Zero-Trust Security Authentication Based on SPA and Endogenous Security Architecture

Abstract

Zero-trust security architecture reconstructs the trust foundation of access control based on authentication and authorization by continuously authenticating the terminal during the authentication process and not relying solely on geographic location/user attributes as the sole basis for the trust assessment. However, due to the fine-grained verification of identity under the zero-trust security architecture, there is a need for multiple authentication and authorization processes. If a single policy engine has unknown vulnerabilities and unknown backdoors to be maliciously attacked, or DDOS attacks initiated by known vulnerabilities cannot be prevented, the policy engine based on this control center architecture cannot meet the requirements of system security and reliability. Therefore, it is proposed to apply the SPA single-package authorization and endogenous security architecture to the zero-trust authentication system, which can realize the reliability, dynamism and diversity of system defense. Through the experimental antiattack analysis and antiattack test, the test from the proposed scheme found that when the system introduces the endogenous security architecture, the security of the system can be improved due to the complexity of the attack process and the increase in the cost of the attack. The test through both the security and system overhead found that the scheme can effectively improve the security of the system while ensuring the quality of network services, compared to the traditional scheme. It was found that the scheme can effectively improve the security of the system while ensuring the quality of network services and has better adaptability than the traditional zero-trust authentication scheme.