In the context of an increasingly severe cybersecurity landscape and the growing complexity of offensive and defen-sive techniques,Zero Trust Networks(ZTN)have emerged as a widely recognized technology.Zero Trust not ...In the context of an increasingly severe cybersecurity landscape and the growing complexity of offensive and defen-sive techniques,Zero Trust Networks(ZTN)have emerged as a widely recognized technology.Zero Trust not only addresses the shortcomings of traditional perimeter security models but also consistently follows the fundamental principle of“never trust,always verify.”Initially proposed by John Cortez in 2010 and subsequently promoted by Google,the Zero Trust model has become a key approach to addressing the ever-growing security threats in complex network environments.This paper systematically compares the current mainstream cybersecurity models,thoroughly explores the advantages and limitations of the Zero Trust model,and provides an in-depth review of its components and key technologies.Additionally,it analyzes the latest research achievements in the application of Zero Trust technology across various fields,including network security,6G networks,the Internet of Things(IoT),and cloud computing,in the context of specific use cases.The paper also discusses the innovative contributions of the Zero Trust model in these fields,the challenges it faces,and proposes corresponding solutions and future research directions.展开更多
With the introduction of 5G,users and devices can access the industrial network from anywhere in the world.Therefore,traditional perimeter-based security technologies for industrial networks can no longer work well.To...With the introduction of 5G,users and devices can access the industrial network from anywhere in the world.Therefore,traditional perimeter-based security technologies for industrial networks can no longer work well.To solve this problem,a new security model called Zero Trust(ZT)is desired,which believes in“never trust and always verify”.Every time the asset in the industrial network is accessed,the subject is authenticated and its trustworthiness is assessed.In this way,the asset in industrial network can be well protected,whether the subject is in the internal network or the external network.However,in order to construct the zero trust model in the 5G Industrial Internet collaboration system,there are still many problems to be solved.In this paper,we first introduce the security issues in the 5G Industrial Internet collaboration system,and illustrate the zero trust architecture.Then,we analyze the gap between existing security techniques and the zero trust architecture.Finally,we discuss several potential security techniques that can be used to implement the zero trust model.The purpose of this paper is to point out the further direction for the realization of the Zero Trust Architecture(ZTA)in the 5G Industrial Internet collaboration system.展开更多
As industrialization and informatization in China deeply integrate and the Internet of Things rapidly develops,industrial control systems are facing increasingly severe information security challenges.The industrial c...As industrialization and informatization in China deeply integrate and the Internet of Things rapidly develops,industrial control systems are facing increasingly severe information security challenges.The industrial control system of the gas extraction plant is characterized by numerous points and centralized operations,with a strong reliance on the system and stringent real-time requirements.展开更多
Zero Trust Network(ZTN)enhances network security through strict authentication and access control.However,in the ZTN,optimizing flow control to improve the quality of service is still facing challenges.Software Define...Zero Trust Network(ZTN)enhances network security through strict authentication and access control.However,in the ZTN,optimizing flow control to improve the quality of service is still facing challenges.Software Defined Network(SDN)provides solutions through centralized control and dynamic resource allocation,but the existing scheduling methods based on Deep Reinforcement Learning(DRL)are insufficient in terms of convergence speed and dynamic optimization capability.To solve these problems,this paper proposes DRL-AMIR,which is an efficient flow scheduling method for software defined ZTN.This method constructs a flow scheduling optimization model that comprehensively considers service delay,bandwidth occupation,and path hops.Additionally,it balances the differentiated requirements of delay-critical K-flows,bandwidth-intensive D-flows,and background B-flows through adaptiveweighting.Theproposed framework employs a customized state space comprising node labels,link bandwidth,delaymetrics,and path length.It incorporates an action space derived fromnode weights and a hybrid reward function that integrates both single-step and multi-step excitation mechanisms.Based on these components,a hierarchical architecture is designed,effectively integrating the data plane,control plane,and knowledge plane.In particular,the adaptive expert mechanism is introduced,which triggers the shortest path algorithm in the training process to accelerate convergence,reduce trial and error costs,and maintain stability.Experiments across diverse real-world network topologies demonstrate that DRL-AMIR achieves a 15–20%reduction in K-flow transmission delays,a 10–15%improvement in link bandwidth utilization compared to SPR,QoSR,and DRSIR,and a 30%faster convergence speed via adaptive expert mechanisms.展开更多
Zero trust architecture is an end-to-end approach for server resources and data security which contains identity authentication,access control,dynamic evaluation,and so on.This work focuses on authentication technolog...Zero trust architecture is an end-to-end approach for server resources and data security which contains identity authentication,access control,dynamic evaluation,and so on.This work focuses on authentication technology in the zero trust network.In this paper,a Traceable Universal Designated Verifier Signature(TUDVS) is used to construct a privacy-preserving authentication scheme for zero trust architecture.Specifically,when a client requests access to server resources,we want to protect the client's access privacy which means that the server administrator cannot disclose the client's access behavior to any third party.In addition,the security of the proposed scheme is proved and its efficiency is analyzed.Finally,TUDVS is applied to the single packet authorization scenario of the zero trust architecture to prove the practicability of the proposed scheme.展开更多
The adoption of Cloud Computing services in everyday business life has grown rapidly in recent years due to the many benefits of this paradigm. The various collaboration tools offered by Cloud Computing have eliminate...The adoption of Cloud Computing services in everyday business life has grown rapidly in recent years due to the many benefits of this paradigm. The various collaboration tools offered by Cloud Computing have eliminated or reduced the notion of distance between entities of the same company or between different organizations. This has led to an increase in the need to share resources (data and services). Community Cloud environments have thus emerged to facilitate interactions between organizations with identical needs and with specific and high security requirements. However, establishing trust and secure resource sharing relationships is a major challenge in this type of complex and heterogeneous environment. This paper proposes a trust assessment model (SeComTrust) based on the Zero Trust cybersecurity strategy. First, the paper introduces a community cloud architecture subdivided into different security domains. Second, it presents a process for selecting a trusted organization for an exchange based on direct or recommended trust value and reputation. Finally, a system for promoting or relegating organizations in the different security domains is applied. Experimental results show that our model guarantees the scalability of a community cloud with a high success rate of secure and quality resource sharing.展开更多
Cybercrime is projected to cost a whopping $23.8 Trillion by 2027. This is essentially because there’s no computer network that’s not vulnerable. Fool-proof cybersecurity of personal data in a connected computer is ...Cybercrime is projected to cost a whopping $23.8 Trillion by 2027. This is essentially because there’s no computer network that’s not vulnerable. Fool-proof cybersecurity of personal data in a connected computer is considered practically impossible. The advent of quantum computers (QC) will worsen cybersecurity. QC will be a boon for data-intensive industries by drastically reducing the computing time from years to minutes. But QC will render our current cryptography vulnerable to quantum attacks, breaking nearly all modern cryptographic systems. Before QCs with sufficient qubits arrive, we must be ready with quantum-safe strategies to protect our ICT infrastructures. Post-quantum cryptography (PQC) is being aggressively pursued worldwide as a defence from the potential Q-day threat. NIST (National Institute of Standards and Technology), in a rigorous process, tested 82 PQC schemes, 80 of which failed after the final round in 2022. Recently the remaining two PQCs were also cracked by a Swedish and a French team of cryptographers, placing NIST’s PQC standardization process in serious jeopardy. With all the NIST-evaluated PQCs failing, there’s an urgent need to explore alternate strategies. Although cybersecurity heavily relies on cryptography, recent evidence indicates that it can indeed transcend beyond encryption using Zero Vulnerability Computing (ZVC) technology. ZVC is an encryption-agnostic absolute zero trust (AZT) approach that can potentially render computers quantum resistant by banning all third-party permissions, a root cause of most vulnerabilities. Unachievable in legacy systems, AZT is pursued by an experienced consortium of European partners to build compact, solid-state devices that are robust, resilient, energy-efficient, and with zero attack surface, rendering them resistant to malware and future Q-Day threats.展开更多
The traditional air traffic control information sharing data has weak security characteristics of personal privacy data and poor effect,which is easy to leads to the problem that the data is usurped.Starting from the ...The traditional air traffic control information sharing data has weak security characteristics of personal privacy data and poor effect,which is easy to leads to the problem that the data is usurped.Starting from the application of the ATC(automatic train control)network,this paper focuses on the zero trust and zero trust access strategy and the tamper-proof method of information-sharing network data.Through the improvement of ATC’s zero trust physical layer authentication and network data distributed feature differentiation calculation,this paper reconstructs the personal privacy scope authentication structure and designs a tamper-proof method of ATC’s information sharing on the Internet.From the single management authority to the unified management of data units,the systematic algorithm improvement of shared network data tamper prevention method is realized,and RDTP(Reliable Data Transfer Protocol)is selected in the network data of information sharing resources to realize the effectiveness of tamper prevention of air traffic control data during transmission.The results show that this method can reasonably avoid the tampering of information sharing on the Internet,maintain the security factors of air traffic control information sharing on the Internet,and the Central Processing Unit(CPU)utilization rate is only 4.64%,which effectively increases the performance of air traffic control data comprehensive security protection system.展开更多
As a progressive security strategy,the zero trust model has attracted notable attention and importance within the realm of network security,especially in the context of the Internet of Things(IoT).This paper aims to e...As a progressive security strategy,the zero trust model has attracted notable attention and importance within the realm of network security,especially in the context of the Internet of Things(IoT).This paper aims to evaluate the current research regarding zero trust and to highlight its practical applications in the IoT sphere through extensive bibliometric analysis.We also delve into the vulnerabilities of IoT and explore the potential role of zero trust security in mitigating these risks via a thorough review of relevant security schemes.Nevertheless,the challenges associated with implementing zero trust security are acknowledged.We provide a summary of these issues and suggest possible pathways for future research aimed at overcoming these challenges.Ultimately,this study aims to serve as a strategic analysis of the zero trust model,intending to empower scholars in the field to pursue deeper and more focused research in the future.展开更多
Zero trust architecture(ZTA)is a paradigm shift in how we protect data,stay connected and access resources.ZTA is non-perimeter-based defence,which has been emerging as a promising revolution in the cyber security fie...Zero trust architecture(ZTA)is a paradigm shift in how we protect data,stay connected and access resources.ZTA is non-perimeter-based defence,which has been emerging as a promising revolution in the cyber security field.It can be used to continuously maintain security by safeguarding against attacks both from inside and outside of the network system.However,ZTA automation and orchestration,towards seamless deployment on real-world networks,has been limited to be reviewed in the existing literature.In this paper,we first identify the bottlenecks,discuss the background of ZTA and compare it with traditional perimeter-based security architectures.More importantly,we provide an in-depth analysis of state-of-the-art AI techniques that have the potential in the automation and orchestration of ZTA.Overall,in this review paper,we develop a foundational view on the challenges and potential enablers for the automation and orchestration of ZTA.展开更多
Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier ap...Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier approaches such as Port Knocking(PK)and Single Packet Authorization(SPA)introduced pre-authentication concepts,they suffer from limitations including plaintext communication,protocol dependency,reliance on dedicated clients,and inefficiency under modern network conditions.These constraints hinder their applicability in emerging distributed and resource-constrained environments such as AIoT and browser-based systems.To address these challenges,this study proposes a novel port-sequence-based PAPC scheme structured as a modular model comprising a client,server,and ephemeral Key Management System(KMS).The system employs the Advanced Encryption Standard(AES-128)to protect message confidentiality and uses a Hash-Based Message Authentication Code(HMAC-SHA256)to ensure integrity.Authentication messages are securely fragmented and mapped to destination port numbers using a signature-based avoidance algorithm,which prevents collisions with unsafe or reserved port ranges.The server observes incoming port sequences,retrieves the necessary keys from the KMS,reconstructs and verifies the encrypted data,and conditionally updates firewall policies.Unlike SPA,which requires decrypting all incoming payloads and imposes server-side overhead,the proposed system verifies only port-derived fragments,significantly reducing computational burden.Furthermore,it eliminates the need for raw socket access or custom clients,supporting browser-based operation and enabling protocol-independent deployment.Through a functional web-based prototype and emulated testing,the system achieved an F1-score exceeding 95%in detecting unauthorized access while maintaining low resource overhead.Although port sequence generation introduces some client-side cost,it remains lightweight and scalable.By tightly integrating lightweight cryptographic algorithms with a transport-layer communication model,this work presents a conceptually validated architecture that contributes a novel direction for interoperable and scalable Zero Trust enforcement in future network ecosystems.展开更多
基金supported by the National Natural Science Foundation of China(Grants Nos.62473146,62072249 and 62072056)the National Science Foundation of Hunan Province(Grant No.2024JJ3017)+1 种基金the Hunan Provincial Key Research and Development Program(Grant No.2022GK2019)by the Researchers Supporting Project Number(RSP2024R509),King Saud University,Riyadh,Saudi Arabia.
文摘In the context of an increasingly severe cybersecurity landscape and the growing complexity of offensive and defen-sive techniques,Zero Trust Networks(ZTN)have emerged as a widely recognized technology.Zero Trust not only addresses the shortcomings of traditional perimeter security models but also consistently follows the fundamental principle of“never trust,always verify.”Initially proposed by John Cortez in 2010 and subsequently promoted by Google,the Zero Trust model has become a key approach to addressing the ever-growing security threats in complex network environments.This paper systematically compares the current mainstream cybersecurity models,thoroughly explores the advantages and limitations of the Zero Trust model,and provides an in-depth review of its components and key technologies.Additionally,it analyzes the latest research achievements in the application of Zero Trust technology across various fields,including network security,6G networks,the Internet of Things(IoT),and cloud computing,in the context of specific use cases.The paper also discusses the innovative contributions of the Zero Trust model in these fields,the challenges it faces,and proposes corresponding solutions and future research directions.
基金supported by the National Natural Science Foundation of China(U22B2026)the ZTE Industry-Academia-Research Project(HC-CN-20221029003,IA20230628015)。
文摘With the introduction of 5G,users and devices can access the industrial network from anywhere in the world.Therefore,traditional perimeter-based security technologies for industrial networks can no longer work well.To solve this problem,a new security model called Zero Trust(ZT)is desired,which believes in“never trust and always verify”.Every time the asset in the industrial network is accessed,the subject is authenticated and its trustworthiness is assessed.In this way,the asset in industrial network can be well protected,whether the subject is in the internal network or the external network.However,in order to construct the zero trust model in the 5G Industrial Internet collaboration system,there are still many problems to be solved.In this paper,we first introduce the security issues in the 5G Industrial Internet collaboration system,and illustrate the zero trust architecture.Then,we analyze the gap between existing security techniques and the zero trust architecture.Finally,we discuss several potential security techniques that can be used to implement the zero trust model.The purpose of this paper is to point out the further direction for the realization of the Zero Trust Architecture(ZTA)in the 5G Industrial Internet collaboration system.
文摘As industrialization and informatization in China deeply integrate and the Internet of Things rapidly develops,industrial control systems are facing increasingly severe information security challenges.The industrial control system of the gas extraction plant is characterized by numerous points and centralized operations,with a strong reliance on the system and stringent real-time requirements.
基金supported in part by Scientific Research Fund of Zhejiang Provincial Education Department under Grant Y202351110in part by Huzhou Science and Technology Plan Project under Grant 2024YZ23+1 种基金in part by Research Fund of National Key Laboratory of Advanced Communication Networks under Grant SCX23641X004in part by Postgraduate Research and Innovation Project of Huzhou University under Grant 2024KYCX50.
文摘Zero Trust Network(ZTN)enhances network security through strict authentication and access control.However,in the ZTN,optimizing flow control to improve the quality of service is still facing challenges.Software Defined Network(SDN)provides solutions through centralized control and dynamic resource allocation,but the existing scheduling methods based on Deep Reinforcement Learning(DRL)are insufficient in terms of convergence speed and dynamic optimization capability.To solve these problems,this paper proposes DRL-AMIR,which is an efficient flow scheduling method for software defined ZTN.This method constructs a flow scheduling optimization model that comprehensively considers service delay,bandwidth occupation,and path hops.Additionally,it balances the differentiated requirements of delay-critical K-flows,bandwidth-intensive D-flows,and background B-flows through adaptiveweighting.Theproposed framework employs a customized state space comprising node labels,link bandwidth,delaymetrics,and path length.It incorporates an action space derived fromnode weights and a hybrid reward function that integrates both single-step and multi-step excitation mechanisms.Based on these components,a hierarchical architecture is designed,effectively integrating the data plane,control plane,and knowledge plane.In particular,the adaptive expert mechanism is introduced,which triggers the shortest path algorithm in the training process to accelerate convergence,reduce trial and error costs,and maintain stability.Experiments across diverse real-world network topologies demonstrate that DRL-AMIR achieves a 15–20%reduction in K-flow transmission delays,a 10–15%improvement in link bandwidth utilization compared to SPR,QoSR,and DRSIR,and a 30%faster convergence speed via adaptive expert mechanisms.
基金supported in part by the National Natural Science Foundation of China(No.61702067)in part by the Natural Science Foundation of Chongqing(No.cstc2020jcyj-msxmX0343).
文摘Zero trust architecture is an end-to-end approach for server resources and data security which contains identity authentication,access control,dynamic evaluation,and so on.This work focuses on authentication technology in the zero trust network.In this paper,a Traceable Universal Designated Verifier Signature(TUDVS) is used to construct a privacy-preserving authentication scheme for zero trust architecture.Specifically,when a client requests access to server resources,we want to protect the client's access privacy which means that the server administrator cannot disclose the client's access behavior to any third party.In addition,the security of the proposed scheme is proved and its efficiency is analyzed.Finally,TUDVS is applied to the single packet authorization scenario of the zero trust architecture to prove the practicability of the proposed scheme.
文摘The adoption of Cloud Computing services in everyday business life has grown rapidly in recent years due to the many benefits of this paradigm. The various collaboration tools offered by Cloud Computing have eliminated or reduced the notion of distance between entities of the same company or between different organizations. This has led to an increase in the need to share resources (data and services). Community Cloud environments have thus emerged to facilitate interactions between organizations with identical needs and with specific and high security requirements. However, establishing trust and secure resource sharing relationships is a major challenge in this type of complex and heterogeneous environment. This paper proposes a trust assessment model (SeComTrust) based on the Zero Trust cybersecurity strategy. First, the paper introduces a community cloud architecture subdivided into different security domains. Second, it presents a process for selecting a trusted organization for an exchange based on direct or recommended trust value and reputation. Finally, a system for promoting or relegating organizations in the different security domains is applied. Experimental results show that our model guarantees the scalability of a community cloud with a high success rate of secure and quality resource sharing.
文摘Cybercrime is projected to cost a whopping $23.8 Trillion by 2027. This is essentially because there’s no computer network that’s not vulnerable. Fool-proof cybersecurity of personal data in a connected computer is considered practically impossible. The advent of quantum computers (QC) will worsen cybersecurity. QC will be a boon for data-intensive industries by drastically reducing the computing time from years to minutes. But QC will render our current cryptography vulnerable to quantum attacks, breaking nearly all modern cryptographic systems. Before QCs with sufficient qubits arrive, we must be ready with quantum-safe strategies to protect our ICT infrastructures. Post-quantum cryptography (PQC) is being aggressively pursued worldwide as a defence from the potential Q-day threat. NIST (National Institute of Standards and Technology), in a rigorous process, tested 82 PQC schemes, 80 of which failed after the final round in 2022. Recently the remaining two PQCs were also cracked by a Swedish and a French team of cryptographers, placing NIST’s PQC standardization process in serious jeopardy. With all the NIST-evaluated PQCs failing, there’s an urgent need to explore alternate strategies. Although cybersecurity heavily relies on cryptography, recent evidence indicates that it can indeed transcend beyond encryption using Zero Vulnerability Computing (ZVC) technology. ZVC is an encryption-agnostic absolute zero trust (AZT) approach that can potentially render computers quantum resistant by banning all third-party permissions, a root cause of most vulnerabilities. Unachievable in legacy systems, AZT is pursued by an experienced consortium of European partners to build compact, solid-state devices that are robust, resilient, energy-efficient, and with zero attack surface, rendering them resistant to malware and future Q-Day threats.
基金This work was supported by National Natural Science Foundation of China(U2133208,U20A20161).
文摘The traditional air traffic control information sharing data has weak security characteristics of personal privacy data and poor effect,which is easy to leads to the problem that the data is usurped.Starting from the application of the ATC(automatic train control)network,this paper focuses on the zero trust and zero trust access strategy and the tamper-proof method of information-sharing network data.Through the improvement of ATC’s zero trust physical layer authentication and network data distributed feature differentiation calculation,this paper reconstructs the personal privacy scope authentication structure and designs a tamper-proof method of ATC’s information sharing on the Internet.From the single management authority to the unified management of data units,the systematic algorithm improvement of shared network data tamper prevention method is realized,and RDTP(Reliable Data Transfer Protocol)is selected in the network data of information sharing resources to realize the effectiveness of tamper prevention of air traffic control data during transmission.The results show that this method can reasonably avoid the tampering of information sharing on the Internet,maintain the security factors of air traffic control information sharing on the Internet,and the Central Processing Unit(CPU)utilization rate is only 4.64%,which effectively increases the performance of air traffic control data comprehensive security protection system.
基金supported by the Youth Innovation Promotion Association CAS,the Foundation Strengthening Program Technical Area Fund(No.2021-JCJQJJ-0908)the Climbing Program of the Institute of Information Engineering,Chinese Academy of Sciences(No.E3Z0071116)the Key Laboratory of Network Assessment Technology at Chinese Academy of Sciences and Beijing Key Laboratory of Network security and Protection Technology.
文摘As a progressive security strategy,the zero trust model has attracted notable attention and importance within the realm of network security,especially in the context of the Internet of Things(IoT).This paper aims to evaluate the current research regarding zero trust and to highlight its practical applications in the IoT sphere through extensive bibliometric analysis.We also delve into the vulnerabilities of IoT and explore the potential role of zero trust security in mitigating these risks via a thorough review of relevant security schemes.Nevertheless,the challenges associated with implementing zero trust security are acknowledged.We provide a summary of these issues and suggest possible pathways for future research aimed at overcoming these challenges.Ultimately,this study aims to serve as a strategic analysis of the zero trust model,intending to empower scholars in the field to pursue deeper and more focused research in the future.
文摘Zero trust architecture(ZTA)is a paradigm shift in how we protect data,stay connected and access resources.ZTA is non-perimeter-based defence,which has been emerging as a promising revolution in the cyber security field.It can be used to continuously maintain security by safeguarding against attacks both from inside and outside of the network system.However,ZTA automation and orchestration,towards seamless deployment on real-world networks,has been limited to be reviewed in the existing literature.In this paper,we first identify the bottlenecks,discuss the background of ZTA and compare it with traditional perimeter-based security architectures.More importantly,we provide an in-depth analysis of state-of-the-art AI techniques that have the potential in the automation and orchestration of ZTA.Overall,in this review paper,we develop a foundational view on the challenges and potential enablers for the automation and orchestration of ZTA.
基金supported by Institute for Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.RS-2022-II221200)Convergence Security Core Talent Training Business(Chungnam National University).
文摘Pre-Authentication and Post-Connection(PAPC)plays a crucial role in realizing the Zero Trust security model by ensuring that access to network resources is granted only after successful authentication.While earlier approaches such as Port Knocking(PK)and Single Packet Authorization(SPA)introduced pre-authentication concepts,they suffer from limitations including plaintext communication,protocol dependency,reliance on dedicated clients,and inefficiency under modern network conditions.These constraints hinder their applicability in emerging distributed and resource-constrained environments such as AIoT and browser-based systems.To address these challenges,this study proposes a novel port-sequence-based PAPC scheme structured as a modular model comprising a client,server,and ephemeral Key Management System(KMS).The system employs the Advanced Encryption Standard(AES-128)to protect message confidentiality and uses a Hash-Based Message Authentication Code(HMAC-SHA256)to ensure integrity.Authentication messages are securely fragmented and mapped to destination port numbers using a signature-based avoidance algorithm,which prevents collisions with unsafe or reserved port ranges.The server observes incoming port sequences,retrieves the necessary keys from the KMS,reconstructs and verifies the encrypted data,and conditionally updates firewall policies.Unlike SPA,which requires decrypting all incoming payloads and imposes server-side overhead,the proposed system verifies only port-derived fragments,significantly reducing computational burden.Furthermore,it eliminates the need for raw socket access or custom clients,supporting browser-based operation and enabling protocol-independent deployment.Through a functional web-based prototype and emulated testing,the system achieved an F1-score exceeding 95%in detecting unauthorized access while maintaining low resource overhead.Although port sequence generation introduces some client-side cost,it remains lightweight and scalable.By tightly integrating lightweight cryptographic algorithms with a transport-layer communication model,this work presents a conceptually validated architecture that contributes a novel direction for interoperable and scalable Zero Trust enforcement in future network ecosystems.
