The API Integrity and Access Control Framework (AIACF): A Zero-Trust Security Model for U.S.-Connected Consumer Platforms
DOI:
https://doi.org/10.32628/CSEIT24102140Keywords:
Zero-Trust Security, API Governance, Multi-Layer Authentication, Anomaly Detection, Role-Based Access Control, Consumer Internet of Things (IoT)Abstract
The rapid proliferation of consumer Internet of Things (IoT) devices has exponentially increased the attack surface for cyber adversaries, with Application Programming Interfaces (APIs) serving as critical yet vulnerable integration points within smart ecosystems. This paper introduces the API Integrity and Access Control Framework (AIACF), a comprehensive zero-trust security model designed to fortify API governance for U.S.-connected consumer platforms. AIACF integrates multi-layer authentication, real-time anomaly detection, and role-based access controls to establish continuous, context-aware validation and dynamic threat mitigation. Grounded in zero-trust principles and aligned with national cybersecurity priorities articulated by the National Security Agency (NSA) and Department of Homeland Security (DHS), the framework addresses critical vulnerabilities contributing to API abuse and data breaches. We detail AIACF’s modular architecture, practical deployment strategies, and evaluation metrics, supported by a case study demonstrating its efficacy in reducing unauthorized access and mitigating API-based attacks. The framework’s adaptability and scalability position it as a strategic tool for enhancing the security posture of consumer IoT environments, advancing national efforts to safeguard critical technological infrastructure. Future research directions emphasize the incorporation of advanced machine learning for anomaly detection, scalability optimization, and broader applicability across diverse IoT domains.
Downloads
References
P. Raj and A. C. Raman, The Internet of Things: Enabling technologies, platforms, and use cases. Auerbach Publications, 2017.
H. Rehan, "Internet of Things (IoT) in smart cities: Enhancing urban living through technology," Journal of Engineering and Technology, vol. 5, no. 1, pp. 1-16, 2023.
O. Vermesan et al., "Internet of robotic things intelligent connectivity and platforms," Frontiers in Robotics and AI, vol. 7, p. 104, 2020.
M. Capili, "Simulation-Based Evaluation of Perimeter-Based and Zero Trust Security Implementation on Internet of Things," The George Washington University, 2024.
M. Sunkesula and S. R. Siraparapu, "Securing the Iot Landscape: A Comprehensive Review of Secure Systems in the Digital Era," Sri Ramya, Securing the Iot Landscape: A Comprehensive Review of Secure Systems in the Digital Era.
C. D. Yu, "On the Usage and Vulnerabilities of API Systems," 2021.
A. Munsch and P. Munsch, "The Future of API Security: The Adoption of APIs for Digital Communications and the Implications for Cyber Security Vulnerabilities," Journal of International Technology & Information Management, vol. 29, no. 3, 2020.
P. Paidy and K. Chaganti, "Securing AI-Driven APIs: Authentication and Abuse Prevention," International Journal of Emerging Research in Engineering and Technology, vol. 5, no. 1, pp. 27-37, 2024.
P. Siriwardena, "Advanced API Security," Apress: New York, NY, USA, 2014.
S. Jaiswal, "Securing Amazon Web Services with Zero Trust Architecture," 2024.
J. Luckett, "A Zero Trust Roadmap for Consumers and Small Businesses," Marymount University, 2024.
S. T. Aiello, "Prescriptive Zero Trust: Assessing the Impact of Zero Trust on Cyber Attack Prevention," 2024.
B. Venkata, "Zero Trust Security Architecture: A Paradigm Shift in Data Protection and Access Control," 2023.
U. Shahzad and C. Lu, "The Effect of Zero Trust Model on Organizations," 2023.
M. Khadka, "A Systematic Appraisal of Multi-Factor Authentication Mechanisms for Cloud-Based E-Commerce Platforms and Their Effect on Data Protection," Journal of Emerging Cloud Technologies and Cross-Platform Integration Paradigms, vol. 6, no. 12, pp. 12-21, 2022.
A. G. Adeleke, T. O. Sanyaolu, C. P. Efunniyi, L. A. Akwawa, and C. F. Azubuko, "API integration in FinTech: Challenges and best practices," International Journal of Financial Technology, 2024.
M. Fanti, Implementing Multifactor Authentication: Protect your applications from cyberattacks with the help of MFA. Packt Publishing Ltd, 2023.
O. R. Aziza, "Securities regulation, enforcement and market integration in the development of sub-Saharan Africa's capital markets," University of Oxford, 2021.
L. Hofmanová, "Cyber Security in the United States of America: Assessing the Role of the Department of Homeland Security," 2019.
S. K. England, Internet of things device cybersecurity and national security. Utica College, 2020.
J. A. Jarmon, The new era in US national security: challenges of the information age. Rowman & Littlefield, 2019.
T. Kaiser, R. Siddiqua, and M. M. U. Hasan, "A multi-layer security system for data access control, authentication, and authorization," Brac University, 2022.
A. Gupta, M. Panda, and A. Gupta, "Advancing API Security: A Comprehensive Evaluation of Authentication Mechanisms and Their Implications for Cybersecurity," International Journal of Global Innovations and Solutions (IJGIS), 2024.
B. Türetken, "Enhancing Security with Cloud-based API Management: Best Practices and Implementation," ed: KTH Royal Institute of Technology, 2024.
J. Niguidula Enriquez, "Enhancing Security in cloud environments with acces control mechanisms," Universitat Politècnica de Catalunya, 2024.
S. Almohammad Alsaleh, "Permission-Based Dynamic Access Control Models for Enhanced Data Security: Integrating Contextual Awareness and Role Flexibility for Secure Healthcare Data Management," ed, 2024.
U. Anirudh and S. S. Darshan, "Role-Based Virtuosity in Virtual Environments: A Technical Exploration of Access Control and Authentication Mechanisms," in Cloud Security: Chapman and Hall/CRC, 2024, pp. 183-196.
A. Kayes et al., "A survey of context-aware access control mechanisms for cloud and fog networks: Taxonomy and open research issues," Sensors, vol. 20, no. 9, p. 2464, 2020.
C. Goumopoulos, "Smart city middleware: A survey and a conceptual framework," IEEE Access, vol. 12, pp. 4015-4047, 2024.
C.-H. Liao, X.-Q. Guan, J.-H. Cheng, and S.-M. Yuan, "Blockchain-based identity management and access control framework for open banking ecosystem," Future Generation Computer Systems, vol. 135, pp. 450-466, 2022.
P. P. Pereira, J. Eliasson, and J. Delsing, "An authentication and access control framework for CoAP-based Internet of Things," in IECON 2014-40th Annual Conference of the IEEE Industrial Electronics Society, 2014: IEEE, pp. 5293-5299.
D. Kornienko, S. Mishina, S. Shcherbatykh, and M. Melnikov, "Principles of securing RESTful API web services developed with python frameworks," in Journal of Physics: Conference Series, 2021, vol. 2094, no. 3: IOP Publishing, p. 032016.
N. Madden, API security in action. Simon and Schuster, 2020.
S. Bandara, T. Yashiro, N. Koshizuka, and K. Sakamura, "Access control framework for api-enabled devices in smart buildings," in 2016 22nd Asia-Pacific Conference on Communications (APCC), 2016: IEEE, pp. 210-217.
T. Hu et al., "SEAPP: A secure application management framework based on REST API access control in SDN-enabled cloud environment," Journal of Parallel and Distributed Computing, vol. 147, pp. 108-123, 2021.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 International Journal of Scientific Research in Computer Science, Engineering and Information Technology
This work is licensed under a Creative Commons Attribution 4.0 International License.