ZT&T: Secure blockchain-based tokens for service session management in Zero Trust Networks

In the current digitalized world, the number of interconnected entities is constantly growing. Users and devices are no longer confined to the same physical or geographical region when participating in network connections. Due to this, the line that delimits the network perimeter can no longer be identified. Traditional castle-And-moat security approaches cannot accommodate the latent threats that may occur in these borderless network deployments. Zero Trust Networking, alongside Software Defined Perimeter (SDP) concepts, aims to extend the perimeter of trust to every entity connected to the network regardless of their physical location. Authentication, access control, and verification methods must constantly be applied for all the participants in the network, as everything is considered untrustworthy. The requirement of complex security mechanisms alongside constant trust assurance for every interaction may challenge the realization of the Zero Trust vision. Blockchain is an emergent technology that can be integrated into Zero Trust to leverage these requirements. The data decentralization, anonymity, cryptography, and immutable record of transactions can provide the required security for Zero Trust. In this work, we propose a mechanism for assuring secure service session management with the use of blockchain capabilities. Non-Fungible-Tokens (NFT) are applied to access and provider tokens representing a policy agreement for service consumption. The tokens are mapped to the public addresses of entities registered in the blockchain. The access and provider tokens are encoded with metadata defining the service sessions' expiration. The proposal is realized through the use of an emerging open source Zero Trust platform (OpenZiti), a private Ethereum blockchain (Hyperledger Besu), and a session manager decentralized application (ZT&T) for handling the creation of policies and blockchain interaction.