Zero-Trust Access Control for IoT in Critical Infrastructure Environments

Open Access
Article
Conference Proceedings
Authors: Osama KhashanSamar MoutiNour KhafajahNachaat MohamedWaleed Alomoush
Abstract

Static permissions in conventional access control systems for the Internet of Things (IoT) are often persistent even after a device has registered in a deployment. Therefore, a compromised device may retain long-lived privileges through a cloned identity, and this increases the likelihood of unauthorized activity and lateral movement in the context of critical infrastructure environments. This paper presents a user-centred access control model that combines zero-trust principles and short-lived capability tokens. Devices are not trusted by default; each service request explicitly carries verifiable authorization. The policy engine issues tokens that bind device identity, target service, permitted operation, validity window, and contextual constraints. Gateways and services validate tokens for each request and deny requests that are expired or out of scope. As a result, misuse is limited without requiring continuous connectivity to the policy engine. The proposed model is also protocol agnostic, and it transports tokens via application-layer message exchanges across heterogeneous IoT stacks. A simulation-based evaluation using a heterogeneous IoT model assesses credential cloning, unauthorized invocation, and compromised-node scenarios. At high compromise levels, unauthorized request success drops from 74% in the baseline to 6% under the proposed model. The operational cost remains moderate, with a mean end-to-end latency increase of about 20% and total communication overhead between 21.25% and 30.75% across the tested token lifetimes. Overhead is split into token carriage and issuance; issuance cost falls as token lifetime grows. The results show reduced unauthorized requests with bounded per-request verification cost and moderate overhead.

Keywords: Zero Trust, Access Control, Internet Of Things (iot), Authorization, Critical Infrastructure, Iot Security

DOI: 10.54941/ahfe1007786

Cite this paper
Downloads
0
Visits
1
Download PDF

More from this volume

A Human-Centered Systems Approach to AI-Enhanced VR Training for Home-Based Peritoneal DialysisA Digital Twin Framework for Uncrewed Systems (UxS): Uncrewed Ground Vehicle (UGV) Use Case
View all articles in Industrial and Systems Engineering