A Zero-Trust Iot Security Architecture for Defence and Public Security Systems

Abstract
The expanding use of Internet of Things (IoT) technologies in defence and public security systems has increased reliance on distributed sensing, edge processing, and real-time decision-support infrastructures. However, many deployments still depend on perimeter-based security models that may be misaligned with evolving cyber-physical threats such as lateral movement, insider compromise, and unauthorized device access. Once a network boundary is bypassed, traditional architectures often provide limited mechanisms for constraining internal propagation or enabling compartmentalized recovery. Although Zero-Trust principles have gained attention in enterprise and cloud environments, their structured adaptation to mission-critical defence IoT ecosystems remains underexplored. This study proposes a defence-oriented, layered Zero-Trust IoT architecture incorporating continuous authentication, identity-aware access control, least-privilege enforcement, and logical micro-segmentation across sensor, edge, network, and command layers. A scenario-based comparative assessment framework with a rubric-driven aggregation model is used to evaluate the design against conventional architectures under representative threat scenarios. Results indicate a model-derived reduction of approximately 65% in architectural exposure, particularly in lateral movement and unauthorized access scenarios. These findings represent architecture-level insights based on defined assumptions rather than empirical measurements, highlighting the role of Zero-Trust in improving containment and reducing implicit trust relationships.
© 2026 Aswin KARKADAKATTIL, published by Nicolae Balcescu Land Forces Academy
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License.