Low-overhead zero trust for communication and computation tasks in tactical edge networks

Abstract

[EMBARGOED UNTIL 08/01/2025] Tactical Edge Network (TEN) environments are critical to deploy applications in e.g., military, disaster response, and industrial manufacturing environments. With TENs involving dynamic interactions of edge devices and users, cyber attacks aim to disrupt computation and communication (C&C) tasks in a critical mission. Therefore, implementing a suitable Zero Trust (ZT) security architecture is necessary to enforce e.g., the law of least privilege, microsegmentation, and continuous authentication/access verification to limit attack impacts. However, there is a need to transform ZT security principles that are typically developed for unconstrained data center environments with reliable networking and abundant computing power and are not suitable in a TEN setting that is characterized as Denied, Disrupted, Intermittent, and Limited (DDIL). In this thesis, we present a novel ZT architecture viz., Arculus with a risk-based ZT scale approach that tailors security measures to scenario-associated risk levels, while having low resource overheads. Specifically, we devise a Bayesian Network model to evaluate communication request risk based on metrics indicating possible attacks. In addition, we formulate a ZT metric based on the evaluated risk, environmental constraints, and entity attributes resulting in an assigned grade reflecting these factors. We tie this ZT architecture to Task-Based Access Control (TBAC) that secures C&C tasks in TENs relating to a collaborative drone swarm (CDS) use case by dynamically assigning and revoking privileges in a just-in-time manner. We also detail how the Arculus-TBAC can handle DDIL constraints (e.g., limited battery, physical hijacking and network partition scenarios) via a sliding-scale ZT approach to ensure mission success in a situation-aware manner. Lastly, we implement our Arculus-TBAC approach using a realistic CDS testbed featuring a 'stealthy reconnaissance and resupply mission' in a TEN setting, and demonstrate the efficiency (i.e., without excessive privileges) and efficacy (i.e., ability to handle DDIL constraints) of our Arculus approach to secure TEN-based applications.