TY - GEN
T1 - Dynamic Transmission Scheduling Method for High-Concurrent Zero Trust Access Control
AU - Sasada, Taisho
AU - Kiennert, Christophe
AU - Blanc, Gregory
AU - Taenaka, Yuzo
AU - Kadobayashi, Youki
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.
PY - 2025/1/1
Y1 - 2025/1/1
N2 - In remote work environments, once account authentication is completed, users can continue accessing confidential data without their authenticity verification (proof of being the legitimate user with proper access rights). This poses a risk when the device or authentication credentials are hijacked by attackers after authentication, the authenticity becomes compromised. To address this, Zero Trust Access Control (ZTAC) monitors and utilizes behavior information unique to each user without trusting any access requests, enabling access control while continuously ensuring user authenticity after authentication. However, collecting behavioral information necessary for user authenticity verification creates a critical trade-off: more detailed monitoring increases traffic load, necessitating longer intervals between behavior information updates. These extended intervals create security vulnerabilities, as modern ransomware can complete lateral movement within minutes, potentially exploiting these update gaps when the system cannot respond quickly enough. In this paper, we propose a highly concurrent ZTAC architecture to address this challenge. Our system dynamically schedules monitoring intervals based on real-time network status and concurrent connection load, shortening transmission intervals when suspicious behavior is detected to intensify behavioral monitoring. However, this approach can lead to false positives, thus our verification process introduces temporary blocking as an intermediate state between permission and denial. By allowing access after a short waiting period, we minimize false detections while effectively delaying lateral movement by adversaries. Through implementation and evaluation experiments, we demonstrated that our proposed system reduced processing time in high-concurrency environments with over 10,000 concurrent connections and effectively detected and prevented unauthorized access attempts while maintaining operational efficiency.
AB - In remote work environments, once account authentication is completed, users can continue accessing confidential data without their authenticity verification (proof of being the legitimate user with proper access rights). This poses a risk when the device or authentication credentials are hijacked by attackers after authentication, the authenticity becomes compromised. To address this, Zero Trust Access Control (ZTAC) monitors and utilizes behavior information unique to each user without trusting any access requests, enabling access control while continuously ensuring user authenticity after authentication. However, collecting behavioral information necessary for user authenticity verification creates a critical trade-off: more detailed monitoring increases traffic load, necessitating longer intervals between behavior information updates. These extended intervals create security vulnerabilities, as modern ransomware can complete lateral movement within minutes, potentially exploiting these update gaps when the system cannot respond quickly enough. In this paper, we propose a highly concurrent ZTAC architecture to address this challenge. Our system dynamically schedules monitoring intervals based on real-time network status and concurrent connection load, shortening transmission intervals when suspicious behavior is detected to intensify behavioral monitoring. However, this approach can lead to false positives, thus our verification process introduces temporary blocking as an intermediate state between permission and denial. By allowing access after a short waiting period, we minimize false detections while effectively delaying lateral movement by adversaries. Through implementation and evaluation experiments, we demonstrated that our proposed system reduced processing time in high-concurrency environments with over 10,000 concurrent connections and effectively detected and prevented unauthorized access attempts while maintaining operational efficiency.
KW - Access Control
KW - Single Packet Authorization
KW - Transmission Scheduling
KW - Zero Trust
UR - https://www.scopus.com/pages/publications/105015539147
U2 - 10.1007/978-3-032-00633-2_19
DO - 10.1007/978-3-032-00633-2_19
M3 - Conference contribution
AN - SCOPUS:105015539147
SN - 9783032006325
T3 - Lecture Notes in Computer Science
SP - 324
EP - 341
BT - Availability, Reliability and Security - ARES 2025 International Workshops, Proceedings
A2 - Coppens, Bart
A2 - Volckaert, Bruno
A2 - De Sutter, Bjorn
A2 - Naessens, Vincent
PB - Springer Science and Business Media Deutschland GmbH
T2 - International Workshops on Availability, Reliability and Security, held under the umbrella of the 20th International conference on Availability, Reliability and Security, ARES 2025
Y2 - 11 August 2025 through 14 August 2025
ER -