In this position paper, we discuss the critical need for integrating zero trust (ZT) principles into next-generation communication networks (5G/6G) for both tactical and commercial applications. We highlight the challenges and introduce the concept of an intelligent zero trust architecture (i-ZTA) as a security framework in 5G/6G networks with untrusted components. While network virtualization, software-defined networking (SDN), and service-based architectures (SBA) are key enablers of 5G networks, operating in an untrusted environment has also become a key feature of the networks. Further, seamless connectivity to a high volume of devices in multi-radio access technology (RAT) has broadened the attack surface on information infrastructure. Network assurance in a dynamic untrusted environment calls for revolutionary architectures beyond existing static security frameworks. This paper presents the architectural design of an i-ZTA upon which modern artificial intelligence (AI) algorithms can be developed to provide information security in untrusted networks. We introduce key ZT principles as real-time Monitoring of the security state of network assets, Evaluating the risk of individual access requests, and Deciding on access authorization using a dynamic trust algorithm, called MED components. The envisioned architecture adopts an SBA-based design, similar to the 3GPP specification of 5G networks, by leveraging the open radio access network (O-RAN) architecture with appropriate real-time engines and network interfaces for collecting necessary machine learning data. The i-ZTA is also expected to exploit the multi-access edge computing (MEC) technology of 5G as a key enabler of intelligent MED components for resource-constraint devices.
翻译:在这份立场文件中,我们讨论了将零信任(ZT)原则纳入下一代通信网络(5G/6G)的迫切需要(5G/6G),用于战术和商业应用;我们强调挑战,并引入智能零信任架构(i-ZTA)的概念,作为5G/6G网络中具有不受信任组成部分的安全框架;虽然网络虚拟化、软件定义网络(SDN)和基于服务的架构(SBA)是5G网络的关键推动者,但在不受信任的环境中运作也已成为网络的一个关键特征;此外,与多射线接入技术(RAT)的大量设备无缝连接,扩大了信息基础设施攻击面;动态无信任环境中的网络保证要求在现有静态安全框架之外建立革命架构;本文介绍了i-ZTA的建筑设计设计,可据此发展现代人工智能(AI)算法,在不受信任的网络中提供信息安全;我们引入关键ZT原则,作为网络资产的实时监测,评估个人访问请求的风险,以及使用5MAG系统核心网络的无障碍访问授权,也要求将i-SA-SAR网络的预期设计结构用于5MADA。