To address high authentication latency, cross-domain data privacy leakage, and low collaborative efficiency in large-scale cross-domain IoT systems under zero-trust architecture (ZTA) with fine-grained authorization, this paper proposes DFL-ZTA—a novel framework integrating decentralized federated learning (DFL) with ZTA. It introduces a dynamic adaptive weight adjustment mechanism and a model-compression-based collaborative architecture, enabling real-time permission adjudication and privacy-preserving joint modeling over heterogeneous data. Formal security proofs guarantee confidentiality, integrity, and availability. Experimental results demonstrate that DFL-ZTA reduces authentication and authorization latency by 37.2% and increases system throughput by 41.5% compared to baseline approaches, while maintaining rigorous security guarantees—significantly enhancing cross-domain collaboration efficiency and privacy protection capability.

With the increasing number of connected devices and complex networks involved, current domain-specific security techniques become inadequate for diverse large-scale Internet of Things (IoT) systems applications. While cross-domain authentication and authorization brings lots of security improvement, it creates new challenges of efficiency and security. Zero trust architecture (ZTA), an emerging network security architecture, offers a more granular and robust security environment for IoT systems. However, extensive cross-domain data exchange in ZTA can cause reduced authentication and authorization efficiency and data privacy concerns. Therefore, in this paper, we propose a dynamic authentication and granularized authorization scheme based on ZTA integrated with decentralized federated learning (DFL) for cross-domain IoT networks. Specifically, device requests in the cross-domain process are continuously monitored and evaluated, and only necessary access permissions are granted. To protect user data privacy and reduce latency, we integrate DFL with ZTA to securely and efficiently share device data across different domains. Particularly, the DFL model is compressed to reduce the network transmission load. Meanwhile, a dynamic adaptive weight adjustment mechanism is proposed to enable the DFL model to adapt to data characteristics from different domains. We analyze the performance of the proposed scheme in terms of security proof, including confidentiality, integrity and availability. Simulation results demonstrate the superior performance of the proposed scheme in terms of lower latency and higher throughput compared to other existing representative schemes.