions undertaken since no asset can be trusted.

However, companies that plan to implement a ZTA should establish a Continuous Diagnostics and Mitigation (CDM) program or a similar system for monitoring and checks.

2.2. SSL (Secure Socket Layer)

Secure Sockets Layer (SSL) is also called web server or server authentication. SSL is a security protocol that protects information even if it is leaked due to hacking by encrypting it during communication between the browser and server. It is already being used by millions of website administrators [5]. The standard security technology was developed by U.S.-based Netscape in 1994, and all data transmitted between the web server and web browser is encrypted [6]. SSL has become an industry-standard protocol to safely exchange data between World Wide Web browsers and web servers [5,7], and is adopted by leading web product companies, such as Microsoft and Google in the U.S. SSL is an encryption method in the transport layer encryption of the Open Systems Interconnection (OSI) seven-layer model, which guarantees authentication and encryption.

The SSL protocol ensures security between web servers and browsers on the Internet. In Figure 3 above, SSL is used to authenticate servers and clients from a third party called certificate authority (CA). The basic structure of SSL is based on the assumption that if a user can trust another person who signed the certificate, the signed certificate can also be trusted.

Alternatively, Figure 4 above shows the SSL communication process that describes the simple process of how SSL works. First, the client connects to the server. This phase is called “Client Hello”, and random data generated by the client, encryption method, and session ID are exchanged. Second, the server sends a “Server Hello” in response to the “Client Hello”, and exchanges random data generated by the server, the client encryption method selected by the server, and a certificate. Third, the client checks the CA list built into the client to check whether the server’s certificate was issued by the CA. Fourth, the server decrypts the pre-master secret value sent by the client with its private key. Fifth, the client and server inform each other of the end of the handshake phase. Lastly, when the data transmission is completed, the client and server inform each other that the SSL communication has ended.

2.3. Sever Digital Rights Management (DRM)

Server Digital Rights Management (DRM) retains documents, which are important assets, safe, by preventing illegal distribution, duplication, leakage, and hacking of document content, and maintaining document security on the server while providing a reliable environment, infrastructure, and encryption/decryption and controlling the permissions of a document or tracking its usage history.

Algorithm 1 represents the encryption pseudo-code among the DRM codes. The function is used to encrypt a general file stream transmitted by the Java-based linking system used in the Windows environment.

The encryption algorithm is a series of algorithms based on the ARIA block cipher [8,9,10]. Input information is limited by creating an encrypted file header and defining the encrypted file size, editability, and number of views, to limit the number of printing times, document usage period, watermarking, etc., before encrypting a physical file using a stream (Java Stream). In addition, the authority level on the encrypted document is set, with the document being set as secret or confidential based on personnel information.

2.4. Fast Identity Online (FIDO)

Fast Identity Online (FIDO) is an international consortium established to set standards for authentication technology using biometrics, serving as the de facto international standards organization for biometric authentication [11]. The FIDO-based biometric authentication system provides both security and convenience by using various online biometric authentication services, such as fingerprint and voice, unlike ID/PW security, which is inconvenient to use and less secure.

The FIDO platform is largely divided into a Universal Authentication Framework (UAF) and a Universal Second Factor (U2F) [12]. The UAF authentication method processes the user’s unique biometric information, such as fingerprint and voice, on the user’s terminal rather than processing or storing it on the server and then transmits the resulting value. This method is suitable for the authentication system using personal devices, such as smartphones, which keeps growing rapidly by 32% every year.

U2F is based on a two-factor authentication method and uses separate authentication devices, such as USB dongles and smart cards that store additional security information, in addition to the existing ID and password authentication method [13]. That is, this technique requires users who provided their password to authenticate themselves using a second factor.

Meanwhile, strong authentication is required for all users and all resources for the control and robust authentication of users and devices, which is one of the basic principles of a ZTA. FIDO-type authentication technology can satisfy this requirement. It is necessary to reduce uncertainty and verify users appropriately each time through authentication/authorization for companies to construct a reliable network. In addition, information security can be strong and sustained for a prolonged time only when conditions are met that enable users to use it conveniently within the shortest period [13,14,15,16,17,18,19,20,21,22,23,24,25].

2.5. Related Research

The ZT concept is gradually becoming a global standard in cybersecurity. Prior ZT model research and works exploring theory and practical applications have been conducted in recent years.

Hasan et al. presented research focusing on applying the ZT principle to cyber-physical systems (CPS) to improve the security of critical systems, especially in the aviation industry [26]. The authors present a set of ZT design patterns and corresponding assurance patterns, which help system engineers design and verify the security of ZT components. The assurance patterns allow for the construction of security assurance arguments based on the specific security requirements of the system. The assurance patterns can be applied to detect and correct design flaws in the early stages of development, such as in the case of a practical application of an Unmanned Aerial Vehicle (UAV) surveillance system. The results demonstrate that applying these designs and assurance patterns can significantly improve the overall security posture of cyber-physical systems while saving development time and costs. Ultimately, design and assurance patterns provide a systematic approach to developing more secure CPS systems that meet increasing security requirements in the face of increasingly sophisticated cyber-attacks.

Patil et al. presented a consensus algorithm to build a ZT model in a distributed system, with a specific application being a student recruitment system [27]. This model ensures that each node in the network must approve a transaction before it is executed, allowing data owners to track and secure information when sharing. The consensus algorithm combines proof of work and proof of elapsed time, which prevents malicious nodes from reaching consensus, thereby protecting data security. Students maintain an immutable certificate store and their data is validated by a verification network of academic and placement departments. Students can keep track of the data they transfer to companies because it is documented as transactions on a distributed ledger. The research also points out the potential for extending this model to areas such as banking and healthcare and emphasizes the importance of maintaining network security through cryptographic measures.

Binanda and Anantharaman proposed a solution for access authentication in a ZTA [28]. In the context of enterprise networks, traditional edge-based security assumes that internal devices are trustworthy, but reality shows that many cyber-attacks occur from within. DistriTrust distributes trust across multiple PDPs and uses threshold signatures to mitigate the risk of relying on a single PDP. The research also analyzes different threshold signature methods to ensure low latency during authentication while ensuring the security and efficiency of the system. Experimental results show that DistriTrust can provide fast and secure access authentication for enterprise resources.

Zhang et al. presented a dynamic access control technology based on the ZT policy-based lightweight authentication network model [29]. The ZT model ensures that all accesses are authenticated and controlled, thereby minimizing the risk of attacks and protecting resources. This study also proposes the application of micro-segmentation and lightweight authentication to maintain effective protection while minimizing costs and enhancing manageability. Practical applications show that this model can significantly improve network security in organizations.

Taisho et al. propose a user authentication method based on web biometrics to improve access control in the Zero Trust Access Control (ZTAC) model [30]. In the context of remote work, only initial account authentication can lead to security risks if the authentication information is leaked. This research develops new biometrics, such as mouse and keyboard behavior analysis, to monitor and verify whether the user is the legitimate account owner. Experimental results show that the system can effectively access control with a latency of only about 130 milliseconds, demonstrating the method’s feasibility without increasing the system load. However, this research has limitations such as determining access based on IP address, which can be difficult in cases of access from different time zones and requires more flexibility. Setting biometric thresholds can lead to false access blocking. Finally, monitoring user actions via tracking agents can raise privacy concerns and impact work performance.

Andrew et al. presented a new framework for protecting electronic design secrets from insider threats in the semiconductor industry [31]. The ACED-IT framework in the ZT environment incorporates methods such as encryption, logic locking, and temporary logic elements (TILEs) to protect intellectual property throughout all stages of design, manufacturing, and testing. The research shows that ACED-IT is compatible with existing development processes and provides negligible performance overhead while enhancing security and accountability for tracking user actions.

A recent research trend is related to developing security, verification, and frameworks for ZT and analyzing its effectiveness in different environments such as the financial industry [32], health information systems [33,34], manufacturing industry [35], etc.

In the context of Korea, on 10 July 2023, the Korean government released the “Zero Trust Guide 1.0” to implement the ZT security model [36]. The model is based on the principle that all network transactions must be authenticated, emphasizing the identification of protection surfaces to strengthen security controls. The guide consists of five chapters, covering changes in the network environment, core principles of ZT, principles of the overall security model, implementation plans, and case studies for remote working environments.

Lee and Kim present an authentication mechanism based on a Software-Defined Perimeter (SDP) to support ZTA [37]. SDP creates a dynamic network boundary that only allows authenticated users and devices to access network resources. The research improves SDP alignment with the ZT principle and proposes an onboarding method for devices to the network. In addition, the authors also measure the performance of ECDSA during authentication and propose methods to optimize the performance of ECC encryption. These improvements enhance security and promote the adoption of ZT in organizations.

Kim et al. research the security requirements needed to build a remote work environment based on the ZT model in the context of increasing cloud service usage [38]. The traditional perimeter security model has shown many limitations, leading to the adoption of the ZT model. The authors performed a threat model for the OpenStack cloud service and analyzed commercial cloud services such as Microsoft Azure, Amazon Web Services, and Google Cloud security. The results showed that some security requirements were unmet, indicating potential threats. The paper proposes detailed security requirements to help build a more secure remote work environment and provides countermeasures against potential threats.

Kim et al. present the application of ZTA in defense cybersecurity [39]. The authors report that ZT promotes defense organizations to modernize their security systems. The paper proposes four main technical approaches: dynamic access control, logical network separation, artificial intelligence-based data analysis, and security awareness enhancement. These approaches address challenges in defense security environments, from access management to detecting and preventing insider threats. The paper also discusses the importance of deploying modern technologies to protect defense security infrastructure from sophisticated cyber-attacks.

Despite the ZT concept’s widespread introduction and use, there are still a lot of unanswered questions regarding its practical implementation and study, particularly in the Korean context. There is recognition of the ZT concept, but clearer models and precise directions are needed for its application in organizations, especially in Korean business environments. Therefore, this research aims to build a more effective information security system and verification for ZTA that helps organizations combat increasingly sophisticated cyber threats.

3. Zero Trust Architecture Design

The spread of mobile, the Internet of things, and the cloud has created a telecommuting/work-from-home environment, and as a non-face-to-face society keeps developing post-COVID-19, the need to change the traditional cybersecurity system to protect corporate networks has emerged. In addition, as the system packets that need to be analyzed have become more diverse, with their quantity only increasing and cyber-attacks have also become more sophisticated and intelligent, existing security models have reached their limits. There are limits to existing security policies as the number of recent breaches keeps increasing to keep pace with the number of cases exploiting loopholes in implicit trust policies, such as insider collusion or authority theft. A new security paradigm that takes this situation into account is ZTA.

The existing perimeter security model assumes that access requests from inside the network can be trusted to a certain degree, so the internal network and external network are separated by installing a security perimeter wall (firewall) in between them. Because the internal network is implicitly designated as a trusted area, data leaks occur due to attacks by hackers infiltrating from within, theft of system rights by internal conspirators, or lateral movement. By contrast, the ZTA model starts from the assumption that hackers can exist in either internal or external networks and that all access requests are untrustworthy. Therefore, all data and computing services that need to be protected are separated into individual resources and protected. This model also requires thorough authentication of network accessors and granting minimal access rights. To this end, terminal authentication and access permission are controlled using network control access (NAC) and endpoint detection and response (EDR). EDR is a solution that detects and responds to a threat occurring on user terminals and can analyze in linkage with SIEM detects and responds to malware in real-time and visualizes activity logs.

By contrast, the principle of multi-factor authentication (MFA) should be applied to implement strict authentication of ZT. MFA is a multi-step account login process that requires users to enter additional information other than their password. Since a password alone is not sufficient for security, additional authentication methods can be applied to ensure user authentication and prevent password theft. However, FIDO using biometrics can provide security and convenience to users while satisfying the above requirements.

Table 2 above describes security solutions that can assist compliance with the basic principles of the ZT guide. Although there are many security devices in addition to those presented above, we have selected and designed a system that can best implement the basic principles of a ZTA. Even within the intranet, it was designed to comply with the ZT principle by applying authentication and encryption when accessing each system.

Therefore, in this paper, SSL and DRM have been used to propose and verify a ZTA, because, among the many principles of ZTA, it can satisfy the principle of centralized policy management and access control that can create the basis with a minimal system and secure all communication regardless of network location.

Figure 5 above shows the implementation of segments using a network separation (physical or logical) solution that separates the external network from the internal network for strong security. The segments are separated by installing intelligent switches or routers, next-generation firewalls, etc., at the discretion of the company. The intranet is designed to communicate by applying encryption using SSL and DRM. A network separation solution is a device that can increase the level of security as a perimeter security solution along with a firewall, even though it is easy to regard its security as weak since the ZT guidelines classify it as a perimeter-based model.

In this paper, we used DRM authentication instead for the authentication security test of FIDO. Authentication is important in DRM because DRM works after authenticating the owner’s document first for document security. The document confidentiality and availability can be satisfied only when ownership and access rights to individuals and groups are granted after authentication.

If the proposed system passes the verification of the network security safety requirements of the ZTA, a reliable architecture can be implemented to prevent the leakage of corporate documents and hacking incidents.

4. Experiment Setup and Performance Evaluation

4.1. Experiment Setup

In this experimental setup, we focus on designing and verifying a security system based on the ZTA, as shown in Figure 5. The network topology is structured multi-layered including separate layers for identity and user management, device and endpoint security, network protection, system integrity, application security, and data management. The experiment setup uses a web server, firewall appliance, VPN gateway, and endpoints (laptops and mobile devices). Each device is configured to simulate real-world operations while adhering to ZT principles. We utilized various tools to support the testing process, including GNS3 for simulating the network environment, Wireshark for analyzing network traffic, and Splunk for real-time monitoring and logging of security events.

The modeled network in GNS3 is presented in Figure 6. The GNS3 model architecture consists of two main zones, the Intranet Zone and the Internet Zone, security components, and connections between them. In the Intranet Zone, three internal PCs are connected to a Layer 2 (L2) switch, which allows communication between devices on the internal network. These computers lead to a Layer 4 (L4) switch, which manages traffic based on L4 information and routes traffic to different services. The L4 switch connects to two firewalls, ensuring strict control of inbound and outbound traffic. The L4 also connects to the security monitor to monitor network activities and the Web Server to serve external requests. In addition, the L4 switch connects to a NAC server to manage access rights, ensuring that only authenticated devices can join the network. All these connections are routed to a central PC in the intranet, which performs overall management and monitoring tasks. In the Internet Zone, a PC is connected to the central PC in the Intranet Zone, allowing communication between the two zones. These computers are connected to a switch, which has many functions, including connecting to a VPN server to provide secure remote access and an NAC server to control access to devices from the internet. This switch is also connected to three internet PCs, allowing users from outside to access the network. Next, the switch connects to the DMZ firewall, which protects public services from internet attacks. After the DMZ firewall, traffic goes through the Intrusion Detection/Prevention System (IDS/IPS) system to detect and prevent intrusions. Finally, the system also has a DDoS protection mechanism to prevent distributed denial of service attacks before traffic is sent to the internet. Our architecture creates multiple layers of security, protecting network resources and ensuring the safety of internet-facing services.

Additionally, we have deployed security solutions for EDR and DLP on the endpoints to ensure comprehensive protection against threats. The security system integrates key components, such as FIDO for strong authentication and NAC for network access control. Device and endpoint security is implemented through EDR and DLP, while network protection uses SSL to encrypt communications, firewalls to filter traffic, and VPNs to enable secure remote access. The SecureOS operating system provides a secure foundation for applications and services. Finally, DRM technology manages and protects access to sensitive information. This experiment setup aims to evaluate the effectiveness of ZTA design, ensuring that every access request is authenticated, authorized, and continuously audited throughout the user session.

4.2. Verification Scope

Several security systems reflect the core principles of a ZTA presented in Table 2 above, but in this paper, the scope of verification is limited to two systems (i.e., SSL, DRM) that have a significant impact on the key points of the basic principles. We actively identify security vulnerabilities that may occur while delivering SSL and DRM to the affected legacy system and check and verify essential elements that must be performed in the process.

The verification scope is limited to four areas as follows. The first is SSL encryption/decryption over the Internet. The second is encryption/decryption using the server DRM module. The third is encryption/decryption after document exchange between the two legacy systems.

4.3. Verification Method

For verification, SSL is tested first. The document system connected to an external network (Internet) is accessed, and document files are uploaded. Then, the network is captured and verified as to whether SSL encryption/decryption is performed. Second, DRM is tested. To test encryption/decryption, DRM-encrypted files in the web application server (WAS) file area are verified and transferred to the legacy system using server DRM decryption, and then the originals of the file are compared and verified.

4.4. Verification Scenario

We created a scenario to verify centralized access control and communication protection technology in the design of the ZTA presented in this paper.

Figure 7 above shows the test for the SSL section used in the intranet and public Internet. The network capture when SSL is not applied is compared with the network capture when SSL is applied. Document reception/decryption or encryption/decryption (DRM) testing is required. First, to transmit the communication document with SSL applied, a communication document (other) is created and sent in the section capture test when SSL is not applied.

Second, the attached file (text file) and the captured contents of the capture program are checked. However, the recipient first receives the communication document and checks whether DRM is applied to the attached file in the document reception/decryption or encryption/decryption (DRM) test. Finally, the attached file is opened to check whether it opens normally.

4.5. Performing Verification

The validation test is conducted based on a predefined scenario. The network evaluated spans between the actual internet and intranet of an energy plant, where SSL stability is assessed by sniffing TCP packets between servers and clients using the traffic capture program, Wireshark. Additionally, the process of encrypting and decrypting files is verified using commercial DRM within the document information system on the intranet.

• (1). SSL Test (non-encrypted) in the Internet Section

When a document is exchanged over the Internet, it may be vulnerable to security and hacking. When SSL is not applied, the document can be altered or stolen in the middle. The purpose of the test is to check whether the original content can be viewed in the network section capture program when a document is sent without SSL.

Figure 8 above shows the original sample file created to test the state when SSL is not applied in the Internet section. The original file is sent via the network. Then, it is checked as to whether the “gksrmfdldy” phrase in the original file is captured in plain text without encryption in Figure 9 below. If the original text is displayed as is, it means that SSL encryption is not applied to the network section.

Figure 9 above shows the image of the SSL section captured using network packet capture software (Wireshark4.0.0). The capture shows that the plain text content is transmitted in plain text without encryption during communication. It shows that the original phrase “gksrmfdldy” is plain text without encryption. If data is exchanged without encryption even on the intranet, there is a risk of information exposure by hackers, and the result proves that even on the intranet, where devices and networks can trust each other, can become dangerous.

• (2). SSL Test (encrypted) in the Internet Section

The purpose of this test is to check whether the document was encrypted in the network section when it was created and sent after applying SSL encryption. Once encryption is applied, risks can be removed from the internal network to create a trust section and ensure integrity.

Figure 10 above shows the image of capturing the network using software (Wireshark) after applying SSL. We can see that the original file was encrypted after applying SSL, and the body text of the captured packet was encrypted when verified by comparison. Network communication should be designed to comply with ZTA’s basic principle of “Never Trust, Always Verify” on the assumption that there is a hacker inside, because confidentiality and integrity, part of three important security elements, can be strengthened by doing so.

• (3). Digital Right Management (DRM) Encryption Test

DRM plays an important role in maintaining accountability in the corporate sector’s electronic documents, ranging from creation to disposal of the document life cycle. As the number of cases of companies suffering damage due to the leakage of important company information and service customer information only increases, the security of documents containing this information is emphasized in internal networks as well. The DRM test aims to check whether documents are exchanged confidentially on the internal network.

Alternatively, Figure 11 above shows a configuration diagram in which each user accesses the DRM server on the intranet, receives the DRM module after authentication, and decrypts using the decryption key. Whenever users attempt to encrypt a document after accessing the DRM server, a decryption log of the document is left, thereby increasing usage traceability.

A test is conducted to check whether the attached file of the document system is encrypted by DRM. As shown in Table 3 above, the file encrypted by DRM and saved in the system is opened and its contents are viewed after sending the document for the test. Also, the binary of the encrypted file is checked as to whether DRM is applied. The result is that the file cannot be opened normally, which means that DRM is working normally, preventing insiders or attackers from using unauthorized files even if they successfully extract them externally. Encrypted files protect sensitive internal information and help implement the trusted ZTA.

• (4). DRM Decryption Test

The previous test is designed to check whether the document is normally encrypted by DRM, while the test at hand is to check whether the recipient can open the DRM of the attached file normally.

When the recipient receives the communication document, the recipient opens the attached file to check whether it is opened normally, thereby checking the DRM application status of the attached file. Table 4 above shows that the binary file of the original file and that of the decrypted file are the same, which also means that the decrypted file is the same as the original document.

• (5). Attached file encryption/decryption test in the legacy system

Various types of inputs (documents) are delivered to the legacy system by applying SSL and DRM security, and in the process, the safety of attached file encryption/decryption, which is an important element, is checked and verified through testing.

Table 5 above shows the test that verifies whether security technology is applied when documents distributed from the legacy system to other systems are stored. The binary of the original file with the extension “xlsx” is checked, and the DRM-encrypted file is opened. The result shows that the file is not opened normally. When the decryption of the encrypted file is verified, the decrypted file is the same as the original binary file, and the file with the extension “xlsx” is opened normally.

4.6. Verification Results and Discussion

The purpose of implementing ZTA is to prevent hacking and leakage of documents distributed in a groupware system that transmits/receives documents from the external network to the internal network. We have proposed to design a more stable and high-level security system by integrating the existing hardware-based security system with a software-based information security system and standard technologies, such as SSL. It was confirmed that possible threats could be prevented by proceeding with the information security process based on the verification scenario.

To verify whether hacking and leakage of documents were properly prevented during the document encryption/decryption process, the verification scope was set, verification scenarios were prepared, and verification was conducted on the existing legacy system regarding “SSL encryption/decryption through the public network”, “encryption/decryption using server DRM module”, “deletion status after sending data (document)”, “original movement status of the legacy system”. According to the result of verifying before and after applying SSL to communication in the network section using various types of input (documents), the plain text was encrypted in the section where SSL was applied. In addition, the process of delivering to the legacy system with DRM security applied was verified for safety by comparing and analyzing before and after applying the password, just like SSL. To reduce risk, intranets should also remove implicit confidence intervals and verify all access attempts.

Figure 12 shows the graph of the SSL and DRM performance status, which is a security method for each level that is typically required as a method to ensure compliance with the three core principles of ZT when establishing a company’s security policy.

Meanwhile, Figure 12 shows the triangle model of the three core elements of a ZT architecture that can represent completeness. The orange color at the edge of the equilateral triangle is the goal to be achieved, and the blue color inside represents the score of this test. The closer the outer shape is to an equilateral triangle and the larger it is, the more complete the ZT model becomes. Despite this, if even one element is not satisfied, a perfect equilateral triangle cannot be created, which indicates a deficiency in the three core security elements.

5. Conclusions

Hacking threats keep increasing due to the weak security environment caused by the increase in mobile devices, the Internet of Things, and cloud-based home/remote work and environmental changes, such as greater non-face-to-face access post-COVID-19. The time has arrived to transition to a security system based on a detailed authentication system, control of all access requests, and granting of minimum rights. ZT is not a standalone security solution but rather a framework of concepts aimed at achieving a higher level of security.

It provides a paradigm that outlines the fundamental philosophy, core principles, and operational guidelines for enhanced security [40,41,42,43,44,45]. While the guiding principle of ZT has gained widespread acceptance, many corporate security managers remain uncertain about how to implement ZT effectively.

In this paper, we have proposed a design to implement the basic concept of a ZT architecture and verify whether the proposed design is safe. SSL was applied to the internal network to encrypt the network section, and a document DRM system was established to secure document distribution. By using SSL and DRM, we have been able to change the untrusted section of the internal network into a more reliable network section, which makes it difficult for attackers to move laterally and helps implement ZT because even if the data is stolen, it cannot be read externally due to encryption.

Meanwhile, the basic principle of ZT can be satisfied by applying a two-factor authentication solution that supports (multi-factor authentication) MFA to prevent identity theft and strengthen device and user authentication for terminal authentication. In addition, even within the confidence section, the principle of ZT can be better implemented by adding security equipment to monitor all traffic and ensure visibility.

Future research requires additional verification of security solutions to strengthen the minimum authority or authentication required to build a ZT environment.

Footnotes

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Enlarge this image.

Figure 1. Multiple layers to ensure network security.

Enlarge this image.

Figure 2. Zero Trust logical components.

Enlarge this image.

Figure 3. SSL certification process.

Enlarge this image.

Figure 4. SSL communication process.

Enlarge this image.

Figure 5. Configuration diagram of the ZTA security network.

Enlarge this image.

Figure 6. Experiment of Network architecture.

Enlarge this image.

Figure 7. Configuration diagram of SSL and DRM encryption/decryption verification.

Enlarge this image.

Figure 8. Original file for SSL testing.

Enlarge this image.

Figure 9. Content when not applying SSL (Wireshark).

Enlarge this image.

Figure 10. Network capture screen when applying SSL.

Enlarge this image.

Figure 11. Configuration diagram of DRM security test.

Enlarge this image.

Figure 12. ZTA test results.

References

1. The White House. M-22-09 Federal Zero Trust Strategy; The White House: Washington, DC, USA, 2022.

2. The White House. Executive Order on Improving the Nation’s Cybersecurity; The White House: Washington, DC, USA, 2021; Available online: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ (accessed on 1 October 2024).

3. Rose, S.; Bor, O.; Mit, S.; Con, S. NIST Special Publication 800-207 Zero Trust Architecture; National Institute of Standards and Technology Special Publication 800-207 National Institute of Standards and Technology: Gaithersburg, MD, USA, 2020.

4. Zero Trust Guidelines Report 1.0; Telecommunications Technology Association: Seongnam, Republic of Korea, 2023.

5. Wagner, D.; Bruce, S. Analysis of the SSL 3.0 protocol. Proceedings of the Second USENIX Workshop on Electronic Commerce Proceedings; Oakland, CA, USA, 18–21 November 1996; Volume 1.

6. Sirohi, P.; Agarwal, A.; Tyagi, S. A comprehensive study on security attacks on SSL/TLS protocol. Proceedings of the 2016 2nd International Conference on Next Generation Computing Technologies (NGCT); Dehradun, India, 14–16 October 2016; pp. 893-898. [DOI: https://dx.doi.org/10.1109/NGCT.2016.7877537]

7. El-Hajj, W. The most recent SSL security attacks: Origins, implementation, evaluation, and suggested countermeasures. Secur. Commun. Netw.; 2012; 5, pp. 113-124. [DOI: https://dx.doi.org/10.1002/sec.295]

8. KS, Information-Security-128Bit Block Ciper Algorithem ARIA-Part 1: KS X1213-1. 2004; Available online: https://datatracker.ietf.org/doc/html/rfc5794 (accessed on 1 October 2024).

9. RFC 3711 The Secure Real-Time Transport Protocol (SRTP); IETF: Wilmington, DE, USA, 2004.

10. OpenSSL—Cryptography and SSL/TLS Toolkit. Available online: https://www.openssl.org (accessed on 1 October 2024).

11. Srinivas, S.; John, K. FIDO Alliance. FIDO UAF Architectural Overview. FIDO Alliance Proposed Standard; FIDO Alliance: Mountain View, CA, USA, 2013.

12. Srinivas, S.; Dirk, B.; Eric, T.; Alexei, C. Universal 2nd Factor (U2F) Overview. FIDO Alliance Proposed Standard 15; FIDO Alliance: Mountain View, CA, USA, 2015.

13. Fido Alliance. Available online: http://fidoalliance.org (accessed on 1 October 2024).

14. Seo, C.-J. A study on the Security Enhancement of Enterprise Business System based on Zero Trust Network. J. Korea Acad.-Ind. Coop. Soc.; 2023; 24, pp. 551-555. [DOI: https://dx.doi.org/10.5762/KAIS.2023.24.6.551]

15. Lee, S.-A.; Kim, B.; Lee, H.; Park, W. An Enhancement of The Enterprise Security for Access Control based on Zero Trust. J. JKIICE; 2022; 26, pp. 265-270. [DOI: https://dx.doi.org/10.6109/jkiice.2022.26.2.265]

16. Lee, D.-I.; Lee, H.-K. A Study on the Application of Security Reinforcement Technology Reflecting Zero Trust Principles. J. Converg. Secur.; 2022; 22, pp. 3-11. [DOI: https://dx.doi.org/10.33778/kcsa.2022.22.3.003]

17. Kindervag, J. Build Security into Your Network’s DNA: The Zero Trust Network Architecture; For Security & Risk Professionals Forrester Research, Inc.: Cambridge, MA, USA, 2010.

18. Cybersecurity and Infrastructure Security Agency, Cybersecurity Division. Zero Trust Maturity Model; Cybersecurity and Infrastructure Security Agency: Washington, DC, USA, 2023.

19. ISO/IEC 18033-3 Information Technology—Security Techniques—Encryption—Part 3: Block Ciphers; ISO: Geneva, Switzerland, 2010; Available online: http://ncsc.go.kr:4018/PageLink.do (accessed on 1 October 2024).

20. NIST. (n.d.) Implementing a Zero Trust Architecture. Available online: https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture (accessed on 1 October 2024).

21. U.S. Department of Homeland Security. Secure Cyberspace and Critical Infrastructure. 2023; Available online: https://www.dhs.gov/secure-cyberspace-and-critical-infrastructure (accessed on 1 October 2024).

22. Statista (n.d.) U.S. Average Cost of a Data Breach. Available online: https://www.statista.com/statistics/273575/usaverage-cost-incurred-by-a-data-breach/ (accessed on 1 October 2024).

23. U.S. Government Accountability Office. Cybersecurity High-Risk Series: Challenges in Protecting Cyber Critical Infrastructure. 2023; Available online: https://www.gao.gov/products/gao-23-106441 (accessed on 1 October 2024).

24. The National Strategy for Homeland Security. Protecting Critical Infrastructures and Key Assets. Available online: https://www.hsdl.org/?view&did=783108 (accessed on 1 October 2024).

25. The White House. National Cybersecurity Strategy; The White House: Washington, DC, USA, 2023; Available online: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf (accessed on 1 October 2024).

26. Hasan, S.; Amundson, I.; Hardin, D. Zero-trust design and assurance patterns for cyber–physical systems. J. Syst. Archit.; 2024; 155, 103261. [DOI: https://dx.doi.org/10.1016/j.sysarc.2024.103261]

27. Patil, A.P.; Karkal, G.; Wadhwa, J.; Sawood, M.; Reddy, K.D. Design and Implementation of a Consensus Algorithm to build Zero Trust Model. Proceedings of the 2020 IEEE 17th India Council International Conference (INDICON); New Delhi, India, 10–13 December 2020; pp. 1-5. [DOI: https://dx.doi.org/10.1109/INDICON49873.2020.9342207]

28. Sengupta, B.; Anantharaman, L. Distritrust: Distributed and low-latency access validation in zero-trust architecture. J. Inf. Secur. Appl.; 2021; 63, 103023. [DOI: https://dx.doi.org/10.1016/j.jisa.2021.103023]

29. Zhang, P.; Tian, C.; Shang, T.; Liu, L.; Li, L.; Wang, W.; Zhao, Y. Dynamic access control technology based on zero-trust light verification network model. Proceedings of the 2021 International Conference on Communications, Information System and Computer Engineering (CISCE); Beijing, China, 14–16 May 2021; IEEE: Piscataway, NJ, USA, pp. 712-715.

30. Sasada, T.; Taenaka, Y.; Kadobayashi, Y.; Fall, D. Web-Biometrics for User Authenticity Verification in Zero Trust Access Control. IEEE Access; 2024; 12, pp. 129611-129622. [DOI: https://dx.doi.org/10.1109/ACCESS.2024.3413696]

31. Stern, A.; Wang, H.; Rahman, F.; Farahmandi, F.; Tehranipoor, M. ACED-IT: Assuring Confidential Electronic Design Against Insider Threats in a Zero-Trust Environment. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.; 2022; 41, pp. 3202-3215. [DOI: https://dx.doi.org/10.1109/TCAD.2021.3127864]

32. Edo, O.C.; Ang, D.; Billakota, P.; Ho, J.C. A zero trust architecture for health information systems. Health Technol.; 2024; 14, pp. 189-199. [DOI: https://dx.doi.org/10.1007/s12553-023-00809-4]

33. Sultana, M.; Hossain, A.; Laila, F.; Abu Taher, K.; Islam, M.N. Towards developing a secure medical image sharing system based on zero trust principles and blockchain technology. BMC Med. Inform. Decis. Mak.; 2020; 20, 256. [DOI: https://dx.doi.org/10.1186/s12911-020-01275-y]

34. Paul, B.; Rao, M. Zero-trust model for smart manufacturing industry. Appl. Sci.; 2022; 13, 221. [DOI: https://dx.doi.org/10.3390/app13010221]

35. Daah, C.; Qureshi, A.; Awan, I.; Konur, S. Enhancing zero trust models in the financial industry through blockchain integration: A proposed framework. Electronics; 2024; 13, 865. [DOI: https://dx.doi.org/10.3390/electronics13050865]

36. Republic of Korea Ministry of Science and ICT. Zero Trust Guidelines 1.0; Republic of Korea Ministry of Science and ICT: Sejong, Republic of Korea, 2023.

37. Lee, Y.; Kim, J. Software Defined Perimeter (SDP) Authentication Mechanism for Zero Trust and Implementation of ECC Cryptoraphy. J. Korea Inst. Inf. Secur. Cryptol.; 2022; 32, pp. 1069-1080. [DOI: https://dx.doi.org/10.13089/JKIISC.2022.32.6.1069]

38. Kim, H.; Kim, Y.; Kim, S. A Study on the Security Requirements Analysis to build a Zero Trust-based Remote Work Environment. arXiv; 2024; arXiv: 2401.03675

39. Kim, Y.; Sohn, S.-G.; Kim, K.T.; Jeon, H.S.; Lee, S.-M.; Lee, Y.; Kim, J. Exploring Effective Zero Trust Architecture for Defense Cybersecurity: A Study. KSII Trans. Internet Inf. Syst. (TIIS); 2024; 18, pp. 2665-2691.

40. He, Y.; Huang, D.; Chen, L.; Ni, Y.; Ma, X. A survey on zero trust architecture: Challenges and future trends. Wirel. Commun. Mob. Comput.; 2022; 2022, 6476274. [DOI: https://dx.doi.org/10.1155/2022/6476274]

41. Teerakanok, S.; Uehara, T.; Inomata, A. Migrating to zero trust architecture: Reviews and challenges. Secur. Commun. Netw.; 2021; 2021, 9947347. [DOI: https://dx.doi.org/10.1155/2021/9947347]

42. Bertino, E. Zero trust architecture: Does it help?. IEEE Secur. Priv.; 2021; 19, pp. 95-96. [DOI: https://dx.doi.org/10.1109/MSEC.2021.3091195]

43. Phiayura, P.; Teerakanok, S. A comprehensive framework for migrating to zero trust architecture. IEEE Access; 2023; 11, pp. 19487-19511. [DOI: https://dx.doi.org/10.1109/ACCESS.2023.3248622]

44. Fernandez, E.B.; Brazhuk, A. A critical analysis of Zero Trust Architecture (ZTA). Comput. Stand. Interfaces; 2024; 89, 103832. [DOI: https://dx.doi.org/10.1016/j.csi.2024.103832]

45. Huh, J.-H.; Seo, K. Design and test bed experiments of server operation system using virtualization technology. Hum.-Centric Comput. Inf. Sci.; 2016; 6, 1. [DOI: https://dx.doi.org/10.1186/s13673-016-0060-7]