A Survey of Zero Trust Management for Large-Scale Internet of Things

XING Fang-yuan; DONG Ao; SUN Yu-yi; TONG Fei; HE Shi-bo; CHENG Guang

doi:10.12263/DZXB.20250228

您当前的位置：

首页 >

文章列表页 >

A Survey of Zero Trust Management for Large-Scale Internet of Things

SURVEYS AND REVIEWS | 更新时间：2025-12-27

- A Survey of Zero Trust Management for Large-Scale Internet of Things
- ACTA ELECTRONICA SINICA Vol. 53, Issue 8, Pages: 2993-3025(2025)
- 作者机构：
  
  1.东南大学网络空间安全学院，江苏南京 211189
  2.杭州师范大学信息科学与技术学院，浙江杭州 311121
  3.浙江大学控制科学与工程学院，浙江杭州 310058
- 作者简介：
- 基金信息：
  
  National Natural Science Foundation of China(62472085)
- DOI：10.12263/DZXB.20250228
  CLC： TP393.0;
- Received：26 March 2025，
  
  Accepted：28 July 2025，
  
  Published：25 August 2025
- 稿件说明：
移动端阅览
邢方圆, 董傲, 孙羽羿, 等. 面向大规模物联网的零信任管理研究综述[J]. 电子学报, 2025, 53(08): 2993-3025.

XING Fang-yuan, DONG Ao, SUN Yu-yi, et al. A Survey of Zero Trust Management for Large-Scale Internet of Things[J]. Acta Electronica Sinica, 2025, 53(08): 2993-3025.
邢方圆, 董傲, 孙羽羿, 等. 面向大规模物联网的零信任管理研究综述[J]. 电子学报, 2025, 53(08): 2993-3025. DOI：10.12263/DZXB.20250228

XING Fang-yuan, DONG Ao, SUN Yu-yi, et al. A Survey of Zero Trust Management for Large-Scale Internet of Things[J]. Acta Electronica Sinica, 2025, 53(08): 2993-3025. DOI：10.12263/DZXB.20250228

摘要

随着物联网（Internet of Things，IoT）技术的快速发展和广泛应用，大规模IoT（Large Scale IoT，LS-IoT）的部署已成为实现智能化、高效化社会基础设施的必然趋势.然而，由于大规模网络具有异构化、高时变性和广分布的特点，导致网络与信息安全问题日益凸显.传统的基于边界防护（Perimeter Based Security，PBS）的安全模型难以有效应对LS-IoT中复杂且动态的威胁.零信任架构（Zero Trust Architecture，ZTA）强调“永不信任，始终验证”的安全理念，为保障LS-IoT的安全提供了一种潜在解决方案.本文首先系统综述了ZTA的三大核心能力，包括软件定义边界（Software-Defined Perimeter，SDP）、身份识别与访问管理（Identity and Access Management，IAM）、微隔离（Micro-SeGmentation，MSG）.其次，结合LS-IoT的特点和需求，深入探讨了实现ZTA核心能力所需的七大关键技术，包括持续身份认证、动态访问控制、轻量加密技术、身份治理与管理（Identity Governance and Administration，IGA）、终端安全、网络隔离以及持续监控.再次，以ZTA在工业IoT、5G医疗、自动驾驶和远程办公四个典型场景的实际应用为例，探讨了ZTA在提升网络安全性方面的有效性.最后，文章分析了大语言模型（Large Language Model，LLM）、生成式人工智能（Artificial Intelligence，AI）、可解释性人工智能（eXplainable Artificial Intelligence，XAI）、边缘计算和后量子加密（Post Quantum Cryptography，PQC）等前沿技术与ZTA的融合，并展望了ZTA未来的发展方向.通过上述工作，旨在为ZTA的实际应用和LS-IoT的安全保障提供参考.

Abstract

With the rapid development and extensive application of internet of things (IoT) technologies

the large-scale deployment of IoT (LS-IoT) has become an inevitable trend for building intelligent and efficient social infrastructure. However

the heterogeneous

time-varying

and widely distributed nature of large-scale networks has led to increasingly prominent network and information security issues. Conventional perimeter-based security (PBS) models struggle to address complex and evolving threats in LS-IoT environments. The zero trust architecture (ZTA)

which emphasizes the security principle of “never trust

always verify”

provides a potential solution for ensuring the security of LS-IoT systems. Initially

this paper systematically reviews the three core capabilities of ZTA

including software-defined perimeter (SDP)

identity and access management (IAM)

and micro-segmentation (MSG). Subsequently

aligning with the characteristics and requirements of LS-IoT

we delve into seven critical enabling technologies for implementing ZTA

including continuous identity authentication

dynamic access control

lightweight encryption technology

identity governance and management (IGM)

terminal security

network isolation

and continuous monitoring. Then

throught practical applications in four representative scenarios

such as industrial IoT

5G-enabled healthcare

autonomous driving

and remote work

this paper illustrates the effectiveness of ZTA in enhancing network security. Ultimately

this paper explores the integration of emerging technologies

such as large language models (LLM)

generative artificial intelligence (AI)

explainable machine learning (XML)

edge computing

and post-quantum encryption (PQC) with ZTA

and discusses the future development directions of ZTA. This work aims to provide valuable insights for advancing ZTA implementation and strengthening security assurance in large-scale IoT.

关键词

Keywords

references

LOWDERMILK J , SETHUMADHAVAN S . Towards zero trust: An experience report [C ] // 2021 IEEE Secure Development Conference . Piscataway : IEEE , 2021 : 79 - 85 .

YAN W , ZHANG N , NJILLA L L , et al . PCBChain: Lightweight reconfigurable blockchain primitives for secure IoT applications [J ] . IEEE Transactions on Very Large Scale Integration (VLSI) Systems , 2020 , 28 ( 10 ): 2196 - 2209 .

KINDERVAG J . Build security into your network’s DNA: The zero trust network architecture [EB/OL ] . ( 2010-11-05 )[ 2025-02-23 ] . https://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf https://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf .

蹇诗婕 , 卢志刚 , 杜丹 , 等 . 网络入侵检测技术综述 [J ] . 信息安全学报 , 2020 , 5 ( 4 ): 96 - 122 .

JIAN S J , LU Z G , DU D , et al . Overview of network intrusion detection technology [J ] . Journal of Cyber Security , 2020 , 5 ( 4 ): 96 - 122 . (in Chinese)

卿斯汉 , 蒋建春 , 马恒太 , 等 . 入侵检测技术研究综述 [J ] . 通信学报 , 2004 , 25 ( 7 ): 19 - 29 .

QING S H , JIANG J C , MA H T , et al . Research on intrusion detection techniques: A survey [J ] . Journal of China Institute of Communications , 2004 , 25 ( 7 ): 19 - 29 . (in Chinese)

钱伟中 , 王蔚然 , 袁宏春 . 分布式防火墙环境的边界防御系统 [J ] . 电子科技大学学报 , 2005 , 34 ( 4 ): 513 - 516 .

QIAN W Z , WANG W R , YUAN H C . Boundary defense system based on DFW [J ] . Journal of University of Electronic Science and Technology of China , 2005 , 34 ( 4 ): 513 - 516 . (in Chinese)

ALSHALAN A , PISHARODY S , HUANG D J . A survey of mobile VPN technologies [J ] . IEEE Communications Surveys & Tutorials , 2016 , 18 ( 2 ): 1177 - 1196 .

SEXTON C , KAMINSKI N J , MARQUEZ-BARJA J M , et al . 5G: Adaptable networks enabled by versatile radio access technologies [J ] . IEEE Communications Surveys & Tutorials , 2017 , 19 ( 2 ): 688 - 720 .

任彦冰 , 李兴华 , 刘海 , 等 . 基于区块链的分布式物联网信任管理方法研究 [J ] . 计算机研究与发展 , 2018 , 55 ( 7 ): 1462 - 1478 .

REN Y B , LI X H , LIU H , et al . Blockchain-based trust management framework for distributed Internet of Things [J ] . Journal of Computer Research and Development , 2018 , 55 ( 7 ): 1462 - 1478 . (in Chinese)

SAAD M , SPAULDING J , NJILLA L , et al . Exploring the attack surface of blockchain: A comprehensive survey [J ] . IEEE Communications Surveys & Tutorials , 2020 , 22 ( 3 ): 1977 - 2008 .

ROSE S , BORCHERT O , MITCHELL S , et al . Zero trust architecture [EB/OL ] . ( 2020-08-01 )[ 2025-02-23 ] . https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf .

WARD R , BEYER B . BeyondCorp: A new approach to enterprise security [J ] . The Magazine of USENIX & SAGE , 2014 , 39 ( 6 ): 6 - 11 .

LI S Z , MENG W C , LIU C , et al . Feature attention distillation defense for backdoor attack in artificial-neural-network-based electricity theft detection [J ] . IEEE Internet of Things Journal , 2024 , 11 ( 24 ): 39880 - 39889 .

TONG F , CHEN X , HUANG C , et al . Blockchain-assisted secure intra/inter-domain authorization and authentication for internet of things [J ] . IEEE Internet of Things Journal , 2023 , 10 ( 9 ): 7761 - 7773 .

YANG X J , TONG F , JIANG F , et al . A lightweight and dynamic open-set intrusion detection for industrial Internet of Things [J ] . IEEE Transactions on Information Forensics and Security , 2025 , 20 : 2930 - 2943 .

TONG F , CHEN C , PAN J P . A novel detection and localization scheme for wormhole attack in internet of things [J ] . IEEE Internet of Things Journal , 2024 , 11 ( 4 ): 7141 - 7152 .

LIU C , HE S B , LI S Z , et al . Time-series multi-instance learning for weakly supervised industrial fault detection [J ] . IEEE Transactions on Industrial Informatics , 2025 , 21 ( 4 ): 3326 - 3335 .

CHEN Y C , LIU G B , ZHANG Z , et al . Improving physical layer security for multi-UAV systems against hybrid wireless attacks [J ] . IEEE Transactions on Vehicular Technology , 2024 , 73 ( 5 ): 7034 - 7048 .

ZENG J , LI Y X , RAN Y L , et al . Efficient view path planning for autonomous implicit reconstruction [C ] // 2023 IEEE International Conference on Robotics and Automation . Piscataway : IEEE , 2023 : 4063 - 4069 .

ZHOU Y Y , CHENG G , OUYANG Z , et al . Resource-efficient low-rate DDoS mitigation with moving target defense in edge clouds [J ] . IEEE Transactions on Network and Service Management , 2025 , 22 ( 1 ): 168 - 186 .

SHAO Z L , CHEN T Z , CHENG G , et al . AF-FDS: An accurate, fast, and fine-grained detection scheme for DDoS attacks in high-speed networks with asymmetric routing [J ] . IEEE Transactions on Network and Service Management , 2023 , 20 ( 4 ): 4964 - 4981 .

王航宇 , 吕飞 , 程裕亮 , 等 . 工业物联网零信任安全研究综述 [J/OL ] . 计算机研究与发展 . ( 2025-04-08 )[ 2025-07-28 ] . https://kns.cnki.net/KCMS/detail/detail.aspx?filename=JFYZ2025040300A&dbname=CJFD&dbcode=CJFQ https://kns.cnki.net/KCMS/detail/detail.aspx?filename=JFYZ2025040300A&dbname=CJFD&dbcode=CJFQ .

WANG H Y , LYU F , CHENG Y L , et al . Review on zero trust security of industrial internet of things [J/OL ] . Journal of Computer Research and Development . ( 2025-04-08 )[ 2025-07-28 ] . https://kns.cnki.net/KCMS/detail/detail.aspx?filename=JFYZ2025040300A&dbname=CJFD&dbcode=CJFQ https://kns.cnki.net/KCMS/detail/detail.aspx?filename=JFYZ2025040300A&dbname=CJFD&dbcode=CJFQ . (in Chinese)

张宇 , 张妍 . 零信任研究综述 [J ] . 信息安全研究 , 2020 , 6 ( 7 ): 608 - 614 .

ZHANG Y , ZHANG Y . A survey of zero trust research [J ] . Journal of Information Security Research , 2020 , 6 ( 7 ): 608 - 614 . (in Chinese)

张泽洲 , 王鹏 . 零信任安全架构研究综述 [J ] . 保密科学技术 , 2021 ( 8 ): 8 - 16 .

ZHANG Z Z , WANG P . A survey of zero trust security architecture [J ] . Secrecy Science and Technology , 2021 ( 8 ): 8 - 16 . (in Chinese)

诸葛程晨 , 王群 , 刘家银 , 等 . 零信任网络综述 [J ] . 计算机工程与应用 , 2022 , 58 ( 22 ): 12 - 29 .

ZHUGE C C , WANG Q , LIU J Y , et al . Survey of zero trust network [J ] . Computer Engineering and Applications , 2022 , 58 ( 22 ): 12 - 29 . (in Chinese)

MOUBAYED A , REFAEY A , SHAMI A . Software-defined perimeter (SDP): State of the art secure solution for modern networks [J ] . IEEE Network , 2019 , 33 ( 5 ): 226 - 233 .

LUCION E L R , NUNES R C . Software defined perimeter: Improvements in the security of single packet authorization and user authentication [C ] // 2018 XLIV Latin American Computer Conference . Piscataway : IEEE , 2019 : 708 - 717 .

杨冬 , 程宗荣 , 田伟康 , 等 . 广义确定性标识网络 [J ] . 电子学报 , 2024 , 52 ( 1 ): 1 - 18 .

YANG D , CHENG Z R , TIAN W K , et al . Generalized deterministic identification networks [J ] . Acta Electronica Sinica , 2024 , 52 ( 1 ): 1 - 18 . (in Chinese)

QIU T , ZHAO Z , ZHANG T , et al . Underwater Internet of Things in smart ocean: System architecture and open issues [J ] . IEEE Transactions on Industrial Informatics , 2020 , 16 ( 7 ): 4297 - 4307 .

胡向东 , 张琴 . 基于特征组合优化的工业互联网恶意行为实时检测方法 [J ] . 电子学报 , 2024 , 52 ( 9 ): 3075 - 3085 .

HU X D , ZHANG Q . Real-time detection method of malicious behaviors in industrial internet based on feature combination optimization [J ] . Acta Electronica Sinica , 2024 , 52 ( 9 ): 3075 - 3085 . (in Chinese)

CAO B , ZHANG Y T , ZHAO J W , et al . Recommendation based on large-scale many-objective optimization for the intelligent internet of things system [J ] . IEEE Internet of Things Journal , 2022 , 9 ( 16 ): 15030 - 15038 .

ZHANG Y Y , HUANG Y , HUANG C , et al . Joint optimization of deployment and flight planning of multi-UAVs for long-distance data collection from large-scale IoT devices [J ] . IEEE Internet of Things Journal , 2024 , 11 ( 1 ): 791 - 804 .

YANG Z , ZHANG J , JIANG Y L , et al . An energy-efficient convolution-based partitioned collaborative perception algorithm for large-scale IoT services [J ] . IEEE Transactions on Industrial Informatics , 2024 , 20 ( 5 ): 7404 - 7413 .

EJAZ W , NAEEM M , ZEADALLY S . On-demand sensing and wireless power transfer for self-sustainable industrial internet of things networks [J ] . IEEE Transactions on Industrial Informatics , 2021 , 17 ( 10 ): 7075 - 7084 .

童率 , 王继良 . 低功耗广域网LoRa技术进展与研究挑战 [J ] . 电子学报 , 2024 , 52 ( 10 ): 3623 - 3642 .

TONG S , WANG J L . Progress and challenges of LoRa low power wide area networks [J ] . Acta Electronica Sinica , 2024 , 52 ( 10 ): 3623 - 3642 . (in Chinese)

YU Y , LIU S M , YEOH P L , et al . LayerChain: A hierarchical edge-cloud blockchain for large-scale low-delay industrial internet of things applications [J ] . IEEE Transactions on Industrial Informatics , 2021 , 17 ( 7 ): 5077 - 5086 .

XIE X , WANG H , LIU X J . Scheduling for minimizing the age of information in multisensor multiserver industrial internet of things systems [J ] . IEEE Transactions on Industrial Informatics , 2024 , 20 ( 1 ): 573 - 582 .

樊琳娜 , 李城龙 , 吴毅超 , 等 . 物联网设备识别及异常检测研究综述 [J ] . 软件学报 , 2024 , 35 ( 1 ): 288 - 308 .

FAN L N , LI C L , WU Y C , et al . Survey on IoT device identification and anomaly detection [J ] . Journal of Software , 2024 , 35 ( 1 ): 288 - 308 . (in Chinese)

PAL S , RABEHAJA T , HITCHENS M , et al . On the design of a flexible delegation model for the internet of things using blockchain [J ] . IEEE Transactions on Industrial Informatics , 2020 , 16 ( 5 ): 3521 - 3530 .

程冠杰 , 邓水光 , 温盈盈 , 等 . 基于区块链的物联网认证机制综述 [J ] . 软件学报 , 2023 , 34 ( 3 ): 1470 - 1490 .

CHENG G J , DENG S G , WEN Y Y , et al . Survey on blockchain-based internet of things authentication mechanisms [J ] . Journal of Software , 2023 , 34 ( 3 ): 1470 - 1490 . (in Chinese)

PENG Z , ZHANG A , WANG S , et al . Designing principles and constructing processes of the comprehensive evaluation indicator system [J ] . Science Research Management , 2017 , 38 : 209 - 215 .

LOGENTHIRAN T , SRINIVASAN D , KHAMBADKONE A M . Multi-agent system for energy resource scheduling of integrated microgrids in a distributed system [J ] . Electric Power Systems Research , 2011 , 81 ( 1 ): 138 - 148 .

GE Y F , ZHU Q Y . GAZETA: GAme-theoretic zero-trust authentication for defense against lateral movement in 5G IoT networks [J ] . IEEE Transactions on Information Forensics and Security , 2024 , 19 : 540 - 554 .

MENG L , HUANG D C , AN J H , et al . A continuous authentication protocol without trust authority for zero trust architecture [J ] . China Communications , 2022 , 19 ( 8 ): 198 - 213 .

ABUHAMAD M , ABUSNAINA A , NYANG D , et al . Sensor-based continuous authentication of smartphones’ users using behavioral biometrics: A contemporary survey [J ] . IEEE Internet of Things Journal , 2021 , 8 ( 1 ): 65 - 84 .

LIU J X , SIMSEK M , KANTARCI B , et al . Risk-aware fine-grained access control in cyber-physical contexts [J ] . Digital Threats: Research and Practice , 2022 , 3 ( 4 ): 1 - 29 .

ZHANG P Y , YANG P , KUMAR N , et al . RRV-BC: Random reputation voting mechanism and blockchain assisted access authentication for industrial internet of things [J ] . IEEE Transactions on Industrial Informatics , 2024 , 20 ( 1 ): 713 - 722 .

FANG H , WANG X B , AL-DHAHIR N , et al . Joint design of multi-dimensional multiple access and lightweight continuous authentication in zero-trust environments [C ] // GLOBECOM 2023 - 2023 IEEE Global Communications Conference . Piscataway : IEEE , 2024 : 3366 - 3371 .

KHAN S , THAPA C , DURRANI S , et al . Access-based lightweight physical-layer authentication for the internet of things devices [J ] . IEEE Internet of Things Journal , 2024 , 11 ( 7 ): 11312 - 11326 .

HARBACH M , DE LUCA A , EGELMAN S . The anatomy of smartphone unlocking: A field study of Android lock screens [C ] // Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems . New York : ACM , 2016 : 4806 - 4817 .

COYNE E , WEIL T . An RBAC implementation and interoperability standard: The INCITS cyber security 1.1 model [J ] . IEEE Security & Privacy , 2008 , 6 ( 1 ): 84 - 87 .

BHATTI R , BERTINO E , GHAFOOR A . A trust-based context-aware access control model for web-services [J ] . Distributed and Parallel Databases , 2005 , 18 ( 1 ): 83 - 105 .

BOBBA R , FATEMIEH O , KHAN F , et al . Attribute-based messaging: Access control and confidentiality [J ] . ACM Transactions on Information and System Security , 2010 , 13 ( 4 ): 1 - 35 .

TANG C L , FU X L , TANG P . Policy-based network access and behavior control management [C ] // 2020 IEEE 20th International Conference on Communication Technology . Piscataway : IEEE , 2020 : 1102 - 1106 .

ZONG Y , GUO Y , CHEN X Q . Policy-based access control for robotic applications [C ] // 2019 IEEE International Conference on Service-Oriented System Engineering . Piscataway : IEEE , 2019 : 368 - 3685 .

URIARTE M , ASTORGA J , JACOB E , et al . Expressive policy-based access control for resource-constrained devices [J ] . IEEE Access , 2018 , 6 : 15 - 46 .

GHAFOORIAN M , ABBASINEZHAD-MOOD D , SHAKERI H . A thorough trust and reputation based RBAC model for secure data storage in the cloud [J ] . IEEE Transactions on Parallel and Distributed Systems , 2019 , 30 ( 4 ): 778 - 788 .

FANG H , WANG X B , HANZO L . Adaptive trust management for soft authentication and progressive authorization relying on physical layer attributes [J ] . IEEE Transactions on Communications , 2020 , 68 ( 4 ): 2607 - 2620 .

ZHU H , XUE X S , XU M M , et al . Zero trust consumer IoT with robust federated learning over main-side blockchain [J ] . IEEE Transactions on Consumer Electronics , 2025 , 71 ( 1 ): 1180 - 1189 .

RIVEST R L , SHAMIR A , ADLEMAN L . A method for obtaining digital signatures and public-key cryptosystems [J ] . Communications of the ACM , 1978 , 21 ( 2 ): 120 - 126 .

REIS D , GENG H R , NIEMIER M , et al . IMCRYPTO: An in-memory computing fabric for AES encryption and decryption [J ] . IEEE Transactions on Very Large Scale Integration (VLSI) Systems , 2022 , 30 ( 5 ): 553 - 565 .

SMID M E , BRANSTAD D K . Data encryption standard: Past and future [J ] . Proceedings of the IEEE , 1988 , 76 ( 5 ): 550 - 559 .

MENEZES A , VAN OORSCHOT P , VANSTONE S . Elliptic curve public key cryptosystems [J ] . IEEE Transactions on Information Theory , 1993 , 39 ( 5 ): 1719 - 1724 .

SHAHBAZI K , KO S B . Area-efficient nano-AES implementation for Internet-of-things devices [J ] . IEEE Transactions on Very Large Scale Integration (VLSI) Systems , 2021 , 29 ( 1 ): 136 - 148 .

SYED N F , SHAH S W , SHAGHAGHI A , et al . Zero trust architecture (ZTA): A comprehensive survey [J ] . IEEE Access , 2022 , 10 : 57143 - 57179 .

CHATTERJEE R , CHAKRABORTY R . A modified lightweight PRESENT cipher for IoT security [C ] // 2020 International Conference on Computer Science, Engineering and Applications . Piscataway : IEEE , 2020 : 1 - 6 .

SEKAR G , MOUHA N , VELICHKOV V , et al . Meet-in-the-middle attacks on reduced-round XTEA [M ] // Topics in Cryptology-CT-RSA 2011 . Berlin, Heidelberg : Springer , 2011 : 250 - 267 .

HABIB M A , AHMAD M , JABBAR S , et al . Speeding up the Internet of Things: LEAIoT: A lightweight encryption algorithm toward low-latency communication for the internet of things [J ] . IEEE Consumer Electronics Magazine , 2018 , 7 ( 6 ): 31 - 37 .

吴海博 , 许瑶恭 , 李俊 . FPTC: 一种信息中心物联网缓存策略 [J ] . 软件学报 , 2022 , 33 ( 12 ): 4816 - 4837 .

WU H B , XU Y G , LI J . FPTC: An ICN-IoT caching scheme [J ] . Journal of Software , 2022 , 33 ( 12 ): 4816 - 4837 . (in Chinese)

KUPERBERG M . Blockchain-based identity management: A survey from the enterprise and ecosystem perspective [J ] . IEEE Transactions on Engineering Management , 2020 , 67 ( 4 ): 1008 - 1027 .

魏欣 , 王心妍 , 于卓 , 等 . 基于联盟链的物联网跨域认证 [J ] . 软件学报 , 2021 , 32 ( 8 ): 2613 - 2628 .

WEI X , WANG X Y , YU Z , et al . Cross domain authentication for IoT based on consortium blockchain [J ] . Journal of Software , 2021 , 32 ( 8 ): 2613 - 2628 . (in Chinese)

XIE H R , WANG Y J , DING Y , et al . Industrial wireless Internet zero trust model: Zero trust meets dynamic federated learning with blockchain [J ] . IEEE Wireless Communications , 2024 , 31 ( 2 ): 22 - 29 .

葛丽娜 , 栗海澳 , 王捷 . 基于多级代理许可区块链的联邦边缘学习模型 [J ] . 通信学报 , 2024 , 45 ( 4 ): 201 - 215 .

GE L N , LI H A , WANG J . Federated edge learning model based on multi-level proxy permissioned blockchain [J ] . Journal on Communications , 2024 , 45 ( 4 ): 201 - 215 . (in Chinese)

HUSSAIN M , PAL S , JADIDI Z , et al . Federated zero trust architecture using artificial intelligence [J ] . IEEE Wireless Communications , 2024 , 31 ( 2 ): 30 - 35 .

ZHANG Y , XU C X , LI H W , et al . PROTECT: Efficient password-based threshold single-sign-on authentication for mobile users against perpetual leakage [J ] . IEEE Transactions on Mobile Computing , 2021 , 20 ( 6 ): 2297 - 2312 .

SHANG C , CAO J , ZHU T , et al . CADFA: A clock skew-based active device fingerprint authentication scheme for class-1 IoT devices [J ] . IEEE Systems Journal , 2024 , 18 ( 1 ): 590 - 599 .

JI X Y , ZHOU X Y , YAN C , et al . A nonlinearity-based secure face-to-face device authentication for mobile devices [J ] . IEEE Transactions on Mobile Computing , 2022 , 21 ( 4 ): 1155 - 1171 .

BADHIB A , ALSHEHRI S , CHERIF A . A robust device-to-device continuous authentication protocol for the Internet of Things [J ] . IEEE Access , 2021 , 9 : 124768 - 124792 .

RAO SP , LIMONTA G , LINDQVIST J . Usability and security of trusted platform module (TPM) library APIs [C ] // Proceedings of the Eighteenth USENIX Conference on Usable Privacy and Security (SOUPS) . California : USENIX Association , 2022 : 213 - 232 .

ZHAO B , XIAO Y , HUANG Y Q , et al . A private user data protection mechanism in trustzone architecture based on identity authentication [J ] . Tsinghua Science and Technology , 2017 , 22 ( 2 ): 218 - 225 .

KWON D , SEO J , CHO Y , et al . PrOS: Light-weight privatized se cure OSes in ARM trustzone [J ] . IEEE Transactions on Mobile Computing , 2020 , 19 ( 6 ): 1434 - 1447 .

LUO L , ZHANG Y , WHITE C , et al . On security of trustzone-M-based IoT systems [J ] . IEEE Internet of Things Journal , 2022 , 9 ( 12 ): 9683 - 9699 .

SHU Z M , LIU Y G , WANG H N , et al . Research on the feasibility technology of Internet of Things terminal security monitoring [C ] // 2021 6th International Symposium on Computer and Information Processing Technology . Piscataway : IEEE , 2021 : 831 - 836 .

WANG J , HONG Z , ZHANG Y H , et al . Enabling security-enhanced attestation with intel SGX for remote terminal and IoT [J ] . IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems , 2018 , 37 ( 1 ): 88 - 96 .

NIE L S , WANG X J , WANG S P , et al . Network traffic prediction in industrial internet of things backbone networks: A multitask learning mechanism [J ] . IEEE Transactions on Industrial Informatics , 2021 , 17 ( 10 ): 7123 - 7132 .

ZHAO R J , HUANG Y T , DENG X W , et al . A novel traffic classifier with attention mechanism for industrial internet of things [J ] . IEEE Transactions on Industrial Informatics , 2023 , 19 ( 11 ): 10799 - 10810 .

肖警续 , 郭渊博 , 常朝稳 , 等 . 基于SDN的物联网边缘节点间数据流零信任管理 [J ] . 通信学报 , 2024 , 45 ( 7 ): 101 - 116 .

XIAO J X , GUO Y B , CHANG C W , et al . Zero trust management of data flow between IoT edge nodes based on SDN [J ] . Journal on Communications , 2024 , 45 ( 7 ): 101 - 116 . (in Chinese)

FENG T , BI J , WANG K . Allocation and scheduling of network resource for multiple control applications in SDN [J ] . China Communications , 2015 , 12 ( 6 ): 85 - 95 .

BARI M F , BOUTABA R , ESTEVES R , et al . Data center network virtualization: A survey [J ] . IEEE Communications Surveys & Tutorials , 2013 , 15 ( 2 ): 909 - 928 .

GOETHALS T , DE TURCK F , VOLCKAERT B . Extending Kubernetes clusters to low-resource edge devices using virtual kubelets [J ] . IEEE Transactions on Cloud Computing , 2022 , 10 ( 4 ): 2623 - 2636 .

GU L , ZENG D Z , GUO S , et al . A general communication cost optimization framework for big data stream processing in geo-distributed data centers [J ] . IEEE Transactions on Computers , 2016 , 65 ( 1 ): 19 - 29 .

SHEN M , YE K , LIU X T , et al . Machine learning-powered encrypted network traffic analysis: A comprehensive survey [J ] . IEEE Communications Surveys & Tutorials , 2023 , 25 ( 1 ): 791 - 824 .

YAO K D , SAYAGH M , SHANG W Y , et al . Improving state-of-the-art compression techniques for log management tools [J ] . IEEE Transactions on Software Engineering , 2022 , 48 ( 8 ): 2748 - 2760 .

CISCO . Cisco’s guide to zero trust maturity [EB/OL ] . ( 2025-01-01 )[ 2025-02-23 ] . https://www.cisco.com/c/en/us/products/security/zero-trust-maturity-guide.html https://www.cisco.com/c/en/us/products/security/zero-trust-maturity-guide.html .

CISCO . Cisco security outcomes for zero trust: Adoption,access, and automation [EB/OL ] . ( 2023-11-01 )[ 2025-02-23 ] . https://www.cisco.com/c/en/us/products/security/zero-trust-outcomes-report.html https://www.cisco.com/c/en/us/products/security/zero-trust-outcomes-report.html .

SERROR M , HACK S , HENZE M , et al . Challenges and opportunities in securing the industrial internet of things [J ] . IEEE Transactions on Industrial Informatics , 2021 , 17 ( 5 ): 2985 - 2996 .

LIN K , GAO J , HAN G J , et al . Intelligent blockchain-enabled adaptive collaborative resource scheduling in large-scale industrial internet of things [J ] . IEEE Transactions on Industrial Informatics , 2022 , 18 ( 12 ): 9196 - 9205 .

CAO Y , JIA F , MANOGARAN G . Efficient traceability systems of steel products using blockchain-based industrial internet of things [J ] . IEEE Transactions on Industrial Informatics , 2020 , 16 ( 9 ): 6004 - 6012 .

FENG X M , HU S Y . Cyber-physical zero trust architecture for industrial cyber-physical systems [J ] . IEEE Transactions on Industrial Cyber-Physical Systems , 2023 , 1 : 394 - 405 .

SIEMENS . Siemens news [EB/OL ] . ( 2022-01-01 )[ 2025-02-23 ] . https://w1.siemens.com.cn/news/news_articles/17509.aspx https://w1.siemens.com.cn/news/news_articles/17509.aspx .

大咖科技TechChic . 零信任架构在安全中的应用 [EB/OL ] . ( 2022-03-24 )[ 2025-02-23 ] . https://baijiahao.baidu.com/s?id=1728132845684495531 https://baijiahao.baidu.com/s?id=1728132845684495531 .

GE DIGITAL . Predix:工业互联网 [EB/OL ] . ( 2016-03-01 )[ 2025-02-23 ] . https://file.caixin.com/file/topic/ge2016new/predix.pdf https://file.caixin.com/file/topic/ge2016new/predix.pdf .

IBM . IBM newsroom [EB/OL ] . ( 2023-06-06 )[ 2025-02-23 ] . https://china.newsroom.ibm.com/2023-06-06-IBM-%2CIBM https://china.newsroom.ibm.com/2023-06-06-IBM-%2CIBM .

CSA工作组著. CSA大中华区零信任工作组译 . 基于零信任架构的医疗设备安全[EB/OL ] . ( 2023-09-01 )[ 2025-02-23 ] . https://www.c-csa.cn/mobile/research/results-detail/i-1900 https://www.c-csa.cn/mobile/research/results-detail/i-1900 .

CHEN B Z , QIAO S Y , ZHAO J , et al . A security awareness and protection system for 5G smart healthcare based on zero-trust architecture [J ] . IEEE Internet of Things Journal , 2021 , 8 ( 13 ): 10248 - 10263 .

邹光南 , 尤启迪 , 金星虎 , 等 . 面向车联网车辆的轻量级持续身份认证协议 [J ] . 电子学报 , 2024 , 52 ( 6 ): 1903 - 1910 .

ZOU G N , YOU Q D , JIN X H , et al . Lightweight continuous authentication protocol for vehicles in vehicular networks [J ] . Acta Electronica Sinica , 2024 , 52 ( 6 ): 1903 - 1910 . (in Chinese)

ANDERSON J , HUANG Q Q , CHENG L , et al . A zero-trust architecture for connected and autonomous vehicles [J ] . IEEE Internet Computing , 2023 , 27 ( 5 ): 7 - 14 .

HANGYAN . Hangyan charts [EB/OL ] . ( 2024-10-16 )[ 2025-02-23 ] . https://www.hangyan.co/charts/3479776161188284049 https://www.hangyan.co/charts/3479776161188284049 .

GOOGLE CLOUD . Zero trust and BeyondCorp: Google cloud [EB/OL ] . ( 2022-08-29 )[ 2025-02-23 ] . https://globalcloudplatforms.com/2022/08/29/zero-trust-and-beyondcorp-google-cloud/ https://globalcloudplatforms.com/2022/08/29/zero-trust-and-beyondcorp-google-cloud/ .

PECK J , BEYER B , BESKE C , et al . Colin beske and max slatonstall migrating to BeyondCorp maintaining productivity while improving security [EB/OL ] . ( 2017-07-01 )[ 2025-02-23 ] . https://research.google/pubs/migrating-to-beyondcorp-maintaining-productivity-while-improving-security/ https://research.google/pubs/migrating-to-beyondcorp-maintaining-productivity-while-improving-security/ .

VICTOR ESCOBEDO , BETSY BEYER , SLATONSTALL MAX . BeyondCrop5: The user experience [EB/OL ] . ( 2017-08-01 )[ 2025-02-23 ] . https://www.usenix.org/publications/login/fall2017/escobedo https://www.usenix.org/publications/login/fall2017/escobedo .

HUNTER K , MICHAEL J , BETSY B , et al . BeyondCorp: Building a healthy fleet [EB/OL ] . ( 2018-08-01 )[ 2025-02-23 ] . https://www.usenix.org/system/files/login/articles/login_fall18_05_king.pdf https://www.usenix.org/system/files/login/articles/login_fall18_05_king.pdf .

Barclay O , Justin M , Betsy B , et al . BeyondCorp: Design deployment at Google [EB/OL ] . ( 2016-01-01 )[ 2025-02-23 ] . https://research.google.com/pubs/pub44860.html?hl=zh-cn https://research.google.com/pubs/pub44860.html?hl=zh-cn .

MEI M Y , YAO M W , YANG Q H , et al . On the statistical delay performance of large-scale IoT networks [J ] . IEEE Transactions on Vehicular Technology , 2022 , 71 ( 8 ): 8967 - 8979 .

NABIL Y , ELSAWY H , AL-DHARRAB S , et al . Data aggregation in regular large-scale IoT networks: Granularity, reliability, and delay tradeoffs [J ] . IEEE Internet of Things Journal , 2022 , 9 ( 18 ): 17767 - 17784 .

AJIRLOU A F , KENARANGI F , SHAPIRA E , et al . NoD: A neural network-over-decoder for edge intelligence [J ] . IEEE Transactions on Very Large Scale Integration (VLSI) Systems , 2022 , 30 ( 10 ): 1438 - 1447 .

SCHIAVONE P D , ROSSI D , DI MAURO A , et al . Arnold: An eFPGA-augmented RISC-V SoC for flexible and low-power IoT end nodes [J ] . IEEE Transactions on Very Large Scale Integration (VLSI) Systems , 2021 , 29 ( 4 ): 677 - 690 .

RAVI P , HOWE J , CHATTOPADHYAY A , et al . Lattice-based key-sharing schemes: A survey [J ] . ACM Computing Surveys , 2022 , 54 ( 1 ): 1 - 39 .

MAHDI L H , ABDULLAH A A . Fortifying future IoT security: A comprehensive review on lightweight post-quantum cryptography [J ] . Engineering , Technology & Applied Science Research, 2025 , 15 ( 2 ): 21812 - 21821 .

RIBEIRO L A D S , SILVA LIMA J P DA , DE QUEIROZ R J G B , et al . SABER post-quantum key encapsulation mechanism (KEM): Evaluating performance in ARM and x64 architectures [J ] . Journal of Cryptographic Engineering , 2024 , 14 ( 1 ): 35 - 41 .

LIU F X , ZHENG Z Y , GONG Z X , et al . A survey on lattice-based digital signature [J ] . Cybersecurity , 2024 , 7 ( 1 ): 7 .

FITZGIBBON G , OTTAVIANI C . Constrained device performance benchmarking with the implementation of post-quantum cryptography [J ] . Cryptography , 2024 , 8 ( 2 ): 21 .

BERNSTEIN D J , HOPWOOD D , HÜLSING A , et al . SPHINCS: Practical stateless hash-based signatures [M ] // Advances in Cryptology—EUROCRYPT 2015 . Berlin, Heidelberg : Springer , 2015 : 368 - 397 .

SEÑOR J , PORTILLA J , PORTELA-GARCÍA M . Performance analysis of postquantum cryptographic schemes for securing large-scale wireless sensor networks [J ] . IEEE Transactions on Industrial Informatics , 2024 , 20 ( 10 ): 12339 - 12349 .

ZHOU Y H , TONG F , KONG C M , et al . Towards efficient, robust, and privacy-preserving incentives for crowdsensing via blockchain [J ] . IEEE Transactions on Mobile Computing , 2025 , 24 ( 8 ): 7136 - 7151 .

ZHANG M Y , YANG L , HE S B , et al . Privacy-preserving data aggregation for mobile crowdsensing with externality: An auction approach [J ] . IEEE/ACM Transactions on Networking , 2021 , 29 ( 3 ): 1046 - 1059 .

YANG G , SHI Z G , HE S B , et al . Socially privacy-preserving data collection for crowdsensing [J ] . IEEE Transactions on Vehicular Technology , 2020 , 69 ( 1 ): 851 - 861 .

HONG S , XU L , HUANG J W , et al . SysFlow: Toward a programmable zero trust framework for system security [J ] . IEEE Transactions on Information Forensics and Security , 2023 , 18 : 2794 - 2809 .

CHENG X , TONG F , WANG H . et al . SpecLFB: Eliminating cache side channels in speculative executions [C ] // Proceedings of the 33rd USENIX Security Symposium . California : USENIX Association , 2024 : 631 - 646 .

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Malware Classification Method Based on Improved CNN

Research on Modeling of Latent Virus Propagation Behavior with Increasing or Decreasing Network Nodes

A Malware Classification Method Based on MP-FSCIL

Real-Time Detection of DDoS Attack Based on VTP

Related Author

LI Jin

XUAN Bo-na

WANG Gang

LU Shi-wei

FENG Yun

LIU Wen-bin

MA Run-nian

WANG Lei

Related Institution

School of Air and Missile Defense， College of Air Force Engineering University of China

Information and Navigation Institute, Air Force Engineering University

Institute of Computing Technology, Guangzhou University

Air Traffic Control and Navigation School, Air Force Engineering University

Air Defense and Antimissile School, Air Force Engineering University

⁰