Authors: Victor Otieno Mony, Anselemo Peters Ikoha, Roselida O. Maroko
Abstract: The increasing complexity of cyber threats and the widespread adoption of cloud-based services have significantly exposed traditional authentication mechanisms to evolving vulnerabilities. To try and reduce the veracity of these threats, several mitigation mechanisms such as Multifactor and Two Factor Authentication, Biometric Authentication, Key Hashing Protocols, among others, have been employed. However, existing mitigation strategies have proven insufficient in addressing the dynamic nature of CBS authentication threats and vulnerabilities. In response, this paper looks at alternative, better cloud-based authentication mitigation mechanisms through the adoption of Zero Trust Architecture paradigms. The Paper evaluates the five Zero Trust Principles against five cloud-based authentication attack vectors for effectiveness in reducing cloud-based threats and vulnerabilities. The cloud-based authentication-related Zero Trust principles evaluated by this paper are the principles of Least Privilege, Continuous Monitoring, Encryption, Strong Authentication, and Policy Enforcement. The five authentication threat categories whose attack vectors have been used in the evaluation process are Brute Force Attacks, Denial of Service Attacks, Social Engineering Attacks, Man-in-the-Middle Attacks, and Password Discovery Attacks. The evaluation process involves analysing the ZTA principles against the five authentication threats and vulnerabilities attack vectors to determine effectiveness. The results the evaluation indicate that the ZTA principle of Policy Enforcement has the broadest impact across all five threat categories, while the other evaluated Zero Trust principles offer only partial mitigation to cloud-based authentication threats. This is because the Zero Trust principle of Policy Enforcement has a deeper, comprehensive coverage across the selected threat vectors and encompasses a higher number of Zero Trust sub-principles. The paper thus concludes that the Zero Trust principle of policy enforcement is the most suitable foundation for designing a threat-responsive ZTA implementation scheme.
DOI: http://doi.org/10.5281/zenodo.16910750
