A ZERO-TRUST SECURITY FRAMEWORK WITH CONTINUOUS AUTHENTICATION FOR SECURE SYSTEMS

International Journal of Computer Science (IJCS) Published by SK Research Group of Companies (SKRGC)

Abstract

Traditional perimeter-based security models are increasingly inadequate in protecting modern distributed systems. This paper presents a zero-trust security model implemented through continuous authentication mechanisms. The proposed framework continuously evaluates user identity and device behavior using contextual and behavioral attributes rather than relying on one-time authentication. Machine learning techniques are employed to dynamically assess trust levels and enforce adaptive access control policies. Experimental analysis indicates that continuous authentication significantly reduces unauthorized access risks while maintaining usability. The proposed zero-trust model provides a robust security foundation for cloud and enterprise environments.

References

1. J. Kindervag, "Build security into your network's DNA: The zero trust network architecture," Forrester Research, Tech. Rep., 2010.
2. NIST, "Zero Trust Architecture," NIST Special Publication 800-207, Gaithersburg, MD, USA, 2020.
3. S. Rose, O. Borchert, S. Mitchell, and S. Connelly, "Zero Trust Architecture," NIST SP 800-207, Aug. 2020.
4. D. Ferraiolo, M. Kuhn, and R. Chandramouli, "Role-based access control," IEEE Computer, vol. 38, no. 7, pp. 96-99, Jul. 2005.
5. A. Jain, K. Nandakumar, and A. Ross, "Score normalization in multimodal biometric systems," Pattern Recognition, vol. 38, no. 12, pp. 2270-2285, Dec. 2005.
6. Y. Sun, Z. Wang, and Y. Liu, "Continuous authentication using behavioral biometrics," IEEE Transactions on Information Forensics and Security, vol. 15, pp. 2745-2757, 2020.
7. M. Conti, N. Dragoni, and V. Lesyk, "A survey of man-in-the-middle attacks," IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. 2027-2051, Third Quarter 2016.
8. T. Z. Tan, J. Chen, and S. Li, "Continuous user authentication based on keystroke dynamics," IEEE Access, vol. 7, pp. 110431-110442, 2019.
9.  R. B. Basnet, S. Mukkamala, and A. H. Sung, "Detection of phishing attacks: A machine learning approach," IEEE Computer Society, pp. 1-8, 2008.
10. M. Almorsy, J. Grundy, and A. S. Ibrahim, "Collaboration-based cloud computing security management framework," IEEE International Conference on Cloud Computing, pp. 364-371, 2011.
11. Teixeira et al., "Continuous Authentication Using Behavioral Biometrics," IEEE Security & Privacy, vol. 12, no. 4, pp. 52-60, 2014.
12. Rose et al., "Zero Trust Architecture," IEEE Computer, vol. 52, no. 6, pp. 40-48, 2019.
13. M. E. Fagan and M. M. Khan, "Adaptive Access Control and Continuous Authentication in Zero Trust Environments," IEEE Access, vol. 9, pp. 145321-145334, 2021.
14. Microsoft, "Windows 11 Core Philosophy and Security," Official Documentation, 2021.
15. Python Software Foundation, "Python History and Key Features," PSF Documentation, 2023

Keywords

Zero-Trust, Continuous Authentication, Adaptive Access Control, Behavioral Biometrics, Cybersecurity, Risk Assessment.