{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T06:07:32Z","timestamp":1773036452886,"version":"3.50.1"},"reference-count":57,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T00:00:00Z","timestamp":1772668800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Biomedical Sensors & Systems Lab, University of Memphis, Memphis, TN 38152, USA","award":["1-22-2026"],"award-info":[{"award-number":["1-22-2026"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"Organizations usually rely on stringent access control mechanisms where access policies are an important asset. Their storage or transmission in plaintext can compromise sensitive access rules. It is important in dynamic environments where access decisions are made in real time such as Zero Trust (ZT). Existing ZT approaches were found to oversee the aspect of securing these policies. This investigation presents a Multi-layer Access Policy Encryption System for ZT systems (MAPE-ZT). The first stage uses the trapdoor index to generate a secure index to find the applicable access policies. Advanced Encryption Standard-256 is used in counter mode for the encryption of the policies. They are re-encrypted using the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to allow decryption based on a matching set of attributes. Various experiments using quantitative metrics, including comparison with baseline access control systems simulation, scalability evaluation, storage overhead, etc., highlight the efficacy of the MAPE-ZT and establish new benchmarks. The result count entropy for the policies ranged 3.84\u20134.21 for different scales of policies. The evaluation in different scales of systems shows that the MAPE-ZT reduces various observable patterns even if the deployment size grows. Its unique design of securing policies makes this approach scalable for multi-domain integration.<\/jats:p>","DOI":"10.3390\/fi18030135","type":"journal-article","created":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T14:19:21Z","timestamp":1772720361000},"page":"135","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["MAPE-ZT: A Multi-Layer Access Policy Encryption System for Zero Trust Architectures"],"prefix":"10.3390","volume":"18","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-1196-385X","authenticated-orcid":false,"given":"Ashutosh","family":"Soni","sequence":"first","affiliation":[{"name":"Biomedical Sensors & Systems Lab, University of Memphis, Memphis, TN 38152, USA"},{"name":"Department of Computer Science and Engineering, C. V. Raman Global University, Bhubaneswar 752054, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7809-2131","authenticated-orcid":false,"given":"Surendra Kumar","family":"Nanda","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, C. V. Raman Global University, Bhubaneswar 752054, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7597-131X","authenticated-orcid":false,"given":"Jayanti","family":"Rout","sequence":"additional","affiliation":[{"name":"Biomedical Sensors & Systems Lab, University of Memphis, Memphis, TN 38152, USA"},{"name":"Department of Computer Science and Engineering, C. V. Raman Global University, Bhubaneswar 752054, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-7006-4235","authenticated-orcid":false,"given":"Mrutyunjaya","family":"Sathua","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, C. V. Raman Global University, Bhubaneswar 752054, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3555-5685","authenticated-orcid":false,"given":"Ganapati","family":"Panda","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, C. V. Raman Global University, Bhubaneswar 752054, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6656-4333","authenticated-orcid":false,"given":"Manob Jyoti","family":"Saikia","sequence":"additional","affiliation":[{"name":"Biomedical Sensors & Systems Lab, University of Memphis, Memphis, TN 38152, USA"},{"name":"Electrical and Computer Engineering Department, University of Memphis, Memphis, TN 38152, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2026,3,5]]},"reference":[{"key":"ref_1","unstructured":"AAG IT Support Business Security (2025, December 03). The Latest Cyber Crime Statistics (Updated April 2025). Available online: https:\/\/aag-it.com\/the-latest-cyber-crime-statistics\/."},{"key":"ref_2","unstructured":"Cybersecurity Ventures (2025, December 05). Global Ransomware Damage Costs Predicted to Exceed $275 Billion by 2031. Available online: https:\/\/cybersecurityventures.com\/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031\/."},{"key":"ref_3","unstructured":"News, C. (2025, November 08). Why Gen Z Is Driving the Future of Cybersecurity. Available online: https:\/\/www.cbc.ca\/news\/canada\/calgary\/gen-z-cybersecurity-1.7088579."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1018","DOI":"10.3390\/jcp4040047","article-title":"Leveraging Towards Access Control, Identity Management, and Data Integrity Verification Mechanisms in Blockchain-Assisted Cloud Environments: A Comparative Study","volume":"4","author":"Das","year":"2024","journal-title":"J. Cybersecur. Priv."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"394","DOI":"10.1109\/TICPS.2023.3333850","article-title":"Cyber-Physical Zero Trust Architecture for Industrial Cyber-Physical Systems","volume":"1","author":"Feng","year":"2023","journal-title":"IEEE Trans. Ind. Cyber-Phys. Syst."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1145\/775265.775268","article-title":"Protection","volume":"8","author":"Lampson","year":"1974","journal-title":"SIGOPS Oper. Syst. Rev."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","article-title":"The protection of information in computer systems","volume":"63","author":"Saltzer","year":"1975","journal-title":"Proc. IEEE"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1109\/TR.2023.3345665","article-title":"Strategy for Implementing of Zero Trust Architecture","volume":"73","author":"Tsai","year":"2024","journal-title":"IEEE Trans. Reliab."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/JPROC.2025.3555131","article-title":"Is Trust Misplaced? A Zero-Trust Survey","volume":"113","author":"Poirrier","year":"2025","journal-title":"Proc. IEEE"},{"key":"ref_10","unstructured":"Rose, S., Connelly, O., Forrest, S.A., and Orebaugh, A. (2020). Zero Trust Architecture, National Institute of Standards and Technology. Technical Report NIST SP 800-207."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"100886","DOI":"10.1016\/j.cosrev.2025.100886","article-title":"Advanced computational models for urban traffic flow prediction: A comprehensive review and future directions","volume":"60","author":"Ali","year":"2026","journal-title":"Comput. Sci. Rev."},{"key":"ref_12","unstructured":"GDPR-Info.eu (2025, November 01). Fines\/Penalties\u2013General Data Protection Regulation (GDPR). Available online: https:\/\/gdpr-info.eu\/issues\/fines-penalties\/."},{"key":"ref_13","unstructured":"Paliwal, A. (2025, November 01). The Cost of Non-Compliance: Real-World Consequences of Ignoring Cybersecurity Regulations. Available online: https:\/\/www.secopsolution.com\/blog\/the-cost-of-non-compliance-real-world-consequences-of-ignoring-cybersecurity-regulations."},{"key":"ref_14","unstructured":"Barker, E. (2020). Recommendation for Key Management: Part 1\u2013General (Special Publication 800-57 Part 1 Rev.5), National Institute of Standards and Technology (NIST). Technical Report SP 800-57pt1r5."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Daemen, J., and Rijmen, V. (2002). The Design of Rijndael, Springer.","DOI":"10.1007\/978-3-662-04722-4"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Ghali, C., Tsudik, G., and Wood, C.A. (2017, January 26\u201328). When encryption is not enough: Privacy attacks in content-centric networking. Proceedings of the 4th ACM Conference on Information-Centric Networking, Association for Computing Machinery, New York, NY, USA. ICN \u201917.","DOI":"10.1145\/3125719.3125723"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"St\u0103nic\u0103, G.C., and Anghelescu, P. (2025). Design of a Multi-Layer Symmetric Encryption System Using Reversible Cellular Automata. Mathematics, 13.","DOI":"10.3390\/math13020304"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Jin, R., Pan, Y., Li, J., Liu, Y., Yang, D., Zhou, M., and Zhu, K. (2025). Efficient Outsourced Decryption System with Attribute-Based Encryption for Blockchain-Based Digital Asset Transactions. Symmetry, 17.","DOI":"10.3390\/sym17071133"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"103957","DOI":"10.1016\/j.csi.2024.103957","article-title":"Levelled attribute-based encryption for hierarchical access control","volume":"93","author":"Le","year":"2025","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Soni, A., Rout, J., Sathua, M., Nanda, S.K., and Priyadarshini, R. (2025, January 29\u201331). Hybrid Cryptosystem to Secure Access Policies for Zero Trust Environment. Proceedings of the 2025 International Conference on Electrical, Electronics, and Computer Science with Advance Power Technologies\u2014A Future Trends (ICE2CPT), Jamshedpur, India.","DOI":"10.1109\/ICE2CPT66440.2025.11340566"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Bansal, V. (2021, January 22\u201323). Survey on Homomorphic Encryption. Proceedings of the 2021 5th International Conference on Information Systems and Computer Networks (ISCON), Mathura, India.","DOI":"10.1109\/ISCON52037.2021.9702486"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"44","DOI":"10.3390\/jcp3010004","article-title":"Potential of homomorphic encryption for cloud computing use cases in manufacturing","volume":"3","author":"Kiesel","year":"2023","journal-title":"J. Cybersecur. Priv."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"100816","DOI":"10.1016\/j.cosrev.2025.100816","article-title":"Chaos-based video encryption techniques: A review","volume":"58","author":"Gao","year":"2025","journal-title":"Comput. Sci. Rev."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Cheng, X., Wang, H., Luo, X., Guan, Q., Ma, B., and Wang, J. (IEEE Trans. Circuits Syst. Video Technol., 2025). Re-cropping Framework: A Grid Recovery Method for Quantization Step Estimation in Non-aligned Recompressed Images, IEEE Trans. Circuits Syst. Video Technol., Early Access.","DOI":"10.1109\/TCSVT.2025.3635150"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"1087","DOI":"10.1587\/transinf.E93.D.1087","article-title":"Cryptanalysis of two MD5-based authentication protocols: APOP and NMAC","volume":"93","author":"Wang","year":"2010","journal-title":"IEICE Trans. Inf. Syst."},{"key":"ref_26","unstructured":"Awn (2025, December 09). Should We Be Using SHA3?. Available online: https:\/\/security.stackexchange.com\/questions\/152360\/should-we-be-using-sha3-2017."},{"key":"ref_27","unstructured":"Gueron, S. (2010). Intel\u00ae Advanced Encryption Standard (AES) New Instructions Set, Intel Corporation. White Paper 323641\u2013001, Revision 3.0."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Almuhammadi, S., and Al-Hejri, I. (May, January 30). A comparative analysis of AES common modes of operation. Proceedings of the 2017 IEEE 30th Canadian conference on electrical and computer engineering (CCECE), Windsor, ON, Canada.","DOI":"10.1109\/CCECE.2017.7946655"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Bethencourt, J., Sahai, A., and Waters, B. (2007, January 20\u201323). Ciphertext-Policy Attribute-Based Encryption. Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP \u201907), Berkeley, CA, USA.","DOI":"10.1109\/SP.2007.11"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"8269","DOI":"10.1109\/JIOT.2022.3154039","article-title":"A Survey on Attribute-Based Encryption Schemes Suitable for the Internet of Things","volume":"9","author":"Rasori","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"ref_31","unstructured":"Gartner, Inc. (2024). Gartner Survey Reveals 63% of Organizations Worldwide Have Implemented a Zero-Trust Strategy, Gartner, Inc.. Based on a Q4 2023 survey of 303 security leaders."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1109\/OJCS.2024.3505056","article-title":"Emerging Technologies Driving Zero Trust Maturity Across Industries","volume":"6","author":"Joshi","year":"2025","journal-title":"IEEE Open J. Comput. Soc."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Federici, F., Martintoni, D., and Senni, V. (2023). A zero-trust architecture for remote access in industrial IoT infrastructures. Electronics, 12.","DOI":"10.3390\/electronics12030566"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Huber, B., and Kandah, F. (2024, January 5\u20138). Zero Trust+: A Trusted-based Zero Trust architecture for IoT at Scale. Proceedings of the 2024 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA.","DOI":"10.1109\/ICCE59016.2024.10444321"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"101419","DOI":"10.1016\/j.iot.2024.101419","article-title":"ZFort: A scalable zero-trust approach for trust management and traffic engineering in SDN based IoTs","volume":"28","author":"Ashraf","year":"2024","journal-title":"Internet Things"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"54423","DOI":"10.1109\/ACCESS.2025.3551212","article-title":"Ensuring Zero Trust Security in Consumer Internet of Things Using Federated Learning-Based Attack Detection Model","volume":"13","author":"Alrayes","year":"2025","journal-title":"IEEE Access"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"10248","DOI":"10.1109\/JIOT.2020.3041042","article-title":"A Security Awareness and Protection System for 5G Smart Healthcare Based on Zero-Trust Architecture","volume":"8","author":"Chen","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"1876","DOI":"10.1109\/TNSM.2022.3157248","article-title":"On Sustained Zero Trust Conceptualization Security for Mobile Core Networks in 5G and Beyond","volume":"19","author":"Bello","year":"2022","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1109\/MNET.2023.3326003","article-title":"Enabling 6G Security: The Synergy of Zero Trust Architecture and Artificial Intelligence","volume":"38","author":"Sedjelmaci","year":"2024","journal-title":"IEEE Netw."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Nie, S., Ren, J., Wu, R., Han, P., Han, Z., and Wan, W. (2025). Zero-Trust Access Control Mechanism Based on Blockchain and Inner-Product Encryption in the Internet of Things in a 6G Environment. Sensors, 25.","DOI":"10.3390\/s25020550"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"102260","DOI":"10.1016\/j.jksuci.2024.102260","article-title":"A secure, privacy-preserving, and cost-efficient decentralized cloud storage framework using blockchain","volume":"36","author":"Das","year":"2024","journal-title":"J. King Saud Univ.\u2014Comput. Inf. Sci."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Awan, S.M., Azad, M.A., Arshad, J., Waheed, U., and Sharif, T. (2023). A blockchain-inspired attribute-based zero-trust access control model for IoT. Information, 14.","DOI":"10.3390\/info14020129"},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"2792","DOI":"10.1109\/OJCOMS.2024.3391728","article-title":"Securing Digital Identity in the Zero Trust Architecture: A Blockchain Approach to Privacy-Focused Multi-Factor Authentication","volume":"5","author":"Muhammad","year":"2024","journal-title":"IEEE Open J. Commun. Soc."},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1186\/s43067-024-00155-z","article-title":"The significance of artificial intelligence in zero trust technologies: A comprehensive review","volume":"11","author":"Ajish","year":"2024","journal-title":"J. Electr. Syst. Inf. Technol."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Meher, M.K., Rath, A., Panda, G., Thanapati, B.B., and Puthal, D. (2025, January 28\u201330). Robust Detection of Evasive Fileless Powershell Malware: A Machine Learning Approach. Proceedings of the 2025 International Conference on Artificial intelligence and Emerging Technologies (ICAIET), Bhubaneswar, India.","DOI":"10.1109\/ICAIET65052.2025.11211485"},{"key":"ref_46","first-page":"712","article-title":"Integrating Artificial Intelligence with Zero Trust Architecture: Enhancing Adaptive Security in Modern Cyber Threat Landscape","volume":"9","author":"Tiwari","year":"2022","journal-title":"Int. J. Res. Anal. Rev."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"103523","DOI":"10.1016\/j.adhoc.2024.103523","article-title":"AI-powered malware detection with Differential Privacy for zero trust security in Internet of Things networks","volume":"161","author":"Nawshin","year":"2024","journal-title":"Ad Hoc Netw."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"103669","DOI":"10.1016\/j.adhoc.2024.103669","article-title":"AI-optimized elliptic curve with Certificate-Less Digital Signature for zero trust maritime security","volume":"166","author":"Ali","year":"2025","journal-title":"Ad Hoc Netw."},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Daah, C., Qureshi, A., and Awan, I. (2023, January 14\u201316). Zero Trust Model Implementation Considerations in Financial Institutions: A Proposed Framework. Proceedings of the 2023 10th International Conference on Future Internet of Things and Cloud (FiCloud), Marrakesh, Morocco.","DOI":"10.1109\/FiCloud58648.2023.00019"},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Surantha, N., and Ivan, F. (2020). Secure kubernetes networking design based on zero trust model: A case study of financial service enterprise in indonesia. Proceedings of the Innovative Mobile and Internet Services in Ubiquitous Computing: Proceedings of the 13th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS-2019), Springer.","DOI":"10.1007\/978-3-030-22263-5_34"},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"103732","DOI":"10.1016\/j.csi.2023.103732","article-title":"FS-IBEKS: Forward secure identity-based encryption with keyword search from lattice","volume":"86","author":"Yang","year":"2023","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_52","unstructured":"National Institute of Standards and Technology (2022). Recommendation for Key Derivation Using Pseudorandom Functions, NIST Special Publication 800-108r1 SP 800-108r1, Withdrawn (archived)\u2014legacy version available."},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"491","DOI":"10.1016\/j.future.2020.08.026","article-title":"Evaluating the effects of access control policies within NoSQL systems","volume":"114","author":"Colombo","year":"2021","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"208","DOI":"10.1109\/TETC.2022.3193577","article-title":"Enabling Attribute-Based Access Control in NoSQL Databases","volume":"11","author":"Gupta","year":"2023","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"ref_55","unstructured":"Ferraiolo, D.F., and Kuhn, D.R. (1992, January 13\u201316). Role-Based Access Controls. Proceedings of the 15th National Computer Security Conference, National Institute of Standards and Technology, Baltimore, MD, USA. NIST CSRC, NIST IR."},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Oh, S., and Park, S. (2000). Task-Role Based Access Control (T-RBAC): An Improved Access Control Model for Enterprise Environment. Proceedings of the Database and Expert Systems Applications, Springer.","DOI":"10.1007\/3-540-44469-6_25"},{"key":"ref_57","first-page":"574","article-title":"Identity and access management in cloud environment: Mechanisms and challenges","volume":"21","author":"Indu","year":"2018","journal-title":"Eng. Sci. Technol. Int. J."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/18\/3\/135\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T05:10:22Z","timestamp":1773033022000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/18\/3\/135"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3,5]]},"references-count":57,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2026,3]]}},"alternative-id":["fi18030135"],"URL":"https:\/\/doi.org\/10.3390\/fi18030135","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3,5]]}}}