Privacy-Preserving Zero Trust: Federated Learning for Behavioral Biometrics in Regulated Industries
Center for Cybersecurity, University of Tampa, 401 W Kennedy Blvd, Tampa, FL, United States.
Review Article
World Journal of Advanced Research and Reviews, 2023, 20(02), 1610-1643
Article DOI: 10.30574/wjarr.2023.20.2.2219
Publication history:
Received on 21 September 2023; revised on 21 November 2023; accepted on 28 November 2023
Abstract:
Zero Trust Architecture (ZTA) integration with Federated Learning (FL) is a game changer in authentication systems of controlled industries. This study hypothesizes the privacy saving model based on a framework that integrates behavioral biometrics with decentralized machine learning to allow continuous user authentication without accessing sensitive data. The suggested system will utilize hybrid Convolutional Neural Network-Recurrent Neural Network (CNN-RNN) models in a federated learning setup to involve spatio-temporal trends in user behavior whilst data localization on edge devices. The outcomes of the experiment show that the accuracy rates are over 92% when it comes to identifying a user in a variety of behavioral modalities, such as the keystroke dynamics and the patterns of mouse movement. The framework is used to eliminate centralized data storage vulnerabilities that can lead to critical privacy requirements in the healthcare, financial services, and government sectors. Differential privacy mechanisms both guarantee that sensitive information is not leaked when updating the model and also guard against inference attacks with the help of secure aggregation protocols. The overhead reduction in performance measures is found to be 27% versus the traditional centralized methods. The Zero Trust model confirms user identity by behavioral signature continually giving adaptive risk scoring to access control decisions. This piece of work adds new elements of architecture combining policy enforcement points with federated aggregators and blockchain-generated audit trails. The system ensures compliance with the General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA) by implementing the principle of data minimum and clear processing. The viability of the framework to be deployed in the production with latency under 150ms to make authentication decisions is validated empirically in three regulated industry settings.
Keywords:
Zero Trust Architecture; Federated Learning; Behavioral Biometrics; Privacy Preservation; Continuous Authentication; Hybrid Neural Networks; Differential Privacy; Edge Computing; Decentralized Machine Learning
Full text article in PDF:
Copyright information:
Copyright © 2023 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0