In today's world, industries are constantly integrating new technologies to improve workplace flexibility and customer service. However, this also creates a broader attack surface for attackers, making it easier for them to identify weaknesses and exploit them, leading to security lapses that cost businesses both money and goodwill. To address this issue, information technology security professionals have developed the Zero Trust framework. This framework focuses on carefully examining each and every attempt made to access the resources, restricting access only to those authorized individuals and providing them with minimum privileges to accomplish their specific tasks successfully. The underlying concept behind this approach is that businesses should not naively trust anything or anyone, whether inside or outside their boundaries without verification. In this thesis, we examine the effectiveness of the currently available Zero Trust frameworks and multifactor authentication techniques for improving information technology security and to overcome the limitations of current authentication systems to safeguard businesses against cyberattacks. This thesis provides a realistic Zero Trust Framework that combines Zero Trust principles with multifactor authentication techniques to enhance security. Unlike most existing research works, this thesis goes beyond theoretical proposals by providing an actual implementation and comprehensive guidelines for organizations looking to adopt Zero Trust. The security of the framework was further scrutinized through a security analysis, which involved assessing the system's security through practical testing, examination of potential attack vectors such as sniffing and password compromise, and evaluating the system's resilience against these threats, which is attributed to the combination of diverse security practices that is being discussed in detail in this thesis. In addition to evaluating the security effectiveness of the proposed Zero Trust framework, the thesis also delves into analyzing its performance efficiency and user satisfaction. While robust security measures are crucial, it is equally important to ensure that users are not inconvenienced by complex or time-consuming authentication processes. The analysis of performance efficiency and user satisfaction provides valuable insights into how the proposed framework achieves this balance, enhancing security while maintaining a positive user experience.
Library of Congress Subject Headings
Computer systems--Access control; Computer security; Computer crimes--Prevention
Computing Security (MS)
Khalil Al Husseini
Alappat, Mathews Rajan, "Multifactor Authentication Using Zero Trust" (2023). Thesis. Rochester Institute of Technology. Accessed from