{"id":"https://openalex.org/W4415727708","doi":"https://doi.org/10.1016/j.future.2025.108227","title":"Zero-trust token authorization with trapdoor hashes for scalable distributed firewalls","display_name":"Zero-trust token authorization with trapdoor hashes for scalable distributed firewalls","publication_year":2025,"publication_date":"2025-10-31","ids":{"openalex":"https://openalex.org/W4415727708","doi":"https://doi.org/10.1016/j.future.2025.108227"},"language":"en","primary_location":{"id":"doi:10.1016/j.future.2025.108227","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.future.2025.108227","pdf_url":null,"source":{"id":"https://openalex.org/S186357190","display_name":"Future Generation Computer Systems","issn_l":"0167-739X","issn":["0167-739X","1872-7115"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Future Generation Computer Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1016/j.future.2025.108227","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5042030511","display_name":"Daniel D\u00edaz-S\u00e1nchez","orcid":"https://orcid.org/0000-0002-3323-6453"},"institutions":[{"id":"https://openalex.org/I50357001","display_name":"Universidad Carlos III de Madrid","ror":"https://ror.org/03ths8210","country_code":"ES","type":"education","lineage":["https://openalex.org/I50357001"]}],"countries":["ES"],"is_corresponding":true,"raw_author_name":"Dr. Daniel D\u00edaz-S\u00e1nchez","raw_affiliation_strings":["Department of Telematic Engineering, Carlos 3rd University of Madrid, 30, Avda. de la Universidad, Legan\u00e9s, 28911, Madrid, Spain"],"raw_orcid":"https://orcid.org/0000-0002-3323-6453","affiliations":[{"raw_affiliation_string":"Department of Telematic Engineering, Carlos 3rd University of Madrid, 30, Avda. de la Universidad, Legan\u00e9s, 28911, Madrid, Spain","institution_ids":["https://openalex.org/I50357001"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034900252","display_name":"Florina Almen\u00e1rez","orcid":"https://orcid.org/0000-0002-5232-2031"},"institutions":[{"id":"https://openalex.org/I50357001","display_name":"Universidad Carlos III de Madrid","ror":"https://ror.org/03ths8210","country_code":"ES","type":"education","lineage":["https://openalex.org/I50357001"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Dr. Florina Almenarez-Mendoza","raw_affiliation_strings":["Department of Telematic Engineering, Carlos 3rd University of Madrid, 30, Avda. de la Universidad, Legan\u00e9s, 28911, Madrid, Spain"],"raw_orcid":"https://orcid.org/0000-0002-5232-2031","affiliations":[{"raw_affiliation_string":"Department of Telematic Engineering, Carlos 3rd University of Madrid, 30, Avda. de la Universidad, Legan\u00e9s, 28911, Madrid, Spain","institution_ids":["https://openalex.org/I50357001"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021832848","display_name":"Celeste Campo","orcid":"https://orcid.org/0000-0003-1788-890X"},"institutions":[{"id":"https://openalex.org/I50357001","display_name":"Universidad Carlos III de Madrid","ror":"https://ror.org/03ths8210","country_code":"ES","type":"education","lineage":["https://openalex.org/I50357001"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Dr. Celeste Campo-V\u00e1zquez","raw_affiliation_strings":["Department of Telematic Engineering, Carlos 3rd University of Madrid, 30, Avda. de la Universidad, Legan\u00e9s, 28911, Madrid, Spain"],"raw_orcid":"https://orcid.org/0000-0003-1788-890X","affiliations":[{"raw_affiliation_string":"Department of Telematic Engineering, Carlos 3rd University of Madrid, 30, Avda. de la Universidad, Legan\u00e9s, 28911, Madrid, Spain","institution_ids":["https://openalex.org/I50357001"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5089344826","display_name":"Carlos Garc\u00eda-Rubio","orcid":"https://orcid.org/0000-0002-4635-722X"},"institutions":[{"id":"https://openalex.org/I50357001","display_name":"Universidad Carlos III de Madrid","ror":"https://ror.org/03ths8210","country_code":"ES","type":"education","lineage":["https://openalex.org/I50357001"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Dr. Carlos Garc\u00eda-Rubio","raw_affiliation_strings":["Department of Telematic Engineering, Carlos 3rd University of Madrid, 30, Avda. de la Universidad, Legan\u00e9s, 28911, Madrid, Spain"],"raw_orcid":"https://orcid.org/0000-0002-4635-722X","affiliations":[{"raw_affiliation_string":"Department of Telematic Engineering, Carlos 3rd University of Madrid, 30, Avda. de la Universidad, Legan\u00e9s, 28911, Madrid, Spain","institution_ids":["https://openalex.org/I50357001"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5042030511"],"corresponding_institution_ids":["https://openalex.org/I50357001"],"apc_list":{"value":3340,"currency":"USD","value_usd":3340},"apc_paid":{"value":3340,"currency":"USD","value_usd":3340},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.33131105,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"176","issue":null,"first_page":"108227","last_page":"108227"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.7077999711036682,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.7077999711036682,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.05249999836087227,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.030799999833106995,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.6945000290870667},{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.6273999810218811},{"id":"https://openalex.org/keywords/hash-function","display_name":"Hash function","score":0.6031000018119812},{"id":"https://openalex.org/keywords/verifiable-secret-sharing","display_name":"Verifiable secret sharing","score":0.4918999969959259},{"id":"https://openalex.org/keywords/testbed","display_name":"Testbed","score":0.49140000343322754},{"id":"https://openalex.org/keywords/interoperability","display_name":"Interoperability","score":0.4472000002861023},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.4246000051498413},{"id":"https://openalex.org/keywords/single-point-of-failure","display_name":"Single point of failure","score":0.40290001034736633},{"id":"https://openalex.org/keywords/distributed-hash-table","display_name":"Distributed hash table","score":0.3718999922275543}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.9114000201225281},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.6945000290870667},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.6273999810218811},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.6031000018119812},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5497999787330627},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5439000129699707},{"id":"https://openalex.org/C85847156","wikidata":"https://www.wikidata.org/wiki/Q59015987","display_name":"Verifiable secret sharing","level":3,"score":0.4918999969959259},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.49140000343322754},{"id":"https://openalex.org/C20136886","wikidata":"https://www.wikidata.org/wiki/Q749647","display_name":"Interoperability","level":2,"score":0.4472000002861023},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4246000051498413},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.4108000099658966},{"id":"https://openalex.org/C165136773","wikidata":"https://www.wikidata.org/wiki/Q1363179","display_name":"Single point of failure","level":2,"score":0.40290001034736633},{"id":"https://openalex.org/C2780224649","wikidata":"https://www.wikidata.org/wiki/Q863506","display_name":"Distributed hash table","level":3,"score":0.3718999922275543},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3562999963760376},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.32339999079704285},{"id":"https://openalex.org/C130795937","wikidata":"https://www.wikidata.org/wiki/Q2561570","display_name":"Remote direct memory access","level":2,"score":0.31540000438690186},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.3125},{"id":"https://openalex.org/C44209976","wikidata":"https://www.wikidata.org/wiki/Q1327773","display_name":"Non-repudiation","level":3,"score":0.30230000615119934},{"id":"https://openalex.org/C86532276","wikidata":"https://www.wikidata.org/wiki/Q1184065","display_name":"Delegation","level":2,"score":0.2996000051498413},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.295199990272522},{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.2809000015258789},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.2761000096797943},{"id":"https://openalex.org/C67388219","wikidata":"https://www.wikidata.org/wiki/Q207440","display_name":"Hash table","level":3,"score":0.2759000062942505},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.2703000009059906},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.2687000036239624},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.2669999897480011},{"id":"https://openalex.org/C141492731","wikidata":"https://www.wikidata.org/wiki/Q1052621","display_name":"Message authentication code","level":3,"score":0.26019999384880066},{"id":"https://openalex.org/C2779136372","wikidata":"https://www.wikidata.org/wiki/Q10283002","display_name":"Information flow","level":2,"score":0.2578999996185303}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1016/j.future.2025.108227","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.future.2025.108227","pdf_url":null,"source":{"id":"https://openalex.org/S186357190","display_name":"Future Generation Computer Systems","issn_l":"0167-739X","issn":["0167-739X","1872-7115"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Future Generation Computer Systems","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1016/j.future.2025.108227","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.future.2025.108227","pdf_url":null,"source":{"id":"https://openalex.org/S186357190","display_name":"Future Generation Computer Systems","issn_l":"0167-739X","issn":["0167-739X","1872-7115"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Future Generation Computer Systems","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1070304201","display_name":null,"funder_award_id":"TEC2024-COM504","funder_id":"https://openalex.org/F4320313831","funder_display_name":"Comunidad de Madrid"}],"funders":[{"id":"https://openalex.org/F4320313831","display_name":"Comunidad de Madrid","ror":null},{"id":"https://openalex.org/F4320321595","display_name":"Federaci\u00f3n Espa\u00f1ola de Enfermedades Raras","ror":"https://ror.org/0348bpk17"},{"id":"https://openalex.org/F4320327970","display_name":"Instituto Nacional de Ciberseguridad","ror":null},{"id":"https://openalex.org/F4320335598","display_name":"Agencia Estatal de Investigaci\u00f3n","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W2003544295","https://openalex.org/W2061197573","https://openalex.org/W2104927807","https://openalex.org/W2108834246","https://openalex.org/W2733765803","https://openalex.org/W2794784663","https://openalex.org/W2901051910","https://openalex.org/W2940623000","https://openalex.org/W2942655651","https://openalex.org/W2976189582","https://openalex.org/W3042975022","https://openalex.org/W3161076753","https://openalex.org/W3207050365","https://openalex.org/W4379880134","https://openalex.org/W4385780104","https://openalex.org/W4386920569","https://openalex.org/W4391649861","https://openalex.org/W4396620995","https://openalex.org/W4399744879","https://openalex.org/W4412605994"],"related_works":[],"abstract_inverted_index":{"Massive":[0],"Internet":[1],"of":[2,127,139,145,157,200],"Things":[3],"(IoT)":[4],"deployments":[5],"expose":[6],"networks":[7],"to":[8,33,183],"severe":[9],"risks,":[10],"as":[11],"a":[12,49,57,63,70,120,132,178],"single":[13],"compromised":[14],"device":[15],"can":[16],"facilitate":[17],"lateral":[18,187],"movements":[19],"across":[20,35],"the":[21,82,100,125,155,191,197],"entire":[22],"infrastructure.":[23],"Traditional":[24],"firewalls,":[25],"based":[26,77],"on":[27,78],"static":[28],"rules,":[29],"are":[30,75,84],"fragile,":[31],"difficult":[32],"synchronize":[34],"domains,":[36],"and":[37,65,81,96,113,134,159,171,186,189],"poorly":[38],"suited":[39],"for":[40,93,193],"Zero":[41,179],"Trust":[42,180],"principles.":[43],"In":[44],"this":[45,128],"work,":[46],"we":[47,107],"propose":[48],"scalable":[50],"authorization":[51,130],"architecture":[52],"where":[53],"each":[54],"flow":[55],"carries":[56],"cryptographically":[58],"protected":[59],"token":[60],"that":[61,124,138],"incorporates":[62],"signed":[64],"immutable":[66],"policy,":[67],"verifiable":[68],"in":[69,119],"non-interactive":[71],"manner.":[72],"The":[73,116,175],"tokens":[74],"issued":[76],"attestation":[79],"evidence,":[80],"messages":[83],"reinforced":[85],"using":[86],"trapdoor":[87],"chameleon":[88],"hashes":[89],",":[90],"which":[91],"allows":[92],"flexible":[94],"delegation":[95],"transferability":[97],"without":[98],"invalidating":[99],"original":[101],"policy.":[102],"Through":[103],"key":[104],"aggregation":[105],"techniques,":[106],"enable":[108],"collaborative":[109],"issuance,":[110],"optional":[111],"anonymity,":[112],"multi-party":[114],"governance.":[115],"experimental":[117],"evaluation":[118],"real":[121],"testbed":[122],"demonstrates":[123],"verification":[126],"embedded":[129],"incurs":[131],"fixed":[133],"predictable":[135],"cost\u2014higher":[136],"than":[137],"rule":[140,148,162],"lookups,":[141],"but":[142],"constant":[143],"regardless":[144],"network":[146],"size,":[147],"growth,":[149],"or":[150],"concurrency.":[151],"This":[152],"balance":[153],"eliminates":[154],"burden":[156],"distributing":[158],"maintaining":[160],"large":[161],"tables":[163],"while":[164],"ensuring":[165],"granular":[166],"per-flow":[167],"authorization,":[168],"privacy":[169],"preservation,":[170],"interoperability":[172],"between":[173],"providers.":[174],"proposal":[176],"materializes":[177],"model":[181],"resistant":[182],"impersonation,":[184],"replay,":[185],"attacks,":[188],"lays":[190],"groundwork":[192],"future":[194],"optimizations":[195],"through":[196],"progressive":[198],"incorporation":[199],"post-quantum":[201],"primitives.":[202]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-31T00:00:00"}