Author
Listed:
- Max Hashem Eiza
(School of Computer Science and Mathematics, Liverpool John Moores University, Liverpool L3 3AF, UK)
- Brian Akwirry
(School of Engineering and Computing, University of Lancashire, Preston PR1 2HE, UK)
- Alessandro Raschella
(School of Computer Science and Mathematics, Liverpool John Moores University, Liverpool L3 3AF, UK)
- Michael Mackay
(School of Computer Science and Mathematics, Liverpool John Moores University, Liverpool L3 3AF, UK)
- Mukesh Kumar Maheshwari
(School of Computer Science and Mathematics, Liverpool John Moores University, Liverpool L3 3AF, UK
Department of Electrical Engineering, Bahria University, Karachi Campus, Karachi 75260, Pakistan)
Abstract
The evolution toward sixth generation (6G) wireless networks promises higher performance, greater flexibility, and enhanced intelligence. However, it also introduces a substantially enlarged attack surface driven by open, disaggregated, and multi-vendor Open RAN (O-RAN) architectures that will be utilised in 6G networks. This paper addresses the urgent need for a practical Zero Trust (ZT) deployment model tailored to O-RAN specification. To do so, we introduce a novel hybrid ZT deployment model that establishes the trusted foundation for AI/ML-driven security in O-RAN, integrating macro-level enclave segmentation with micro-level application sandboxing for xApps/rApps. In our model, the Policy Decision Point (PDP) centrally manages dynamic policies, while distributed Policy Enforcement Points (PEPs) reside in logical enclaves, agents, and gateways to enable per-session, least-privilege access control across all O-RAN interfaces. We demonstrate feasibility via a Proof of Concept (PoC) implemented with Kubernetes and Istio and based on the NIST Policy Machine (PM). The PoC illustrates how pods can represent enclaves and sidecar proxies can embody combined agent/gateway functions. Performance discussion indicates that enclave-based deployment adds 1–10 ms of additional per-connection latency while CPU/memory overhead from running a sidecar proxy per enclave is approximately 5–10% extra utilisation, with each proxy consuming roughly 100–200 MB of RAM.
Suggested Citation
Max Hashem Eiza & Brian Akwirry & Alessandro Raschella & Michael Mackay & Mukesh Kumar Maheshwari, 2025.
"A Hybrid Zero Trust Deployment Model for Securing O-RAN Architecture in 6G Networks,"
Future Internet, MDPI, vol. 17(8), pages 1-29, August.
Handle:
RePEc:gam:jftint:v:17:y:2025:i:8:p:372-:d:1726661
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:17:y:2025:i:8:p:372-:d:1726661. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.
Printed from https://ideas.repec.org/a/gam/jftint/v17y2025i8p372-d1726661.html
My bibliography
Save this article