Efficient Implementation of Entity On-Boarding and Authentication in Zero-Trust Systems

The zero-trust security model enhances enterprise security through proactive and real-time security strategies. It assumes that no entities within or outside the network are inherently trustworthy. Therefore, the authentication of users is given strong importance in a zero-trust system, such that, only authenticated entities can be allowed access to any of the resources of a zero-trust system. Very often, during the authentication process, verification of the digital certificates of the entities is considered indispensable. In this paper, we illustrate how the entities are registered and on-boarded into a zero-trust system using an integrated approach by the Public Key Infrastructure (PKI) and Identity and Access Management System (IAMS). The IAMS in a zero trust system can maintain the user attributes and credentials to offload some of the activities of registration authority in the PKI. We emphasize the generation of a digital certificate for the user during the registration process. Therefore, we have demonstrated the simple steps for building a Certificate Authority (CA) of the PKI of zero trust system using the Open Source Secure Sockets Layer (OpenSSL) tool, which generates the digital certificate for valid users/devices during the registration or entity onboarding. Besides, we demonstrate the authentication based on the digital certificate in the zero trust system by the Policy Enforcement Point (PEP) using its IAMS and authentication server. We show here the effectiveness of a coordinated and integrated PKI, AIMS, and PEP in user/entity onboarding, digital certificate generation, and authentication for a zero-trust system.