Zero Trust Real-Time Lightweight Access Control Protocol for Mobile Cloud-Based IoT Sensors

In IoT, smart sensors enable data collection, real-time monitoring, decision-making, and automation, but their proliferation exposes them to cybersecurity threats. Zero Trust Architecture enhances IoT security by challenging conventional trust models and emphasizing continuous trust verification in the overall \$875.0 billion IoT market projected by 2025. This paper presents a new zero-trust real-time lightweight access control protocol for Cloud-centric dynamic IoT sensor networks. This protocol empowers data owners, referred to as sensor coordinators, to define intricate access policies, blending recipient identifiers and data-related attributes for data encryption. Additionally, the protocol incorporates efficient cryptographic primitives, eliminating the need for reliance on a trusted party. Furthermore, it ensures real-time data access while preserving data confidentiality and user privacy through seamless data upload to the cloud and the offloading of computationally intensive tasks from resource-constrained data owners and sensors. The protocol utilizes Merkle Trees for lightweight, ongoing trust measurement of sensors, ensuring efficient trust assessment by sensor coordinators. Simultaneously, the cloud conducts thorough trust evaluations for network entities including users. Comprehensive security analysis and performance evaluation highlight the protocol's effectiveness in tackling the multifaceted security challenges of IoT ecosystems while ensuring scalability and high availability.