Token as a Service for Software-Defined Zero Trust Networking

Zero Trust Networking (ZTN) is more challenging in a multi-tenant environment. To meet different service requirements of multi-tenants and minimize the risk of physical deployment with low operational and capital expenditures, investments in Software-Defined Networks (SDN) based ZTN have been increased. The research question is whether is there any SDN-based architecture to maintain a trusted zone in a complex multi-tenant environment, where each network equipment can be dynamically configurable by many SDN controllers in a distributed way without security breach. Therefore, this paper proposes a novel Software-Defined Zero Trust Networking (SDZTN) decoupling Cyber and Physical layers. To maintain a trusted zone, it proposes a novel Token as a Service (TaaS) that executes genetic algorithm-based service optimization and generates unique tokens by its solution and using a simply implemented JSON Web Token (JWT). It reduces authentication/authorization load in cloud servers by simplifying and distributing databases in each OpenFlow switch. According to the proposed Zero Trust Evaluation (ZTE) metric considering the token similarity and infection probability, SDZTN results in 25% higher trust than the conventional one. It also overcomes several infection attacks which have the potential to revolutionize token management systems by providing decentralized, easily implementable, and trusted solutions.