论文信息 - Implementing Zero Trust Cloud Networks with Transport Access Control and First Packet Authentication

Implementing Zero Trust Cloud Networks with Transport Access Control and First Packet Authentication

Cyberinfrastructure is undergoing a radical transformation as traditional enterprise and telecommunication data centers are replaced by cloud computing environments hosting dynamic, mobile workloads. Traditional data center security best practices involving network segmentation are not well suited to these new environments. We discuss a novel network architecture which enables an explicit zero trust approach, based on a steganographic overlay which embeds authentication tokens in the TCP packet request, and first-packet authentication. Experimental demonstration of this approach is provided in both an enterprise-class server and cloud computing data center environment.

[1] B. Obama. Executive Order 13691: Promoting Private Sector Cybersecurity Information Sharing , 2015 .

[2] Jorge L. Contreras. Developing a Framework to Improve Critical Infrastructure Cybersecurity (Response to NIST Request for Information Docket No. 130208119-3119-01) , 2013 .

[3] Martín Casado,et al. Abstractions for software-defined networks , 2014, Commun. ACM.