Zero Trust Architecture for IoT Device Ecosystems

Authors and Affiliations

  • Hani Al-Balasmeh Dept of Informatics Engineering, College of Engineering, University of Technology, Bahrain (UTB)

About this article

Keywords:

Zero Trust Architecture (ZTA); Internet of Things (IoT); IoT Security; Access Control; Lateral Threat Containment

Abstract

The rapid proliferation of Internet of Things (IoT) devices has introduced critical security challenges stemming from device heterogeneity, limited native safeguards, and expanded attack surfaces. Traditional perimeter-based security models are increasingly ineffective against modern threats, particularly lateral movement and insider attacks. This paper presents the design, implementation, and evaluation of a light-weight Zero Trust Architecture for IoT (ZT-IoT) that enforces continuous authentication, context-aware access control, and behavioral anomaly detection. Unlike prior ZTA frameworks that incur high computational costs or depend on blockchain consensus mechanisms, ZT-IoT is optimized for resource-constrained environments through mutual TLS, adaptive micro-segmentation, and telemetry-driven enforcement. A hybrid evaluation—combining simulated cyberattack scenarios with real-world IoT testbeds—demonstrates that ZT-IoT reduces unauthorized access attempts by 95%, completely prevents insider privilege escalation, detects lateral threats in under three minutes, and blocks all data tampering and replay attacks. Moreover, large-scale simulations with 1,000 heterogeneous nodes confirmed its scalability, maintaining detection times under three minutes with less than 12% RAM overhead. These findings validate ZT-IoT as a practical, scalable, and energy-efficient security paradigm, positioning it for deployment in critical domains such as smart cities, industrial IoT, and remote healthcare systems.

References

E. Fernandes, J. Jung, and A. Prakash, “Security Challenges in IoT Systems,” ACM Trans. Internet Technol., vol. 20, no. 4, pp. 1–24, 2020. doi:10.1145/3398891

M. Zhang, Y. Liu, and H. Chen, “Botnet-based DDoS Attacks in IoT: A Survey,” IEEE Comm. Surveys & Tutorials, vol. 23, no. 1, pp. 1027–1051, 2021. doi:10.1109/COMST.2020.2985602

A. Kumar and S. Tripathi, “Software-Defined Perimeter for IoT Security,” J. Network Comput. Appl., vol. 192, p. 102865, 2022. doi:10.1016/j.jnca.2021.102865

A. Alshamrani, H. Alqahtani, and M. Zohdy, “Blockchain-Enhanced Zero Trust for IoT Security,” Comput. & Security, vol. 125, p. 102972, 2023. doi:10.1016/j.cose.2023.102972

NIST, “Zero Trust Architecture,” NIST SP 800-207, U.S. Department of Commerce, 2020. Available: https://doi.org/10.6028/NIST.SP.800-207

View more references (19)

S. Syed, T. Lee, and P. Rad, “End-to-End IoT Security with Zero Trust,” Sensors, vol. 23, no. 2, p. 552, 2023. doi:10.3390/s23020552

M. Pathak and V. Sharma, “Securing Smart Infrastructure with Zero Trust,” IEEE Internet Things J., vol. 10, no. 6, pp. 4523–4535, 2023. doi:10.1109/JIOT.2022.3212345

J. Miller and K. Thomas, “Dynamic Trust in Resource-Constrained IoT Devices,” Ad Hoc Netw., vol. 135, p. 102957, 2023. doi:10.1016/j.adhoc.2022.102957

R. Bobelin, “Zero Trust in Industrial IoT: Real-World Implementation,” Computer, vol. 55, no. 12, pp. 48–57, 2022. doi:10.1109/MC.2022.3166828

L. Gomez, M. Kantarcioglu, and C. Clark, “Privacy-Aware ZTA for Healthcare IoT Systems,” J. Biomed. Inform., vol. 127, p. 104020, 2022. doi:10.1016/j.jbi.2022.104020

P. Banerjee and S. Hussain, "Performance of Zero Trust Networks in Smart Homes," IEEE Access, vol. 9, pp. 120303–120317, 2021. doi:10.1109/ACCESS.2021.3100101

R. Haque, “Zero Trust Architectures for Cloud-Integrated IoT,” Future Gener. Comput. Syst., vol. 130, pp. 202–215, 2022. doi:10.1016/j.future.2022.01.031

A. Khokhar and D. Patel, “Lightweight Authentication in IoT via Zero Trust,” Information Systems, vol. 112, p. 102089, 2023. doi:10.1016/j.is.2022.102089

J. Buck, L. Roberts, and K. Thomas, “Micro-Segmentation in Zero Trust IoT,” Ad Hoc Netw., vol. 135, p. 102957, 2023. doi:10.1016/j.adhoc.2022.102957

J. Singh, N. Gupta, “Implementing Zero Trust Frameworks for IIoT,” Procedia Comput. Sci., vol. 199, pp. 1080–1087, 2022. doi:10.1016/j.procs.2022.01.110

C. Okporokpo, A. Musa, and F. Adeyemi, “Dynamic Trust Modeling for Zero Trust IoT Networks,” IEEE Access, vol. 12, pp. 12456–12469, 2024. doi:10.1109/ACCESS.2023.3298765

S. Aaqib, N. Khan, and M. Rahman, “Trust and Reputation in IoT Security,” IEEE Trans. Ind. Informat., vol. 20, no. 1, pp. 110–125, 2024. doi:10.1109/TII.2023.3309821

R. Ramezan and M. Meamari, “zk-IoT: Zero-Knowledge Proof-Based Zero Trust for IoT Devices,” IEEE Trans. Depend. Secure Comput., vol. 21, no. 3, pp. 987–999, 2024. doi:10.1109/TDSC.2023.3294058

J. Li, Z. Xu, and T. Sun, “Zero Trust Foundation Models for AI-Powered IoT Security,” Procedia Comput. Sci., vol. 226, pp. 134–145, 2024. doi:10.1016/j.procs.2023.08.015

Y. Li, H. Wang, and X. Liu, “AI-Driven Zero Trust Security for IoT Networks,” IEEE Internet Things J., vol. 11, no. 2, pp. 345–357, 2024. doi:10.1109/JIOT.2023.3294021

A. Sharma, S. Rani, and W. Boulila, “Blockchain-based Zero Trust Networks with Federated Transfer Learning for IoT Security in Industry 5.0,” PLOS ONE, vol. 20, no. 6, p. e0323241, 2025. doi:10.1371/journal.pone.0323241

M. Ragab, E. Bahaudien Ashary, B. M. Alghamdi et al., “Advanced Artificial Intelligence with a Federated Learning Framework for Privacy-Preserving Cyberthreat Detection in IoT-Assisted Sustainable Smart Cities,” Sci. Rep., vol. 15, Article 4470, 2025. doi:10.1038/s41598-025-88843-2

C. Liu, “Dissecting Zero Trust: Research Landscape and Its Applications in IoT,” Cybersecurity, vol. 7, Article 24, 2024. doi:10.1186/s42400-024-00212-0

S. S. Sefati et al., “Cybersecurity in a Scalable Smart City Framework Using Blockchain and Federated Learning for IoT,” Smart Cities, vol. 7, no. 5, pp. 2802–2841, 2024. doi:10.3390/smartcities7050109


How to Cite

Al-Balasmeh, H. (2025). Zero Trust Architecture for IoT Device Ecosystems. International Journal of Basic and Applied Sciences, 14(4), 818-825. https://doi.org/10.14419/r30vpf59

Downloads