EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

A Hybrid Zero Trust Deployment Model for Securing O-RAN Architecture in 6G Networks

Max Hashem Eiza (), Brian Akwirry, Alessandro Raschella, Michael Mackay and Mukesh Kumar Maheshwari
Additional contact information
Max Hashem Eiza: School of Computer Science and Mathematics, Liverpool John Moores University, Liverpool L3 3AF, UK
Brian Akwirry: School of Engineering and Computing, University of Lancashire, Preston PR1 2HE, UK
Alessandro Raschella: School of Computer Science and Mathematics, Liverpool John Moores University, Liverpool L3 3AF, UK
Michael Mackay: School of Computer Science and Mathematics, Liverpool John Moores University, Liverpool L3 3AF, UK
Mukesh Kumar Maheshwari: School of Computer Science and Mathematics, Liverpool John Moores University, Liverpool L3 3AF, UK

Future Internet, 2025, vol. 17, issue 8, 1-29

Abstract: The evolution toward sixth generation (6G) wireless networks promises higher performance, greater flexibility, and enhanced intelligence. However, it also introduces a substantially enlarged attack surface driven by open, disaggregated, and multi-vendor Open RAN (O-RAN) architectures that will be utilised in 6G networks. This paper addresses the urgent need for a practical Zero Trust (ZT) deployment model tailored to O-RAN specification. To do so, we introduce a novel hybrid ZT deployment model that establishes the trusted foundation for AI/ML-driven security in O-RAN, integrating macro-level enclave segmentation with micro-level application sandboxing for xApps/rApps. In our model, the Policy Decision Point (PDP) centrally manages dynamic policies, while distributed Policy Enforcement Points (PEPs) reside in logical enclaves, agents, and gateways to enable per-session, least-privilege access control across all O-RAN interfaces. We demonstrate feasibility via a Proof of Concept (PoC) implemented with Kubernetes and Istio and based on the NIST Policy Machine (PM). The PoC illustrates how pods can represent enclaves and sidecar proxies can embody combined agent/gateway functions. Performance discussion indicates that enclave-based deployment adds 1–10 ms of additional per-connection latency while CPU/memory overhead from running a sidecar proxy per enclave is approximately 5–10% extra utilisation, with each proxy consuming roughly 100–200 MB of RAM.

Keywords: 6G; Security; Next-G Networks; O-RAN; Open RAN; Zero Trust; NIST PM (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/17/8/372/pdf (application/pdf)
https://www.mdpi.com/1999-5903/17/8/372/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:17:y:2025:i:8:p:372-:d:1726661

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-08-19
Handle: RePEc:gam:jftint:v:17:y:2025:i:8:p:372-:d:1726661