The rapid proliferation of Internet of Things (IoT) devices has introduced critical security challenges stemming from device heterogeneity, limited native safeguards, and expanded attack surfaces. Traditional perimeter-based security models are increasingly ineffective against modern threats, particularly lateral movement and insider attacks. This paper presents the design, implementation, and evaluation of a light-weight Zero Trust Architecture for IoT (ZT-IoT) that enforces continuous authentication, context-aware access control, and behavioral anomaly detection. Unlike prior ZTA frameworks that incur high computational costs or depend on blockchain consensus mechanisms, ZT-IoT is optimized for resource-constrained environments through mutual TLS, adaptive micro-segmentation, and telemetry-driven enforcement. A hybrid evaluation—combining simulated cyberattack scenarios with real-world IoT testbeds—demonstrates that ZT-IoT reduces unauthorized access attempts by 95%, completely prevents insider privilege escalation, detects lateral threats in under three minutes, and blocks all data tampering and replay attacks. Moreover, large-scale simulations with 1,000 heterogeneous nodes confirmed its scalability, maintaining detection times under three minutes with less than 12% RAM overhead. These findings validate ZT-IoT as a practical, scalable, and energy-efficient security paradigm, positioning it for deployment in critical domains such as smart cities, industrial IoT, and remote healthcare systems.
Hani Al‐Balasmeh (Sun,) studied this question.