A PERFORMANCE-OPTIMIZED ZERO TRUST ARCHITECTURE FOR SECURING MICROSERVICES APIS
DOI:
https://doi.org/10.34218/IJCET_16_03_014Keywords:
AI-Driven Cybersecurity, API Authentication, Cloud-Native Security, Dynamic Policy Enforcement, Kubernetes Security, Microservices Security, Mutual TLS (mTLS), Service Mesh Security, Token-Less AuthenticationAbstract
Microservices-based architectures have become increasingly prevalent due to their inherent scalability, modularity, and agility. However, their distributed nature introduces significant security challenges, as traditional API security mechanisms — such as OAuth 2.0, JWT, and API gateways — largely rely on static authentication methods. These conventional approaches, while effective to an extent, contribute to performance overhead and often fail to keep pace with evolving cyber threats. Zero Trust Architecture (ZTA) offers a promising alternative by enforcing strict authentication and authorization for every API request. Yet, existing implementations of ZTA can degrade API performance due to the frequent execution of authentication procedures and complex policy validations. In this paper, we propose a performance-optimized Zero Trust API security model specifically tailored for microservices environments. Our approach integrates a lightweight, token-less authentication mechanism, an optimized mutual TLS (mTLS) protocol, and dynamic policy enforcement embedded within Kubernetes-based service meshes. This model aims to enhance both security and performance, ensuring efficient and scalable microservices operations.
References
Gaurav Mehta and Vivekananda Jayaram, "Emerging Cybersecurity Architectures and Methodologies for Modern Threat Landscapes," Int. J. Comput. Sci. Inf. Technol. Res. (IJCSITR), vol. 5, no. 4, pp. 28–40, 2024, doi: 10.5281/zenodo.14275106.
R. Chandramouli and S. Rose, "Zero Trust Architecture," National Institute of Standards and Technology (NIST), Special Publication 800-207, 2020. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-207
Y. Alshammari and A. Simpson, "Towards a Zero Trust Architecture for Secure Microservices," in Proceedings of the 16th IEEE International Conference on Cloud Computing (CLOUD), 2022, pp. 234-245.
M. Fowler and J. Lewis, "Microservices: A Definition of This New Architectural Term," ThoughtWorks, 2014. [Online]. Available: https://martinfowler.com/articles/microservices.html
D. Hardt, "The OAuth 2.0 Authorization Framework," Internet Engineering Task Force (IETF), RFC 6749, 2012. [Online]. Available: https://tools.ietf.org/html/rfc6749
M. Jones, "JSON Web Token (JWT) Profile for OAuth 2.0," Internet Engineering Task Force (IETF), RFC 7523, 2015. [Online]. Available: https://tools.ietf.org/html/rfc7523
L. Xu, T. Wang, and J. Zhang, "Security and Performance Analysis of Mutual TLS in Microservices," in IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 3, pp. 612-625, 2022.
A. Bhardwaj, K. Stouffer, and C. McCallister, "Service Mesh Security: Mutual TLS and Policy-Based Enforcement," in Proceedings of the IEEE Symposium on Security and Privacy, 2023, pp. 89-103.
R. McAfee and J. Burke, "Scaling Kubernetes Security Policies in Cloud-Native Environments," in ACM Transactions on Cloud Computing, vol. 10, no. 2, pp. 201-225, 2022.
K. Tsai and P. Yu, "Dynamic Security Policy Enforcement in Microservices-Based Kubernetes Environments," in Proceedings of the 2023 IEEE International Conference on Cybersecurity and Resilience (ICCR), pp. 135-147.
S. Sahni and B. Zhao, "AI-Driven Threat Detection in Zero Trust Microservices," in Proceedings of the IEEE International Conference on Machine Learning and Security (MLS), 2022, pp. 317-329.
T. Anderson, "Lightweight Cryptographic Solutions for API Authentication in Microservices," in Journal of Cybersecurity Engineering, vol. 6, no. 1, pp. 89-104, 2023.
N. Ferguson and B. Schneier, "Practical Cryptography," Wiley, 2003.
L. Gomes et al., "Multi-Cloud Zero Trust Security Framework for Microservices," in Proceedings of the 2022 IEEE International Conference on Cloud Security (ICCS), pp. 287-299.
C. Evans and J. Larimer, "Post-Quantum Cryptography in Cloud-Native Applications," in Proceedings of the ACM Cloud Computing Security Workshop (CCSW), 2023, pp. 41-55.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Muzeeb Mohammad (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
