Towards Zero-Trust 6GC: A Software Defined Perimeter Approach with Dynamic Moving Target Defense Mechanism

• URL: http://arxiv.org/abs/2312.17271v1
• Date: Wed, 27 Dec 2023 02:54:55 GMT
• Title: Towards Zero-Trust 6GC: A Software Defined Perimeter Approach with Dynamic Moving Target Defense Mechanism
• Authors: Zeyad Abdelhay, Yahuza Bello, Ahmed Refaey,
• Abstract summary: This paper introduces the concept of Software Defined Perimeter (SDP) as an innovative solution. We capitalize on the SDP controller-based authentication and authorization mechanisms to secure the EPC network's control and data plane functions. We augment the SDP zero-trust capabilities via the incorporation of a dynamic component, the Moving Target Defense (MTD)
• Score: 1.33134751838052
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The upcoming Sixth Generation (6G) network is projected to grapple with a range of security concerns, encompassing access control, authentication, secure connections among 6G Core (6GC) entities, and trustworthiness. Classical Virtual Private Networks (VPNs), extensively deployed in Evolved Packet Core (EPC) network infrastructure, are notoriously susceptible to a variety of attacks, including man-in-the-middle incursions, Domain Name System (DNS) hijacking, Denial of Service (DoS) attacks, port scanning, and persistent unauthorized access attempts. This paper introduces the concept of Software Defined Perimeter (SDP) as an innovative solution, providing an alternative to VPNs with the goal of fostering a secure zero-trust milieu within the 6G Core networks. We capitalize on the SDP controller-based authentication and authorization mechanisms to secure the EPC network's control and data plane functions, conceiving an architecture that is expansible to the 6G network. Further, we augment the SDP zero-trust capabilities via the incorporation of a dynamic component, the Moving Target Defense (MTD). This enhances the network's resilience against attacks targeting traditionally static network environments established via VPNs. Following rigorous testbed analysis, our proposed framework manifests superior resilience against DoS and port scanning attacks when juxtaposed with traditional VPN methodologies.

Related papers

• Toward Mixture-of-Experts Enabled Trustworthy Semantic Communication for 6G Networks [82.3753728955968]
  We introduce a novel Mixture-of-Experts (MoE)-based SemCom system. This system comprises a gating network and multiple experts, each specializing in different security challenges. The gating network adaptively selects suitable experts to counter heterogeneous attacks based on user-defined security requirements. A case study in vehicular networks demonstrates the efficacy of the MoE-based SemCom system.
  arXiv  Detail & Related papers  (2024-09-24T03:17:51Z)
• Establishing Trust in the Beyond-5G Core Network using Trusted Execution Environments [4.235733335401408]
  We review the security implications introduced in B5G networks, and the security mechanisms that are supported by the 5G standard. We propose a vertical extension of Zero Trust, namely, Zero Trust Execution, to model untrusted execution environments. We provide an analysis on how to establish trust in Beyond-5G network architectures using Trusted Execution Environments.
  arXiv  Detail & Related papers  (2024-05-20T17:02:18Z)
• A Zero Trust Framework for Realization and Defense Against Generative AI Attacks in Power Grid [62.91192307098067]
  This paper proposes a novel zero trust framework for a power grid supply chain (PGSC) It facilitates early detection of potential GenAI-driven attack vectors, assessment of tail risk-based stability measures, and mitigation of such threats. Experimental results show that the proposed zero trust framework achieves an accuracy of 95.7% on attack vector generation, a risk measure of 9.61% for a 95% stable PGSC, and a 99% confidence in defense against GenAI-driven attack.
  arXiv  Detail & Related papers  (2024-03-11T02:47:21Z)
• Penetration Testing of 5G Core Network Web Technologies [53.89039878885825]
  We present the first security assessment of the 5G core from a web security perspective. We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks. Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
  arXiv  Detail & Related papers  (2024-03-04T09:27:11Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• Decentralized Zero-Trust Framework for Digital Twin-based 6G [8.01618424103984]
  The article presents a new framework that integrates the zero-trust architecture in DT-enabled 6G networks. Unlike conventional zero-trust solutions, the proposed framework adapts a decentralized mechanism to ensure the security, privacy and authenticity of both the physical devices and their DT counterparts. The article also discusses current solutions and future outlooks, with challenges and some technology enablers.
  arXiv  Detail & Related papers  (2023-02-06T20:13:19Z)
• Machine Learning Assisted Security Analysis of 5G-Network-Connected Systems [5.918387680589584]
  5G networks have transitioned to software-defined infrastructures. New technologies, like network function virtualization and software-defined networking, have been incorporated in the 5G core network (5GCN) architecture to enable this transition. This article presents a comprehensive security analysis framework for the 5GCN.
  arXiv  Detail & Related papers  (2021-08-07T20:07:08Z)
• Intelligent Zero Trust Architecture for 5G/6G Tactical Networks: Principles, Challenges, and the Role of Machine Learning [4.314956204483074]
  We highlight the challenges and introduce the concept of an intelligent zero trust architecture (i-ZTA) as a security framework in 5G/6G networks with untrusted components. This paper presents the architectural design of an i-ZTA upon which modern artificial intelligence (AI) algorithms can be developed to provide information security in untrusted networks.
  arXiv  Detail & Related papers  (2021-05-04T13:14:29Z)
• Smart Home, security concerns of IoT [91.3755431537592]
  The IoT (Internet of Things) has become widely popular in the domestic environments. People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed. Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
  arXiv  Detail & Related papers  (2020-07-06T10:36:11Z)
• A Self-supervised Approach for Adversarial Robustness [105.88250594033053]
  Adversarial examples can cause catastrophic mistakes in Deep Neural Network (DNNs) based vision systems. This paper proposes a self-supervised adversarial training mechanism in the input space. It provides significant robustness against the textbfunseen adversarial attacks.
  arXiv  Detail & Related papers  (2020-06-08T20:42:39Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.