TrustZero -- open, verifiable and scalable zero-trust
Adrian-Tudor Dumitrescu, Johan Pouwelse
TL;DR
TrustZero addresses the need for open, verifiable, and scalable zero-trust security across inter-organizational boundaries. It proposes a passport-grade universal trust token based on a non-revocable self-sovereign identity and a distributed signature protocol, enabling a transparent web-of-trust at scale. The design includes a score-based trust algorithm, ModSecurity as a policy enforcement point, and an open-source MVP to demonstrate feasibility and reproducibility. Experimental results show low cryptographic overhead, measurable resilience to tampering, and a practical Android integration path, positioning TrustZero as a foundation for open, interoperable zero-trust security in complex supply chains and critical infrastructures.
Abstract
We present a passport-level trust token for Europe. In an era of escalating cyber threats fueled by global competition in economic, military, and technological domains, traditional security models are proving inadequate. The rise of advanced attacks exploiting zero-day vulnerabilities, supply chain infiltration, and system interdependencies underscores the need for a paradigm shift in cybersecurity. Zero Trust Architecture (ZTA) emerges as a transformative framework that replaces implicit trust with continuous verification of identity and granular access control. This thesis introduces TrustZero, a scalable layer of zero-trust security built around a universal "trust token" - a non-revocable self-sovereign identity with cryptographic signatures to enable robust, mathematically grounded trust attestations. By integrating ZTA principles with cryptography, TrustZero establishes a secure web-of-trust framework adaptable to legacy systems and inter-organisational communication.