• Smart Media Journal
• /
• v.12 no.2
• /
• pp.15-26
• /
• 2023

Due to the global COVID-19 pandemic, which has led to a shift towards remote work, the frequency of external access to important internal resources by companies has increased exponentially, exposing them to various security threats. In order to address these access security issues, ZTA (Zero Trust Architecture) has gained attention. ZTA operates on the principle of not trusting external or internal users, and manages access authentication and authorization strictly according to pre-established policies. This paper analyzes the definition of ZTA and key research trends, and summarizes different ZTA solutions for each company.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1001-1020
• /
• 2023

As massive increase in remote work since COVID-19, the boundaries between the inside and outside of corporate networks have become blurred. As a result, traditional perimeter security has stagnated business productivity and made it difficult to manage risks such as information leakage. The zero trust architecture model has emerged, but it is difficult to apply to IT environments composed of various companies. Therefore, using the remote work system configuration as an example, we presented a configuration and methodology that can apply zero trust models even in various network environments such as on-premise, cloud, and network separation. Through this, we aim to contribute to the creation of a safe and convenient cyber environment by providing guidance to companies that want to apply zero trust architecture, an intelligent system that actively responds to cyber threats.

• Smart Media Journal
• /
• v.12 no.5
• /
• pp.46-57
• /
• 2023

As the COVID-19 pandemic and the development of IT technology have led to the gradual popularization of remote and telecommuting, cloud computing technology is advancing, and cyber attack techniques are becoming more sophisticated and advanced. In response to these trends, companies are increasingly moving away from traditional perimeter-based security and adopting Zero Trust to strengthen their security. Zero Trust, based on the core principle of doubting and not trusting everything, identifies all traffic and grants access permissions through a strict authentication process to enhance security. In this paper, we analyze the background of Zero Trust adoption and the adoption policies and trends of countries that are proactively promoting its implementation. Additionally, we propose necessary efforts from governments and organizations to strengthen corporate security and considerations for companies when applying Zero Trust.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.83-102
• /
• 2024

Recently, as the use of the cloud increases year by year and remote work within the enterprise has become one of the new types of work, the security of the cloud-based remote work environment has become important. The introduction of zero trust is required due to the limitations of the existing perimeter security model that assumes that everything in the internal network is safe. Accordingly, NIST and DoD published standards related to zero trust architecture, but the security requirements of that standard describe only logical architecture at the abstract level. Therefore, this paper intends to present more detailed security requirements compared to NIST and DoD standards by performing threat modeling for OpenStack clouds. After that, this research team performed a security analysis of commercial cloud services to verify the requirements. As a result of the security analysis, we identified security requirements that each cloud service was not satisfied with. We proposed potential threats and countermeasures for cloud services with zero trust, which aims to help build a secure zero trust-based remote working environment.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.3-11
• /
• 2023

Zero Trust, characterized by the principle of "Never Trust, Always Verify," represents a novel security paradigm. The proliferation of remote work and the widespread use of cloud services have led to the establishment of Work From Anywhere (WFA) environments, where access to corporate systems is possible from any location. In such environments, the boundaries between internal and external networks have become increasingly ambiguous, rendering traditional perimeter security models inadequate to address the complex and diverse nature of cyber threats and attacks. This research paper introduces the implementation principles of Zero Trust and focuses on the Micro Segmentation approach, highlighting its relevance in mitigating the limitations of perimeter security. By leveraging the risk management framework provided by the National Institute of Standards and Technology (NIST), this paper proposes a comprehensive procedure for the adoption of Zero Trust. The aim is to empower organizations to enhance their security strategies.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.2
• /
• pp.265-270
• /
• 2022

With the advent of the Fourth Industrial Revolution, the paradigm of finance is also changing. As remote work becomes more active due to cloud computing and coronavirus, the work environment changes and attack techniques are becoming intelligent and advanced, companies should accept new security models to further strengthen their current security systems. Zero trust security increases security by monitoring all networks and allowing strict authentication and minimal access rights for access requesters with the core concept of doubting and not trusting everything. In addition, the use of NAC and EDR for identification subjects and data to strengthen access control of the zero trust-based security system, and strict identity authentication through MFA will be explained. Therefore, this paper introduces a zero-trust security solution that strengthens existing security systems and presents the direction and validity to be introduced in the financial sector.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.214-216
• /
• 2021

It proposes a plan to strengthen the limitations of existing corporate security systems based on Zero-Trust. With the advent of the era of the Fourth Industrial Revolution, the paradigm of security is also changing. As remote work becomes more active due to cloud computing and COVID-19, security issues arising from the changed IT environment are raised. At the same time, in the current situation where attack techniques are becoming intelligent and advanced, companies should further strengthen their current security systems by utilizing zero trust security. Zero-trust security increases security by monitoring all data communications based on the concept of doubting and trusting everything, and allowing strict authentication and minimal access to access requestors. Therefore, this paper introduces a zero trust security solution that strengthens the existing security system and presents the direction and validity that companies should introduce.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.51-57
• /
• 2022

Recently, the concept of zero trust has been introduced, and it is necessary to strengthen the security elements required for the next-generation security control system. Also, the security paradigm in the era of the 4th industrial revolution is changing. Cloud computing and the cybersecurity problems caused by the dramatic changes in the work environment due to the corona 19 virus continue to occur. And at the same time, new cyber attack techniques are becoming more intelligent and advanced, so a future security control system is needed to strengthen security. Based on the core concept of doubting and trusting everything, Zero Trust Security increases security by monitoring all communications and allowing strict authentication and minimal access rights for access requesters. In this paper, we propose a security enhancement plan in the security control field through a zero trust security model that can understand the problems of the existing security control system and solve them.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.464-466
• /
• 2021

Currently, most companies have security solutions such as firewalls or WAF (Web Application Firewall) for web services, cloud systems, and data centers. Recently, as the need for remote access increases, the task of overcoming the security vulnerabilities of remote access control is becoming more important. In this paper, the concept of the network security model from the perspective of zero trust and the strategy and security system using it will be reviewed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.9
• /
• pp.2529-2549
• /
• 2023

For effectively lowering down the risk of cyber threating, the zero-trust architecture (ZTA) has been gradually deployed to the fields of smart city, Internet of Things, and cloud computing. The main concept of ZTA is to maintain a distrustful attitude towards all devices, identities, and communication requests, which only offering the minimum access and validity. Unfortunately, adopting the most secure and complex multifactor authentication has brought enterprise and employee a troublesome and unfriendly burden. Thus, authors aim to incorporate machine learning technology to build an employee behavior analysis ZTA. The new framework is characterized by the ability of adjusting the difficulty of identity verification through the user behavioral patterns and the risk degree of the resource. In particular, three key factors, including one-time password, face feature, and authorization code, have been applied to design the adaptive multifactor continuous authentication system. Simulations have demonstrated that the new work can eliminate the necessity of maintaining a heavy authentication and ensure an employee-friendly experience.