Hashem Eiza, M ORCID: 0000-0001-9114-8577, Akwirry, B, Raschella, A, Mackay, M and Maheshwari (Postdoc), M
A Hybrid Zero Trust Deployment Model for Securing O-RAN Architecture in 6G Networks.
Future Internet.
(Accepted)
Preview |
Text
A Hybrid Zero Trust Deployment Model for Securing O-RAN Architecture in 6G Networks.pdf - Accepted Version Available under License Creative Commons Attribution. Download (1MB) | Preview |
Abstract
The evolution toward sixth generation (6G) wireless networks promises higher per-formance, greater flexibility, and enhanced intelligence. However, it also introduces a substantially enlarged attack surface driven by open, disaggregated, and multi-vendor Open RAN (O-RAN) architectures that will be utilised in 6G networks. This paper ad-dresses the urgent need for a practical Zero Trust (ZT) deployment model tailored to O-RAN specification. To do so, we introduce a novel hybrid ZT deployment model that establishes the trusted foundation for AI/ML-driven security in O-RAN, integrating macro-level enclave segmentation with micro-level application sandboxing for xApps/rApps. In our model, the Policy Decision Point (PDP) centrally manages dynamic policies, while distributed Policy Enforcement Points (PEPs) reside in logical enclaves, agents, and gateways to enable per-session, least-privilege access control across all O-RAN interfaces. We demonstrate feasibility via a Proof of Concept (PoC) imple-mented with Kubernetes and Istio and based on the NIST Policy Machine (PM). The PoC illustrates how pods can represent enclaves and sidecar proxies can embody combined agent/gateway functions. Performance discussion indicates that enclave-based de-ployment adds 1–10 ms of additional per-connection latency while CPU/memory overhead from running a sidecar proxy per enclave is approximately 5–10 % extra uti-lisation, with each proxy consuming roughly 100–200 MB of RAM.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | 46 Information and computing sciences |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science T Technology > T Technology (General) > T58.5 Information Technology |
Divisions: | Computer Science and Mathematics |
Publisher: | MDPI |
Date of acceptance: | 6 August 2025 |
Date of first compliant Open Access: | 6 August 2025 |
Date Deposited: | 06 Aug 2025 13:21 |
Last Modified: | 06 Aug 2025 13:30 |
URI: | https://researchonline.ljmu.ac.uk/id/eprint/26906 |
![]() |
View Item |