Extension Mechanism of Overlay Network Protocol to Support Digital Authenticates

Abstract

Zero-trust security is a new security model that has recently received much attention. Since the model protects all resources, continuous authentication and authorization of resources are mandatory. Many enterprises currently use cloud systems to manage their resources and provide service. On the other hand, IoT systems typically require cooperation service among IoT devices. As a solution for redundant routes and load on the cloud, a peer-to-peer type system is a good candidate. On the contrary, it requires zero-trust security because each device should guarantee security. Since the authors have proposed and developed CYber PHysical Overlay Network over Internet Communication (CYPHONIC) as a fundamental technology to realize zero-trust security, this paper introduces Public Key Infrastructure (PKI) into CYPHONIC. It proposes an extended device authentication scheme and a key exchange mechanism using digital certificates. According to the PKI mechanism, a certification authority authenticates the system and its authenticity of system, allowing communication with the correct communication partners. The proposed extension performs mutual authentication with digital certificates at the start of communication and secure encryption key exchange for communication between endpoints. We develop the proof of concept of the proposed scheme to confirm the adequacy of the extended mechanisms.