Zero Trust Network Access (ZTNA) is a key model for securing distributed systems, but traditional implementations rely on proxies or gateways to mediate traffic. While effective for enterprise use, this approach adds latency, complexity, and lacks compatibility with constrained or intermittently connected devices, limiting its suitability for IoT and edge computing. This paper presents a proxyless ZTNA architecture designed for such environments, where a centralized Zero Trust Authority (ZTA) issues short-lived, signed HTTP session cookies after authentication and policy checks. These tokens are transmitted via standard headers and presented directly to protected services, which validate them without inline intermediaries. This design enforces Zero Trust principles while enabling secure, low-latency communication across heterogeneous edge nodes, reducing infrastructure overhead and supporting devices unsuited to proxy-based or service mesh architectures. The proposed architecture reduces latency and accelerates session recovery compared to proxy-based ZTNA, enabling secure deployment in heterogeneous edge and IoT environments.
Proxyless Zero Trust for Edge and IoT: Decoupling Control and Data Paths
Zingirian, Nicola
Writing – Original Draft Preparation
2025
Abstract
Zero Trust Network Access (ZTNA) is a key model for securing distributed systems, but traditional implementations rely on proxies or gateways to mediate traffic. While effective for enterprise use, this approach adds latency, complexity, and lacks compatibility with constrained or intermittently connected devices, limiting its suitability for IoT and edge computing. This paper presents a proxyless ZTNA architecture designed for such environments, where a centralized Zero Trust Authority (ZTA) issues short-lived, signed HTTP session cookies after authentication and policy checks. These tokens are transmitted via standard headers and presented directly to protected services, which validate them without inline intermediaries. This design enforces Zero Trust principles while enabling secure, low-latency communication across heterogeneous edge nodes, reducing infrastructure overhead and supporting devices unsuited to proxy-based or service mesh architectures. The proposed architecture reduces latency and accelerates session recovery compared to proxy-based ZTNA, enabling secure deployment in heterogeneous edge and IoT environments.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
