Authors: L. Wang, Y. Chen, T. Wu, S. Hu

Abstract:

In order to enhance the security of critical financial infrastructure, this study carries out a transformation of the architecture of a financial trading terminal to a zero trust architecture (ZTA), constructs an active defense system for the cybersecurity, improves the security level of trading services in the Internet environment, enhances the ability to prevent network attacks and unknown risks, and reduces the industry and security risks brought about by cybersecurity risks. This study introduces Software Defined Perimeter (SDP) technology of ZTA, adapts and applies it to a financial trading terminal to achieve security optimization and fine-grained business grading control. The upgraded architecture of the trading terminal moves security protection forward to the user access layer, replaces VPN to optimize remote access and significantly improves the security protection capability of Internet transactions. The study achieves: 1. deep integration with the access control architecture of the transaction system; 2. no impact on the performance of terminals and gateways, and no perception of application system upgrades; 3. customized checklist and policy configuration; 4. introduction of industry-leading security technology such as single-packet authorization (SPA) and secondary authentication. This study carries out a successful application of ZTA in the field of financial trading, and provides transformation ideas for other similar systems while improving the security level of financial transaction services in the Internet environment.

Keywords: Zero trust, trading terminal, architecture, network security, cybersecurity.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 122

References:

[1] J. Kindervag, Build Security into your Network’s DNA: the Zero Trust Network Architecture. Forrester Research Inc 27, 2010.
[2] S. Rose, O. Borchert, S. Mitchell, S. Connelly, Zero Trust Architecture. NIST Special Publication (SP). pp. 800–207, 2020.
[3] Software Defined Perimeter Working Group, SDP Specification 1.0. Cloud Security Alliance, 2014.
[4] Software Defined Perimeter Working Group-Cloud Security Alliance (CSA), Software Defined Perimeter, 2013.
[5] P. Kumar, A. Moubayed, A. Refaey, A. Shami, J. Koilpillai, “Performance Analysis of SDP for Secure Internal Enterprises,” in Proceedings of the 2019 IEEE Wireless Communications and Networking Conference (WCNC’19), pp. 1–6, 2009.
[6] S. Nair, “SDP Based Zero-Trust Architectures,” in Proceedings of the 2022 ACM on International Workshop on Security and Privacy Analytics (IWSPA ’22) , New York, 2022.
[7] I. A. Mohammed, “Identity and Access Management System: A Web- Based Approach for an Enterprise,” International Journal of Advanced and Innovative Research, 1(4), pp, 1–7, 2011.
[8] I. A. Mohammed, “Intelligent Authentication for Identity and Access Management: a Review Paper,” International Journal of Management, IT and Engineering (IJMIE), 3(1), pp. 696–705, 2013.
[9] N. Sheikh, M. Pawar, V. Lawrence, “Zero trust using Network Micro Segmentation,” IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 1–6, 2021.
[10] M. Mujib, R. F. Sari, “Design of implementation of a zero trust approach to network micro-segmentation,” International Journal of Advanced Science and Technology, 29(7), pp. 3501–3510, 2020.