Highest Voted 'zero-trust' Questions - IT Security Stack Exchange

5

votes

1 answer

Zero trust across micro-services using JWT

I am planning to implement JWT authentication on my micro-services to achieve zero trust architecture. User will generate a JWT token through front end micro-service. Each subsequent request will contain this JWT which will be forwarded to backend…

jwt zero-trust

asked Dec 10 '19 at 15:23

Saqib

151
4

4

votes

1 answer

How to validate client side safety in a Zero Knowlegde model

What is sometimes called Zero Knowledge, sometimes end to end encryption occurs when a server only processes ciphered data (at least for sensitive data) with a result where a compromise of this server does not threat the confidentiality of the…

client-side code-signing end-to-end-encryption zero-trust

asked Jul 21 '20 at 13:00

Sibwara

1,316
7
19

2

votes

1 answer

Is uncompromisable obfuscated x86-64 execution possible?

I have a problem which has several layers; Provide a distributed computing plane where actors can voluntarily add and remove computing resources from, the actors are untrusted by default, and thus their resources too. Actor A wants to run…

virtualization trust container zero-trust

asked Jun 02 '20 at 12:21

Shadowjonathan

123
4

2

votes

1 answer

Where custom auth source code fits into the micro-segmentation, zero-trust architecture

So micro-segmentation seems a bit of a buzz-word, but it helps in painting the picture of how to better do security in a network. Basically from what I understand divide the network into a bunch of small chunks, and at every connection point do some…

authentication network authorization zero-trust

asked Jan 01 '19 at 17:51

Lance

588
5
16

2

votes

2 answers

storing user's information without been able to access it

For a university project of mine I am making a password manager online and I want to be able to store user's passwords on my server without being able to access it myself. Here is what I intend to do: encrypt users' passwords with RSA…

encryption password-management user-management zero-trust

asked Sep 26 '16 at 13:40

melanholly

168
5

1

vote

0 answers

Zero-Trust alternative to google sign-in, is this a feasable design?

I was thinking about zero-trust systems over the last few weeks and it seems like there are many things that could be implemented that way. With password managers being one of those things, I was curious about designing something like google sign-in…

authentication account-security oauth2 internet zero-trust

asked Dec 30 '20 at 03:09

Gamer2015

707
4
12

1

vote

0 answers

Verify Encryption Key with Non-Interactive Zero-Knowledge Proof

I wrote an implementation of a non-interactive zero-knowledge proof system as outline in this research paper. As far as I can tell, it functions flawlessly as intended with text secrets such as authentication passwords. # USER REGISTRATION: #…

encryption zero-trust

asked Jan 02 '20 at 01:14

Goodies

135
1
8

1

vote

1 answer

Is the zero trust approach really so safe?

Recently, I see so many emerging vendors that are advertising their use of zero-trust. What potential risks are we exposed to if we shift to zero-trust in our bank?

banks trust threat-modeling zero-trust

asked Feb 27 '19 at 06:50

Filipon

1,204
10
22

1

vote

0 answers

What is the current status of the zero trust model?

I read of the apprarently ambitious goals of the "zero trust model". Has it found success in practice or encountered problems? A link that may be useful is:…

zero-trust

asked Aug 19 '16 at 16:25

Mok-Kong Shen

1,199
1
10
14

0

votes

1 answer

Is there a viable zero-knowledge approach for using oAuth to generate and manage private keys?

I've been doing a deep dive into how products like Web3Auth work under the hood and wonder if this is a viable approach to building applications where a user can have the convenience of using oAuth to generate and manage a private key. Additionally…

key-management oauth2 key-generation secret-sharing zero-trust

asked Aug 18 '22 at 14:33

user3458571

1

0

votes

1 answer

Trustless Application Architecture for end-users with secure enclaves

I am working on a project where I want to store end-user private data, but immediately this brings up the trust question of why a user would trust me to hold their data. I don't actually want to hold their data, but rather run an analysis on it and…

databases confidentiality zero-trust

asked May 25 '22 at 20:24

vin42tau

1

0

votes

0 answers

Libraries or boilerplates providing fundamentals for Public-key generation and encryption of client data?

This may be more suitable for StackOverflow in terms of a recommendation for a library or implementation, but security-related questions are often overlooked or misinterpreted. I'd like to first understand whether the proposed mechanism is an apt…

public-key-infrastructure javascript asymmetric zero-trust

asked Feb 08 '21 at 17:10

Charles

1
1

0

votes

1 answer

Google approach to device security (BeyondCorp): managed devices and inference engine

I'm reading the BeyondCorp papers and trying to get a very high level idea of how it could be implemented by a small to medium organisation, rather than a behemoth like Google. What kind of software would a managed device require? I assume that not…

authentication authorization trust exfiltration zero-trust

asked Jan 30 '20 at 14:43

Augusto

398
1
11

0

votes

1 answer

How can I securely generate secret-sharing/multisig keys on a p2p network?

I am trying to create a peer-to-peer escrow system. I need to encrypt the private key of a wallet with a 2-of-3 secret-sharing function - the buyer, seller, and arbitrator will each have have one key. The problem lies in the generation of secret…

multi-factor secret-sharing p2p financial zero-trust

asked Dec 16 '19 at 05:48

36bitavi

1

Questions tagged [zero-trust]