Extending 5G services with Zero Trust security pillars: a modular approach

In this paper, we propose a modular approach to implement the zero-trust principles in a 5G network. As more and more critical applications take advantage of 5G features, such as industrial controls and remote manufacturing, zero trust security approach is a valid solution to harden the defense of a potentially extended attack surface in 5G interconnected critical systems. The Cybersecurity and Infrastructure Security Agency (CISA) provides a Zero Trust Maturity Model that is based on five different pillars (user, device, network, application and workload/data) and we argue that we can exploit the service-based architecture of the 5G core to implement each of these pillars incrementally as additional services of 5G networks. Specifically, we propose additional network functions (NFs) in the 5G core to implement the CISA recommendations, namely User-Identity Management System (UIMS), User Authentication System (UAS), Access Authorization System (AAS), Endpoint Detection and Response System (EDRS), User-Behavior Analysis Function (UBAF), Security Assessment Report Generator (SARG). We take advantage of the Packet processing at user level (UPF) to provide an holistic packet processing to decide and enforce controls for each new and existing connection towards critical resources. Aware of limited resources for each traffic analysis, we leverage a risk-based prioritization of network traffic flows to enforce zero trust access controls to critical asset and resources.