Privacy-preserving authentication scheme based on zero trust architecture

Zero trust architecture is an end-to-end approach for server resources and data security which contains identity authentication, access control, dynamic evaluation, and so on. This work focuses on authentication technology in the zero trust network. In this paper, a Traceable Universal Designated Verifier Signature (TUDVS) is used to construct a privacy-preserving authentication scheme for zero trust architecture. Specifically, when a client requests access to server resources, we want to protect the client's access privacy which means that the server administrator cannot disclose the client's access behavior to any third party. In addition, the security of the proposed scheme is proved and its efficiency is analyzed. Finally, TUDVS is applied to the single packet authorization scenario of the zero trust architecture to prove the practicability of the proposed scheme.