Secure enrollment token delivery for Zero Trust networks using blockchain

Javier Jose Diaz Rivera; Talha Ahmed Khan; Waleed Akbar; Afaq Muhammad; Wang Cheol Song

doi:10.23919/APNOMS56106.2022.9919940

Secure enrollment token delivery for Zero Trust networks using blockchain

Javier Jose Diaz Rivera
, Talha Ahmed Khan
, Waleed Akbar
, Afaq Muhammad
, Wang Cheol Song^*

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Scopus citations

Abstract

Zero Trust Networking (ZTN) is a security model where no entity in a network infrastructure is trusted. The first bastion of security for achieving ZTN is to have strong identity verification. Several standard methods for assuring a robust identity exist (E.g., OAuth2.0, OpenID Connect). These standards employ the use of JSON Web Tokens (JWT) during the authentication process. However, the use of JWT for One Time Token (OTT) enrollment has a latent security issue. A JWT can be intercepted by a third party and the information of the payload can be exposed, revealing the details of the enrollment server. Furthermore, an intercepted JWT could be used for enrollment by an impersonator as long as the JWT remains active. Our proposed mechanism aims to secure the ownership of the OTT by including the JWT as encrypted metadata into a Non-Fungible Token (NFT). The mechanism uses the blockchain Public Key of the intended owner for encrypting the JWT, and the blockchain assures the JWT ownership by mapping it to the intended owner's blockchain public address. Our proposed mechanism is applied to an emerging Zero Trust framework (OpenZiti) alongside a permissioned Ethereum blockchain using Hyperledger Besu. The Zero Trust Framework provides the enrollment functionality, while our proposed mechanism based on blockchain and NFT assures the secure distribution of OTTs that is used for the enrollment of identities.

Original language	English
Title of host publication	APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium
Subtitle of host publication	Data-Driven Intelligent Management in the Era of beyond 5G
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9784885523397
DOIs	https://doi.org/10.23919/APNOMS56106.2022.9919940
State	Published - 2022
Externally published	Yes
Event	23rd Asia-Pacific Network Operations and Management Symposium, APNOMS 2022 - Takamatsu, Japan Duration: 28 Sep 2022 → 30 Sep 2022

Publication series

Name	APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G

Conference

Conference	23rd Asia-Pacific Network Operations and Management Symposium, APNOMS 2022
Country/Territory	Japan
City	Takamatsu
Period	28/09/22 → 30/09/22

Bibliographical note

Publisher Copyright:
© 2022 IEICE.

Keywords

authentication
blockchain
jwt
security
zero-trust

ASJC Scopus subject areas

Computer Networks and Communications
Hardware and Architecture
Information Systems and Management

Access to Document

10.23919/APNOMS56106.2022.9919940

Cite this

Diaz Rivera, J. J., Khan, T. A., Akbar, W., Muhammad, A., & Song, W. C. (2022). Secure enrollment token delivery for Zero Trust networks using blockchain. In APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G (APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.23919/APNOMS56106.2022.9919940

Diaz Rivera, Javier Jose ; Khan, Talha Ahmed ; Akbar, Waleed et al. / Secure enrollment token delivery for Zero Trust networks using blockchain. APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G. Institute of Electrical and Electronics Engineers Inc., 2022. (APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G).

@inproceedings{c1757921a6044188924172662ee629f6,

title = "Secure enrollment token delivery for Zero Trust networks using blockchain",

abstract = "Zero Trust Networking (ZTN) is a security model where no entity in a network infrastructure is trusted. The first bastion of security for achieving ZTN is to have strong identity verification. Several standard methods for assuring a robust identity exist (E.g., OAuth2.0, OpenID Connect). These standards employ the use of JSON Web Tokens (JWT) during the authentication process. However, the use of JWT for One Time Token (OTT) enrollment has a latent security issue. A JWT can be intercepted by a third party and the information of the payload can be exposed, revealing the details of the enrollment server. Furthermore, an intercepted JWT could be used for enrollment by an impersonator as long as the JWT remains active. Our proposed mechanism aims to secure the ownership of the OTT by including the JWT as encrypted metadata into a Non-Fungible Token (NFT). The mechanism uses the blockchain Public Key of the intended owner for encrypting the JWT, and the blockchain assures the JWT ownership by mapping it to the intended owner's blockchain public address. Our proposed mechanism is applied to an emerging Zero Trust framework (OpenZiti) alongside a permissioned Ethereum blockchain using Hyperledger Besu. The Zero Trust Framework provides the enrollment functionality, while our proposed mechanism based on blockchain and NFT assures the secure distribution of OTTs that is used for the enrollment of identities.",

keywords = "authentication, blockchain, jwt, security, zero-trust",

author = "\{Diaz Rivera\}, \{Javier Jose\} and Khan, \{Talha Ahmed\} and Waleed Akbar and Afaq Muhammad and Song, \{Wang Cheol\}",

note = "Publisher Copyright: {\textcopyright} 2022 IEICE.; 23rd Asia-Pacific Network Operations and Management Symposium, APNOMS 2022 ; Conference date: 28-09-2022 Through 30-09-2022",

year = "2022",

doi = "10.23919/APNOMS56106.2022.9919940",

language = "English",

series = "APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium",

address = "United States",

}

Diaz Rivera, JJ, Khan, TA, Akbar, W, Muhammad, A & Song, WC 2022, Secure enrollment token delivery for Zero Trust networks using blockchain. in APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G. APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G, Institute of Electrical and Electronics Engineers Inc., 23rd Asia-Pacific Network Operations and Management Symposium, APNOMS 2022, Takamatsu, Japan, 28/09/22. https://doi.org/10.23919/APNOMS56106.2022.9919940

Secure enrollment token delivery for Zero Trust networks using blockchain. / Diaz Rivera, Javier Jose; Khan, Talha Ahmed; Akbar, Waleed et al.
APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G. Institute of Electrical and Electronics Engineers Inc., 2022. (APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Secure enrollment token delivery for Zero Trust networks using blockchain

AU - Diaz Rivera, Javier Jose

AU - Khan, Talha Ahmed

AU - Akbar, Waleed

AU - Muhammad, Afaq

AU - Song, Wang Cheol

PY - 2022

Y1 - 2022

N2 - Zero Trust Networking (ZTN) is a security model where no entity in a network infrastructure is trusted. The first bastion of security for achieving ZTN is to have strong identity verification. Several standard methods for assuring a robust identity exist (E.g., OAuth2.0, OpenID Connect). These standards employ the use of JSON Web Tokens (JWT) during the authentication process. However, the use of JWT for One Time Token (OTT) enrollment has a latent security issue. A JWT can be intercepted by a third party and the information of the payload can be exposed, revealing the details of the enrollment server. Furthermore, an intercepted JWT could be used for enrollment by an impersonator as long as the JWT remains active. Our proposed mechanism aims to secure the ownership of the OTT by including the JWT as encrypted metadata into a Non-Fungible Token (NFT). The mechanism uses the blockchain Public Key of the intended owner for encrypting the JWT, and the blockchain assures the JWT ownership by mapping it to the intended owner's blockchain public address. Our proposed mechanism is applied to an emerging Zero Trust framework (OpenZiti) alongside a permissioned Ethereum blockchain using Hyperledger Besu. The Zero Trust Framework provides the enrollment functionality, while our proposed mechanism based on blockchain and NFT assures the secure distribution of OTTs that is used for the enrollment of identities.

AB - Zero Trust Networking (ZTN) is a security model where no entity in a network infrastructure is trusted. The first bastion of security for achieving ZTN is to have strong identity verification. Several standard methods for assuring a robust identity exist (E.g., OAuth2.0, OpenID Connect). These standards employ the use of JSON Web Tokens (JWT) during the authentication process. However, the use of JWT for One Time Token (OTT) enrollment has a latent security issue. A JWT can be intercepted by a third party and the information of the payload can be exposed, revealing the details of the enrollment server. Furthermore, an intercepted JWT could be used for enrollment by an impersonator as long as the JWT remains active. Our proposed mechanism aims to secure the ownership of the OTT by including the JWT as encrypted metadata into a Non-Fungible Token (NFT). The mechanism uses the blockchain Public Key of the intended owner for encrypting the JWT, and the blockchain assures the JWT ownership by mapping it to the intended owner's blockchain public address. Our proposed mechanism is applied to an emerging Zero Trust framework (OpenZiti) alongside a permissioned Ethereum blockchain using Hyperledger Besu. The Zero Trust Framework provides the enrollment functionality, while our proposed mechanism based on blockchain and NFT assures the secure distribution of OTTs that is used for the enrollment of identities.

KW - authentication

KW - blockchain

KW - jwt

KW - security

KW - zero-trust

UR - https://www.scopus.com/pages/publications/85142052340

U2 - 10.23919/APNOMS56106.2022.9919940

DO - 10.23919/APNOMS56106.2022.9919940

M3 - Conference contribution

AN - SCOPUS:85142052340

T3 - APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G

BT - APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 23rd Asia-Pacific Network Operations and Management Symposium, APNOMS 2022

Y2 - 28 September 2022 through 30 September 2022

ER -

Diaz Rivera JJ, Khan TA, Akbar W, Muhammad A, Song WC. Secure enrollment token delivery for Zero Trust networks using blockchain. In APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G. Institute of Electrical and Electronics Engineers Inc. 2022. (APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G). doi: 10.23919/APNOMS56106.2022.9919940

Secure enrollment token delivery for Zero Trust networks using blockchain

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this