Zero Trust Architecture for IoT Device Ecosystems

  • Authors

    • Hani Al-Balasmeh Dept of Informatics Engineering, College of Engineering, University of Technology, Bahrain (UTB)
    https://doi.org/10.14419/r30vpf59

    Received date: July 18, 2025

    Accepted date: August 19, 2025

    Published date: August 31, 2025

  • Zero Trust Architecture (ZTA); Internet of Things (IoT); IoT Security; Access Control; Lateral Threat Containment

  • Abstract

    The rapid proliferation of Internet of Things (IoT) devices has introduced critical security challenges stemming from device heterogeneity, limited native safeguards, and expanded attack surfaces. Traditional perimeter-based security models are increasingly ineffective against modern threats, particularly lateral movement and insider attacks. This paper presents the design, implementation, and evaluation of a light-weight Zero Trust Architecture for IoT (ZT-IoT) that enforces continuous authentication, context-aware access control, and behavioral anomaly detection. Unlike prior ZTA frameworks that incur high computational costs or depend on blockchain consensus mechanisms, ZT-IoT is optimized for resource-constrained environments through mutual TLS, adaptive micro-segmentation, and telemetry-driven enforcement. A hybrid evaluation—combining simulated cyberattack scenarios with real-world IoT testbeds—demonstrates that ZT-IoT reduces unauthorized access attempts by 95%, completely prevents insider privilege escalation, detects lateral threats in under three minutes, and blocks all data tampering and replay attacks. Moreover, large-scale simulations with 1,000 heterogeneous nodes confirmed its scalability, maintaining detection times under three minutes with less than 12% RAM overhead. These findings validate ZT-IoT as a practical, scalable, and energy-efficient security paradigm, positioning it for deployment in critical domains such as smart cities, industrial IoT, and remote healthcare systems.

  • References

    1. E. Fernandes, J. Jung, and A. Prakash, “Security Challenges in IoT Systems,” ACM Trans. Internet Technol., vol. 20, no. 4, pp. 1–24, 2020. doi:10.1145/3398891
    2. M. Zhang, Y. Liu, and H. Chen, “Botnet-based DDoS Attacks in IoT: A Survey,” IEEE Comm. Surveys & Tutorials, vol. 23, no. 1, pp. 1027–1051, 2021. doi:10.1109/COMST.2020.2985602
    3. A. Kumar and S. Tripathi, “Software-Defined Perimeter for IoT Security,” J. Network Comput. Appl., vol. 192, p. 102865, 2022. doi:10.1016/j.jnca.2021.102865
    4. A. Alshamrani, H. Alqahtani, and M. Zohdy, “Blockchain-Enhanced Zero Trust for IoT Security,” Comput. & Security, vol. 125, p. 102972, 2023. doi:10.1016/j.cose.2023.102972
    5. NIST, “Zero Trust Architecture,” NIST SP 800-207, U.S. Department of Commerce, 2020. Available: https://doi.org/10.6028/NIST.SP.800-207
    6. S. Syed, T. Lee, and P. Rad, “End-to-End IoT Security with Zero Trust,” Sensors, vol. 23, no. 2, p. 552, 2023. doi:10.3390/s23020552
    7. M. Pathak and V. Sharma, “Securing Smart Infrastructure with Zero Trust,” IEEE Internet Things J., vol. 10, no. 6, pp. 4523–4535, 2023. doi:10.1109/JIOT.2022.3212345
    8. J. Miller and K. Thomas, “Dynamic Trust in Resource-Constrained IoT Devices,” Ad Hoc Netw., vol. 135, p. 102957, 2023. doi:10.1016/j.adhoc.2022.102957
    9. R. Bobelin, “Zero Trust in Industrial IoT: Real-World Implementation,” Computer, vol. 55, no. 12, pp. 48–57, 2022. doi:10.1109/MC.2022.3166828
    10. L. Gomez, M. Kantarcioglu, and C. Clark, “Privacy-Aware ZTA for Healthcare IoT Systems,” J. Biomed. Inform., vol. 127, p. 104020, 2022. doi:10.1016/j.jbi.2022.104020
    11. P. Banerjee and S. Hussain, "Performance of Zero Trust Networks in Smart Homes," IEEE Access, vol. 9, pp. 120303–120317, 2021. doi:10.1109/ACCESS.2021.3100101
    12. R. Haque, “Zero Trust Architectures for Cloud-Integrated IoT,” Future Gener. Comput. Syst., vol. 130, pp. 202–215, 2022. doi:10.1016/j.future.2022.01.031
    13. A. Khokhar and D. Patel, “Lightweight Authentication in IoT via Zero Trust,” Information Systems, vol. 112, p. 102089, 2023. doi:10.1016/j.is.2022.102089
    14. J. Buck, L. Roberts, and K. Thomas, “Micro-Segmentation in Zero Trust IoT,” Ad Hoc Netw., vol. 135, p. 102957, 2023. doi:10.1016/j.adhoc.2022.102957
    15. J. Singh, N. Gupta, “Implementing Zero Trust Frameworks for IIoT,” Procedia Comput. Sci., vol. 199, pp. 1080–1087, 2022. doi:10.1016/j.procs.2022.01.110
    16. C. Okporokpo, A. Musa, and F. Adeyemi, “Dynamic Trust Modeling for Zero Trust IoT Networks,” IEEE Access, vol. 12, pp. 12456–12469, 2024. doi:10.1109/ACCESS.2023.3298765
    17. S. Aaqib, N. Khan, and M. Rahman, “Trust and Reputation in IoT Security,” IEEE Trans. Ind. Informat., vol. 20, no. 1, pp. 110–125, 2024. doi:10.1109/TII.2023.3309821
    18. R. Ramezan and M. Meamari, “zk-IoT: Zero-Knowledge Proof-Based Zero Trust for IoT Devices,” IEEE Trans. Depend. Secure Comput., vol. 21, no. 3, pp. 987–999, 2024. doi:10.1109/TDSC.2023.3294058
    19. J. Li, Z. Xu, and T. Sun, “Zero Trust Foundation Models for AI-Powered IoT Security,” Procedia Comput. Sci., vol. 226, pp. 134–145, 2024. doi:10.1016/j.procs.2023.08.015
    20. Y. Li, H. Wang, and X. Liu, “AI-Driven Zero Trust Security for IoT Networks,” IEEE Internet Things J., vol. 11, no. 2, pp. 345–357, 2024. doi:10.1109/JIOT.2023.3294021
    21. A. Sharma, S. Rani, and W. Boulila, “Blockchain-based Zero Trust Networks with Federated Transfer Learning for IoT Security in Industry 5.0,” PLOS ONE, vol. 20, no. 6, p. e0323241, 2025. doi:10.1371/journal.pone.0323241
    22. M. Ragab, E. Bahaudien Ashary, B. M. Alghamdi et al., “Advanced Artificial Intelligence with a Federated Learning Framework for Privacy-Preserving Cyberthreat Detection in IoT-Assisted Sustainable Smart Cities,” Sci. Rep., vol. 15, Article 4470, 2025. doi:10.1038/s41598-025-88843-2
    23. C. Liu, “Dissecting Zero Trust: Research Landscape and Its Applications in IoT,” Cybersecurity, vol. 7, Article 24, 2024. doi:10.1186/s42400-024-00212-0
    24. S. S. Sefati et al., “Cybersecurity in a Scalable Smart City Framework Using Blockchain and Federated Learning for IoT,” Smart Cities, vol. 7, no. 5, pp. 2802–2841, 2024. doi:10.3390/smartcities7050109

  • Downloads

  • How to Cite

    Al-Balasmeh, H. (2025). Zero Trust Architecture for IoT Device Ecosystems. International Journal of Basic and Applied Sciences, 14(4), 818-825. https://doi.org/10.14419/r30vpf59