Fecha
2025-07-09
Editor/a
Director/a
Tutor/a
Coordinador/a
Prologuista
Revisor/a
Ilustrador/a
Derechos de acceso
info:eu-repo/semantics/openAccess
Título de la revista
ISSN de la revista
Título del volumen
Editor
Universidad Nacional de Educación a Distancia (UNED)
Citas
0 citas en 
0 citas en 
Resumen
In the contemporary landscape of cloud-native software development, microservices architecture has gained traction due to its modularity, scalability, and agility. However, this shift introduces notable security challenges, particularly around authentication and access control. This thesis explores the comparative e ectiveness of centralized and distributed authentication models within a Zero Trust Architecture (ZTA) framework.
The study follows three main phases: analysis of the state of the art, design and implementation of both authentication models, and empirical evaluation through simulated attack scenarios. The centralized model employs a single Identity Provider (IdP) and an API gateway to manage authentication and authorization, simplifying policy enforcement but potentially creating a single point of failure. In contrast, the distributed model delegates authentication to each microservice, enforcing mutual Transport Layer Security (TLS) and local JSON Web Token (JWT) validation to better re ect Zero Trust principles.
To assess their resilience, both models were deployed in a uni ed cloud environment and subjected to attacks such as lateral movement, token replay, identity spoo ng, and denial-of-service (DoS). Results show that the distributed model provides stronger defense-in- depth, e ectively blocking internal unauthorized access and spoo ng attempts through per- service validation and cryptographic identities. However, it adds operational complexity in managing certi cates and keys. In terms of performance, both architectures exhibited acceptable response times under normal load. Under stress, the centralized gateway absorbed load more predictably, while the distributed model preserved availability by dispersing requests, albeit with higher tail latency and occasional errors.
Operationally, the centralized model favors simplicity and rapid policy rollout, while the distributed model requires greater automation and engineering discipline. The study concludes that model selection should align with organizational priorities: Centralized authentication suits API-centric systems with streamlined governance needs, while distributed models are better for highly regulated, multi-tenant, or security-sensitive environments. This research contributes a practical, evidence-based comparison of two leading authentication strategies in microservices under ZTA, providing architectural guidance and a replicable testing framework for future research and enterprise use.
Descripción
Categorías UNESCO
Palabras clave
Zero Trust Architecture, Microservices, Authentication, Centralized Authentication, Distributed Authentication, Identity and Access Management, Cybersecurity
Citación
Lafarga Poyo, Francisco. Trabajo fin de Máster: "Zero trust framework for microservices security: analysis, design, and implementation". Universidad Nacional de Educación a Distancia (UNED), 2025
Centro
E.T.S. de Ingeniería Informática
Departamento
Ingeniería de Software y Sistemas Informáticos