Securing Zero Trust Networks: the Decentralized Host-to-Host Authentication Policy Enforcement

Zero trust networks have emerged as a promising solution to assure comprehensive security in network environments. Different from the traditional perimeter-based security approach, zero trust networks provide a robust and adaptable security framework which addresses the evolving threat landscape and enables organizations to protect their critical assets with a higher assurance of confidence. However, the centralized policy engine employed in current zero trust architectures (ZTA) would introduce bottlenecks and single points of failure (SPoF) for ZTA-based networks, thus hindering the scalability and efficiency as network size increases. This paper introduces a novel decentralized host-to-host authentication schema that enables consistent policy engine decisions in a pair-wise manner. By decentralizing the authentication process, the proposed schema effectively eliminates bottlenecks and single points of failure associated with centralized policy engines. The system incorporates a decentralized authentication ledger and a policy validation protocol to ensure the correct and consistent authentication across all network hosts. Through comprehensive tests and simulations, we compared our proposed novel model with the traditional zero trust network, in terms of the correctness, time complexity, and efficiency. Our findings demonstrate the advantages of our decentralized approach and its potential for enhancing security in zero trust networks.