Dynamic Authentication and Granularized Authorization with a Cross-Domain Zero Trust Architecture for Federated Learning in Large-Scale IoT Networks
Xiaoyu Ma, Fang Fang, Xianbin Wang
TL;DR
This work addresses security challenges in large-scale IoT by integrating Zero Trust Architecture (ZTA) with Decentralized Federated Learning (DFL) to enable continuous verification and privacy-preserving cross-domain data sharing. The proposed approach trains domain-local context models and exchanges only compressed parameters via DFL, complemented by a dynamic weight adjustment mechanism to adapt to non-IID domain data. It introduces a cross-domain pre-authorization workflow using ECC-secured channels and one-time tokens, with security proofs and performance simulations showing lower latency and higher throughput than baseline schemes. The framework reduces data leakage risk and communication burden while maintaining timely, fine-grained access control across domains, enabling practical deployment in smart cities, healthcare, industrial IoT, and supply chains.
Abstract
With the increasing number of connected devices and complex networks involved, current domain-specific security techniques become inadequate for diverse large-scale Internet of Things (IoT) systems applications. While cross-domain authentication and authorization brings lots of security improvement, it creates new challenges of efficiency and security. Zero trust architecture (ZTA), an emerging network security architecture, offers a more granular and robust security environment for IoT systems. However, extensive cross-domain data exchange in ZTA can cause reduced authentication and authorization efficiency and data privacy concerns. Therefore, in this paper, we propose a dynamic authentication and granularized authorization scheme based on ZTA integrated with decentralized federated learning (DFL) for cross-domain IoT networks. Specifically, device requests in the cross-domain process are continuously monitored and evaluated, and only necessary access permissions are granted. To protect user data privacy and reduce latency, we integrate DFL with ZTA to securely and efficiently share device data across different domains. Particularly, the DFL model is compressed to reduce the network transmission load. Meanwhile, a dynamic adaptive weight adjustment mechanism is proposed to enable the DFL model to adapt to data characteristics from different domains. We analyze the performance of the proposed scheme in terms of security proof, including confidentiality, integrity and availability. Simulation results demonstrate the superior performance of the proposed scheme in terms of lower latency and higher throughput compared to other existing representative schemes.