Abstract
The United States issued an executive order requiring all federal agencies to adopt the Zero Trust security framework, and instructed each federal government department to devise a plan for its implementation. This development has generated a great deal of interest in the Zero Trust security framework in many countries. In Korea, the Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) are actively promoting the establishment of guidelines for the implementation of Zero Trust in public institutions. Discussions on policies and models for the introduction of Zero Trust began with the launch of the Zero Trust security forum on October 26, 2022. Accordingly, this paper examines and conducts experiments on security threats that may arise within a Zero Trust environment in the Zero Trust Network Access (ZTNA) system. Despite the adoption of Zero Trust in many network environments, existing firewall or VPN devices are still in use. We discuss potential security threats that Zero Trust environments may encounter due to vulnerabilities in these existing network devices and propose countermeasures to mitigate such threats.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rose, S.: NIST Special Publication 800-207, Zero Trust Architecture (2020)
Department of Defense (DoD): Zero Trust Reference Architecture (2022)
Kindervag, J.: Build security into your network’s DNA: the zero trust network architecture, pp. 1–26. Forrester Research Inc. (2010)
Sudakshina, M., Khan, D.A., Jain, S.: Cloud-based zero trust access control policy: an approach to support work-from-home driven by COVID-19 pandemic. New Gener. Comput. 39, 599–622 (2021). https://doi.org/10.1007/s00354-021-00130-6
Kerman, A., Borchert, O., Rose, S., Tan, A.: Implementing a zero trust architecture. Technical report, The MITRE Corporation (2020)
Anil, G.: A zero trust security framework for granular insight on blind spot and comprehensive device protection in the enterprise of Internet of Things (E-IOT). BMS Institute of Technology (2021)
Uttecht, K.D.: Zero Trust (ZT) concepts for federal government architectures. Massachusetts Institute of Technology, Lexington, United States (2020)
CSA Singapore: The Singapore Cybersecurity Strategy 2021 (2021). https://www.csa.gov.sg/Tips-Resource/publications/2021/singapore-cybersecurity-strategy-2021
CISA USA: Zero Trust Maturity Mode, Pre-decisional Draft (2021). https://www.cisa.gov/sites/default/files/publications/CISA%20Zero%20Trust%20Maturity%20Model_Draft.pdf
Ward, R., Beyer, B.: BeyondCorp: a new approach to enterprise security (2014)
Hwang, M.J.: Microsoft zero trust network strategy and implementation plan. Microsoft Cyber Security Solutions Group (2020)
Zimmer, B.: Location independent security approach (LISA). USENIX Security (2018)
Wright, C., Cowan, C., Morris, J., Smalley, S., Kroah-Hartman, G.: Linux security module framework. In: Ottawa Linux Symposium, vol. 8032, pp. 6–16 (2002)
Kim, S.Y., Jeong, K.H., Hwang, Y.N., Nyang, D.H.: Abnormal behavior detection for zero trust security model using deep learning. In: Korea Information Processing Society Collection of Academic Papers, vol. 28, no. 1, pp. 132–135 (2021)
Sun, P., et al.: Hybrid firmware analysis for known mobile and IoT security vulnerabilities. In: 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE (2020)
Rastogi, A., Nygard, K.E.: Software engineering principles and security vulnerabilities. In: CATA, pp. 180–190 (2019)
Corteggiani, N., Camurati, G., Francillon, A.: Inception: system-wide security testing of real-world embedded systems software. In: Proceedings of the USENIX Security Symposium (2018)
Chen, D.D., Egele, M., Woo, M., Brumley, D.: Towards automated dynamic analysis for Linux-based embedded firmware. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (2016)
Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: Proceedings of the ACM on Asia Conference on Computer and Communications Security (ASIACCS) (2016)
Davidson, D., Moench, B., Ristenpart, T., Jha, S.: FIE on firmware: finding vulnerabilities in embedded systems using symbolic execution. In: Proceedings of the USENIX Security Symposium (2013)
Abeni, L., Kiraly, C.: Investigating the network performance of a real-time Linux Kernel. In: Proceedings of the 15th Real Time Linux Workshop (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Kim, E., Sohn, K. (2024). Research on Security Threats Using VPN in Zero Trust Environments. In: Kim, H., Youn, J. (eds) Information Security Applications. WISA 2023. Lecture Notes in Computer Science, vol 14402. Springer, Singapore. https://doi.org/10.1007/978-981-99-8024-6_5
Download citation
DOI: https://doi.org/10.1007/978-981-99-8024-6_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-8023-9
Online ISBN: 978-981-99-8024-6
eBook Packages: Computer ScienceComputer Science (R0)