International Journal of Science, Engineering and TechnologyAuthors: Victor Otieno Mony, Anselemo Peters Ikoha, Roselida O. Maroko
Abstract: Cloud-based services' authentication mechanisms have recurring threats and vulnerabilities that cannot be solved by existing traditional mitigation strategies. As a result, cloud insecurity has been the norm of recent times, even as edge technology outsmarts mitigation mechanisms such as passwords, biometrics, and key-based protocols. In response to these cloud authentication challenges, this paper seeks to specify an ideal Zero Trust Architecture (ZTA) implementation Design that best mitigates authentication threats and vulnerabilities. To specify the ideal ZTA design, the research paper begins by examining the operational tenets of the ZTA principle of Policy Enforcement, discovered as the most effective among the five ZTA principles affecting Cloud-based services (CBS). The paper then delves into the process of ZTA design specification. The design specification process evolves around five identified cloud-based authentication threat categories, namely, Brute-force attacks, Man-in-The-Middle Attacks, Social Engineering Attacks, Password Discovery Attacks, and Denial of Service Attacks. The ZTA model design is thus performed by the research work through the Forrester ZTA framework, particularly focusing on the People and Device tenets, thereby achieving the objective of architectural specification. To achieve this, the paper builds on the ZTA principle of policy enforcement and operationalizes it through trust signals that balance usability and security. The resulting ZTA design specification enlists Keystroke Dynamics to represent user behaviour, while Device Location serves as a contextual device-based trust signal. These two elements are aligned with the “People” and “Device” tenets of the Forrester ZTA model. Together, they enabled the construction of a dynamic, adaptive security mechanism capable of enforcing ZTA access policies based on real-time behavioural and contextual signals. The tailored ZTA design specified by this paper is a proposal of an innovative means of enhancing authentication security in CBS to ensure a data-driven threat mitigation process that aligns strategic dynamic security controls with the most pressing authentication threats.
DOI: https://doi.org/10.5281/zenodo.16902046
