RESEARCH ON THE FEASIBILITY OF IMPLEMENTING THE ZERO TRUST CONCEPT IN IOT SYSTEMS
DOI:
https://doi.org/10.28925/2663-4023.2025.29.864Keywords:
Zero Trust, IoT, information security, microsegmentation, multi-factor authentication, Forrester TEI, Microsoft, Google BeyondCorp, AWS, Cisco, behavioral analysis, cost-effectiveness, SIEM, UEBA, regulatory complianceAbstract
This article explores the feasibility of applying the Zero Trust concept in the field of the Internet of Things (IoT), which, in the context of increasing cyber threats and data sensitivity, has become a key direction for enhancing information system security. Traditional perimeter-based security paradigms, which assume trust in internal network components, are no longer effective in countering modern threats—particularly within IoT environments where devices often have limited resources, lack continuous monitoring mechanisms, and involve complex interconnections. Zero Trust, as a security architecture concept, is based on the principle of "never trust, always verify" and requires mandatory verification of all users, devices, and services, regardless of their location within the network. The article provides a detailed analysis of the theoretical foundations of Zero Trust, including principles of identification, multi-factor authentication, microsegmentation, least privilege access, continuous monitoring, and dynamic access control. A comparative overview of traditional and Zero Trust approaches in the context of IoT security is presented, along with an outline of the technical challenges associated with their integration. Based on a review of current scientific literature and practical examples, it is established that implementing Zero Trust in IoT environments requires specialized solutions, particularly lightweight security protocols, trusted computing modules, dynamic key management, and centralized access control systems. The paper proposes a conceptual model of Zero Trust architecture for IoT infrastructures that accounts for device limitations and communication patterns, and defines an adaptive access control algorithm based on behavioral characteristics. The findings demonstrate that implementing Zero Trust in the IoT domain is not only feasible but also advisable from the standpoint of reducing unauthorized access risks, minimizing the attack surface, and enhancing the overall security posture of digital ecosystems. The results may serve as a foundation for developing IoT security policies, especially in critical infrastructure, industrial networks, and smart environments, where threats to confidentiality, integrity, and availability are particularly significant.
Downloads
References
Forrester. The Total Economic Impact™ of Illumio Zero Trust Segmentation (ZTS). Forrester Research, 2023. https://cdn.prod.website-files.com/63e25fb5e66132e6387676dc/6435d3cbc91af0d3133fc068_Total-Economic-Impact-Illumio-Zero-Trust-Segmentation.pdf
Forrester. The Total Economic Impact™ of Zero Trust Solutions from Microsoft.– Forrester Research, 2022. – Available at: https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/Microsoft-Zero-Trust-TEI-Study.pdf
Rose S. Planning for a Zero Trust Architecture [Electronic resource]. – NIST Cybersecurity White Paper (Draft), 2021. – Available at: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.08042021-draft.pdf
Garbis J., Chapman J. Zero Trust Architectures. In: Zero Trust Security [Electronic resource]. – Springer, 2021. – pp. 31–54. – Available at: https://link.springer.com/chapter/10.1007/978-1-4842-6702-8_3
Swetha M. J., Asha S. N., Raghavendra M. Zero Trust Architecture in Modern Computer Networks [Electronic resource]. – World Journal of Advanced Research and Reviews, 2020. – Available at: https://wjarr.com/content/zero-trust-architecture-modern-computer-networks
Brennan H., Farah K. Zero Trust+: A Trusted-based Zero Trust Architecture for IoT at Scale [Electronic resource]. – 2024 IEEE International Conference on Consumer Electronics (ICCE), 2024. – Available at: https://ieeexplore.ieee.org/document/10444321
Al-Tamimi S. Zero-Trust Architecture for Securing Internet of Things (IoT) Networks: A Review [Electronic resource]. – 2024 5th International Conference on Communications, Information, Electronic and Energy Systems (CIEES), 2024. – Available at: https://ieeexplore.ieee.org/document/10811176
Abuhasel K. A. A Zero-trust Network-based Access Control Scheme for Sustainable and Resilient Industry 5.0 [Electronic resource]. – ResearchGate, 2023. – Available at: https://www.researchgate.net/publication/374865665
Liu C., Tan R., Wu Y., Feng Y., Jin Z., Zhang F., Liu Y., Liu Q. Zero Trust Architecture for Cyber Security in Industry 4.0 and 5.0 [Electronic resource]. – Cybersecurity, 2024. – Available at: https://cybersecurity.springeropen.com/articles/10.1186/s42400-024-00212-0
Rose S., Borchert O., Mitchell S., Connelly S. Zero Trust Architecture [Electronic resource]. – NIST Special Publication 800-207. Gaithersburg: National Institute of Standards and Technology, 2020. – 59 p. – Available at: https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.800-207.pdf
Cisco Systems. Zero Trust Architecture Guide [Electronic resource]. – Cisco, 2022. – Available at: https://www.cisco.com/c/en/us/solutions/collateral/enterprise/design-zone-security/zt-ag.html
Ghasemshirazi S., Shirvani G., Alipour M. A. Towards Effective Zero Trust in Internet of Things (IoT): Challenges and Future Directions [Electronic resource]. – arXiv, 2023. – Available at: https://arxiv.org/pdf/2309.03582
Li S., Iqbal M., Saxena N. Future Industry Internet of Things with Zero-trust Security [Electronic resource]. – ResearchGate, 2022. – Available at: https://www.researchgate.net/publication/359147843
Bicer C., Murturi I., Donta P. K., Dustdar S. A Novel Zero Trust Model for Access Control in IoT Networks [Electronic resource]. – arXiv, 2023. – Available at: https://arxiv.org/pdf/2311.16744
Mohseni-Ejiyeh A. Enhancing IoT Security Through Adaptive Zero Trust Architecture [Electronic resource]. – arXiv, 2023. – Available at: https://arxiv.org/pdf/2309.01293
Ma X., Fang F., Wang X. Towards AI-enabled Zero Trust Security for the Industrial Internet of Things [Electronic resource]. – arXiv, 2025. – Available at: https://arxiv.org/pdf/2501.03601
Ghasemshirazi S., Shirvani G., Alipour M. A. Zero Trust: Applications, Challenges, and Opportunities [Electronic resource]. – ResearchGate, 2023. – Available at: https://www.researchgate.net/publication/373753509
Ismail M., Abd El-Gawad A. F. Revisiting Zero-Trust Security for Internet of Things [Electronic resource]. – ResearchGate, 2023. – Available at: https://www.researchgate.net/publication/377021858
Li S. Editorial: Zero Trust based Internet of Things [Electronic resource]. – ResearchGate, 2020. – Available at: https://www.researchgate.net/publication/341958873
Simpson W. R. Toward a Zero Trust Metric [Electronic resource]. – Procedia Computer Science, 2022, Vol. 201, pp. 1222–1230. – Available at: https://www.sciencedirect.com/science/article/pii/S1877050922007530
Kostiuk, Yu. V., Skladannyi, P. M., Bebeshko, B. T., Khorolska, K. V., Rzaieva, S. L., & Vorokhob, M. V. (2025). Information and communication systems security. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Kostiuk, Yu. V., Skladannyi, P. M., Hulak, H. M., Bebeshko, B. T., Khorolska, K. V., & Rzaieva, S. L. (2025). Information security systems. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Hulak, H. M., Zhyltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2023). Enterprise information and cyber security. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Богдан Маньковський, Владислав Довбняк, Іван Опірський
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
