On Sustained Zero Trust Conceptualization Security for Mobile Core Networks in 5G and Beyond

The rapid increase in data traffic is forcing mobile network operators to enhance and expand their network infrastructure to meet the new requirements of customers’ Service Level Agreements (SLA). Network Function Virtualization (NFV) provides abstractions of core network functions from the vendor-specific hardware. This allows the network functions to move around the cloud, providing better performance and scaling capabilities. However, deploying virtualized mobile core network in the cloud environment opens many security concerns not only regarding communication between the Radio Access Network (RAN) and the mobile core network but also within the core network itself. In this paper, we propose a framework called virtual Evolved Packet Core - virtual Software Defined Perimeter (vEPC-vSDP) to provide secure communications within the mobile core network by using an authentication-based approach. The SDP components are virtualized and placed within the virtualized core network to provide a zero-trust environment where only authenticated and authorized core network elements can have access to one another. The analysis of the proposed vEPC-vSDP framework confirms its ability to shield the core network traffic from both external and internal attacks. The vEPC-vSDP framework was implemented and tested against Denial of Service (DoS), Distributed Denial of Service (DDoS) and port scanning attacks to demonstrate the resilience of the proposed framework. The results show the capability of vEPC-vSDP to provide secure communication path to mobile core network elements.