Summary
Asia-Pacific Network Operations and Management Symposium
2022
Session Number:TS6
Session:
Number:TS6-04
Secure enrollment token delivery for Zero Trust networks using blockchain
Javier Jose Diaz Rivera, Talha Ahmed Khan, Waleed Akbar, Afaq Muhammad, Wang-Cheol Song,
pp.-
Publication Date:2022/09/28
Online ISSN:2188-5079
PDF download
Summary:
Zero Trust Networking (ZTN) is a security model where no entity in a network infrastructure is trusted. The first bastion of security for achieving ZTN is to have strong identity verification. Several standard methods for assuring a robust identity exist (E.g., OAuth2.0, OpenID Connect). These standards employ the use of JSON Web Tokens (JWT) during the authentication process. However, the use of JWT for One Time Token (OTT) enrollment has a latent security issue. A JWT can be intercepted by a third party and the information of the payload can be exposed, revealing the details of the enrollment server. Furthermore, an intercepted JWT could be used for enrollment by an impersonator as long as the JWT remains active. Our proposed mechanism aims to secure the ownership of the OTT by including the JWT as encrypted metadata into a Non-Fungible Token (NFT). The mechanism uses the blockchain Public Key of the intended owner for encrypting the JWT, and the blockchain assures the JWT ownership by mapping it to the intended owner遯カ蜀ア blockchain public address. Our proposed mechanism is applied to an emerging Zero Trust framework (OpenZiti) alongside a permissioned Ethereum blockchain using Hyperledger Besu. The Zero Trust Framework provides the enrollment functionality, while our proposed mechanism based on blockchain and NFT assures the secure distribution of OTTs that is used for the enrollment of identities.