research-article

GAZETA: GAme-Theoretic ZEro-Trust Authentication for Defense Against Lateral Movement in 5G IoT Networks

Authors: Yunfei Ge, Quanyan ZhuAuthors Info & Claims

IEEE Transactions on Information Forensics and Security, Volume 19

Pages 540 - 554

https://doi.org/10.1109/TIFS.2023.3326975

Published: 23 October 2023 Publication History

Abstract

The increasing connectivity in the 5G Internet of Things networks has enlarged the attack surface and made the traditional security defense inadequate for sophisticated attackers, who can move laterally from node to node with stored credentials once build a foothold in the network. There is a need to shift from the perimeter-based defense to a zero-trust security framework that focuses on agent-centric trust evaluation and access policies to identify malicious attackers, and proactively delay their lateral movement while ensuring system performance. In this work, we propose a GAme-theoretic ZEro-Trust Authentication framework, known as GAZETA, to design interdependent trust evaluation and authentication policies using dynamic game models. The stealthy and dynamic behaviors of the agent are captured by a Markov game with one-sided incomplete information. We provide a quantitative trust evaluation mechanism for the agent and update the trust score continuously based on observations. The analysis of the equilibrium not only provides a way to quantitatively assess the security posture of the network but also enables a formal method to design zero-trust authentication policies. We propose a moving-horizon computational method to enable online decisions and rapid responses to environmental changes. This online computation also enables a dynamic trust evaluation that integrates multiple sources of security evidence. We use a case study to illustrate the resilience, robustness, and efficiency of the proposed zero-trust approach.

References

[1]

N. Lal, S. M. Tiwari, D. Khare, and M. Saxena, “Prospects for handling 5G network security: Challenges, recommendations and future directions,” J. Phys., Conf. Ser., vol. 1714, no. 1, Jan. 2021, Art. no.

[2]

Q. Zhu, S. Rass, B. Dieber, and V. M. Vilches, “Cybersecurity in robotics: Challenges, quantitative modeling, and practice,” 2021, arXiv:2103.05789.

[3]

T. Weil and S. Murugesan, “IT risk and resilience—Cybersecurity response to COVID-19,” IT Prof., vol. 22, no. 3, pp. 4–10, May 2020.

[4]

A. Patel, Q. Qassim, and C. Wills, “A survey of intrusion detection and prevention systems,” Inf. Manage. Comput. Secur., vol. 18, no. 4, pp. 277–290, Oct. 2010.

[5]

I. Homoliak, F. Toffalini, J. Guarnizo, Y. Elovici, and M. Ochoa, “Insight into insiders and IT: A survey of insider threat taxonomies, analysis, modeling, and countermeasures,” ACM Comput. Surv., vol. 52, no. 2, pp. 1–40, Mar. 2020.

Digital Library

[6]

Q. Zhu and S. Rass, “On multi-phase and multi-stage game-theoretic modeling of advanced persistent threats,” IEEE Access, vol. 6, pp. 13958–13971, 2018.

[7]

J. Suomalainen, J. Julku, M. Vehkaperä, and H. Posti, “Securing public safety communications on commercial and tactical 5G networks: A survey and future research directions,” IEEE Open J. Commun. Soc., vol. 2, pp. 1590–1615, 2021.

[8]

V. Stafford, Zero Trust Architecture, Standard NIST SP, 2020.

[9]

E. Gilman and D. Barth, Zero Trust Networks. Sebastopol, CA, USA: O’Reilly Media, 2017.

Digital Library

[10]

L. Huang and Q. Zhu, “A dynamic games approach to proactive defense strategies against advanced persistent threats in cyber-physical systems,” Comput. Secur., vol. 89, Feb. 2020, Art. no.

[11]

Y. Ge and Q. Zhu, “MUFAZA: Multi-source fast and autonomous zero-trust authentication for 5G networks,” in Proc. IEEE Mil. Commun. Conf. (MILCOM), Nov. 2022, pp. 571–576.

[12]

H.-J. Liao, C.-H. R. Lin, Y.-C. Lin, and K.-Y. Tung, “Intrusion detection system: A comprehensive review,” J. Netw. Comput. Appl., vol. 36, no. 1, pp. 16–24, 2013.

Digital Library

[13]

D. R. Miller, Security Information and Event Management (SIEM) Implementation. New York, NY, USA: McGraw-Hill, 2011.

[14]

R. Ward and B. Beyer, “BeyondCorp: A new approach to enterprise security,” Login, vol. 39, no. 6, pp. 6–11, 2014.

[15]

J. Liet al., “CyberGuarder: A virtualization security assurance architecture for green cloud computing,” Future Gener. Comput. Syst., vol. 28, no. 2, pp. 379–390, Feb. 2012.

Digital Library

[16]

Y. Tao, Z. Lei, and P. Ruxiang, “Fine-grained big data security method based on zero trust model,” in Proc. IEEE 24th Int. Conf. Parallel Distrib. Syst. (ICPADS), Dec. 2018, pp. 1040–1045.

[17]

L. Xiao, X. Wan, X. Lu, Y. Zhang, and D. Wu, “IoT security techniques based on machine learning: How do IoT devices use AI to enhance security?” IEEE Signal Process. Mag., vol. 35, no. 5, pp. 41–49, Sep. 2018.

[18]

Y. B. Saied, A. Olivereau, D. Zeghlache, and M. Laurent, “Trust management system design for the Internet of Things: A context-aware and multi-service approach,” Comput. Secur., vol. 39, pp. 351–365, Nov. 2013.

Digital Library

[19]

M. Samaniego and R. Deters, “Zero-trust hierarchical management in IoT,” in Proc. IEEE Int. Congr. Internet Things (ICIOT), Jul. 2018, pp. 88–95.

[20]

D. Basin, J. Dreier, L. Hirschi, S. Radomirovic, R. Sasse, and V. Stettler, “A formal analysis of 5G authentication,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., Oct. 2018, pp. 1383–1396.

[21]

J. Zhang, L. Yang, W. Cao, and Q. Wang, “Formal analysis of 5G EAP-TLS authentication protocol using proverif,” IEEE Access, vol. 8, pp. 23674–23688, 2020.

[22]

J. Ni, X. Lin, and X. S. Shen, “Efficient and secure service-oriented authentication supporting network slicing for 5G-enabled IoT,” IEEE J. Sel. Areas Commun., vol. 36, no. 3, pp. 644–657, Mar. 2018.

[23]

X. Jia, N. Hu, S. Yin, Y. Zhao, C. Zhang, and X. Cheng, “A2 chain: A blockchain-based decentralized authentication scheme for 5G-enabled IoT,” Mobile Inf. Syst., vol. 2020, pp. 1–19, Dec. 2020.

Digital Library

[24]

B. Bowman, C. Laprade, Y. Ji, and H. H. Huang, “Detecting lateral movement in enterprise computer networks with unsupervised graph AI,” in Proc. 23rd Int. Symp. Res. Attacks, Intrusions Defenses (RAID), 2020, pp. 257–268.

[25]

P.-Y. Chen, S. Choudhury, L. Rodriguez, A. Hero, and I. Ray, “Enterprise cyber resiliency against lateral movement: A graph theoretic approach,” 2019, arXiv:1905.01002.

[26]

M. A. Noureddine, A. Fawaz, W. H. Sanders, and T. Başar, “A game-theoretic approach to respond to attacker lateral movement,” in Proc. 7th Int. Conf. Decis. Game Theory Secur. (GameSec), New York, NY, USA, vol. 9996. Berlin, Germany: Springer-Verlag, 2016, pp. 294–313. 10.1007/978-3-319-47413-7_17.

Digital Library

[27]

I. Ahmad, S. Shahabuddin, T. Kumar, J. Okwuibe, A. Gurtov, and M. Ylianttila, “Security for 5G and beyond,” IEEE Commun. Surveys Tuts., vol. 21, no. 4, pp. 3682–3722, 4th Quart., 2019.

Digital Library

[28]

K. Ramezanpour and J. Jagannath, “Intelligent zero trust architecture for 5G/6G networks: Principles, challenges, and the role of machine learning in the context of O-RAN,” Comput. Netw., vol. 217, Nov. 2022, Art. no.

[29]

Y. Ge and Q. Zhu, “Trust threshold policy for explainable and adaptive zero-trust defense in enterprise networks,” in Proc. IEEE Conf. Commun. Netw. Secur. (CNS), Oct. 2022, pp. 359–364.

[30]

Y. Ge, T. Li, and Q. Zhu, “Scenario-agnostic zero-trust defense with explainable threshold policy: A meta-learning approach,” in Proc. IEEE Conf. Comput. Commun. Workshops (INFOCOM WKSHPS), May 2023, pp. 1–6.

[31]

B. C. Neuman and T. Ts’o, “Kerberos: An authentication service for computer networks,” IEEE Commun. Mag., vol. 32, no. 9, pp. 33–38, Sep. 1994.

Digital Library

[32]

D. Hardt, “The OAuth 2.0 authorization framework,” RFC Ed., RFC 6749, Oct. 2012. [Online]. Available: https://www.rfc-editor.org/info/rfc6749. 10.17487/RFC6749.

Digital Library

[33]

A. Ometov, S. Bezzateev, N. Mäkitalo, S. Andreev, T. Mikkonen, and Y. Koucheryavy, “Multi-factor authentication: A survey,” Cryptography, vol. 2, no. 1, p. 1, Jan. 2018.

[34]

Q. Liuet al., “Latte: Large-scale lateral movement detection,” in Proc. IEEE Mil. Commun. Conf. (MILCOM), Oct. 2018, pp. 1–6.

[35]

J. B. Cruz, M. A. Simaan, A. Gacic, and Y. Liu, “Moving horizon Nash strategies for a military air operation,” IEEE Trans. Aerosp. Electron. Syst., vol. 38, no. 3, pp. 989–999, Jul. 2002.

[36]

I. Unal, “Defining an optimal cut-point value in ROC analysis: An alternative approach,” Comput. Math. Methods Med., vol. 2017, pp. 1–14, May 2017.

[37]

M. Thomas and A. T. Joy, Elements of Information Theory. Hoboken, NJ, USA: Wiley, 2006.

[38]

MITRE. (2022). Fight. Accessed: Nov. 7, 2022. [Online]. Available: https://fight.mitre.org/

[39]

S. Ioannidis, A. D. Keromytis, S. M. Bellovin, and J. M. Smith, “Implementing a distributed firewall,” in Proc. 7th ACM Conf. Comput. Commun. Secur., Nov. 2000, pp. 190–199.

[40]

V. C. Hu, D. R. Kuhn, D. F. Ferraiolo, and J. Voas, “Attribute-based access control,” Computer, vol. 48, no. 2, pp. 85–88, Feb. 2015.

Digital Library

[41]

Z. Wei, H. Tang, F. R. Yu, M. Wang, and P. Mason, “Security enhancements for mobile ad hoc networks with trust management using uncertain reasoning,” IEEE Trans. Veh. Technol., vol. 63, no. 9, pp. 4647–4658, Nov. 2014.

[42]

S. H. Houmb and V. N. L. Franqueira, “Estimating ToE risk level using CVSS,” in Proc. Int. Conf. Availability, Rel. Secur., Mar. 2009, pp. 718–725.

Cited By

Liu WZhang ZQiao XLi YTan YMeng W(2024)A Software Integrity Authentication Protocol for Zero Trust ArchitectureProceedings of the SIGCOMM Workshop on Zero Trust Architecture for Next Generation Communications10.1145/3672200.3673874(1-6)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672200.3673874

Index Terms

GAZETA: GAme-Theoretic ZEro-Trust Authentication for Defense Against Lateral Movement in 5G IoT Networks

Index terms have been assigned to the content through auto-classification.

Recommendations

Game-theoretic APT defense: An experimental study on robotics
Highlights
- Defense model against stealthy intruders, without signaling or intrusion detection.
- Two case studies from industrial real-life robots.
- Model can use attack graphs with/without probabilities, exploit complexities, etc.
- Coverage ...
Graphical abstract

Display Omitted

Abstract
This paper proposes a novel game-theoretic framework for defending against Advanced Persistent Threats (APTs). It applies the original Cut-The-Rope model into an experimental study extending the previously studied attacker movements beyond the ...
Cyber Deception Against Zero-Day Attacks: A Game Theoretic Approach
Decision and Game Theory for Security
Abstract
Reconnaissance activities precedent other attack steps in the cyber kill chain. Zero-day attacks exploit unknown vulnerabilities and give attackers the upper hand against conventional defenses. Honeypots have been used to deceive attackers by ...
A game theoretic defence framework against DoS/DDoS cyber attacks

Game-theoretic approaches have been previously employed in the research area of network security in order to explore the interaction between an attacker and a defender during a Distributed Denial of Service (DDoS) attack scenario. Existing literature ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Information Forensics and Security

IEEE Transactions on Information Forensics and Security Volume 19, Issue

2024

8305 pages

Issue’s Table of Contents

© 2023 The Authors. This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.

Publisher

IEEE Press

Publication History

Published: 23 October 2023

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu WZhang ZQiao XLi YTan YMeng W(2024)A Software Integrity Authentication Protocol for Zero Trust ArchitectureProceedings of the SIGCOMM Workshop on Zero Trust Architecture for Next Generation Communications10.1145/3672200.3673874(1-6)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672200.3673874

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents