The service-based architectures and cloud-based computing that comes with 5G enable the use of zero-trust architectures and networking. With a zero-trust model, no trust is implicitly granted to system elements, resources, assets, network perimeters, or network connections. Before a session begins or a connection is established, authentication and authorization discretely govern access to networks and resources. This model deploys multiple layers of verification to prevent data breaches and limit lateral movement within a system or network.

Adhering to zero-trust tenets

According to NIST SP 800-207, a zero-trust architecture adheres to seven technology-agnostic tenets:

  • All data sources and computing services are considered resources.

  • All communication is secured regardless of network location.

  • Access to a resource is granted on a per-session basis.

  • Access to resources is determined by a dynamic policy.

  • The integrity and security posture of all assets are monitored.

  • Dynamic authentication and authorization govern resource access.

  • The current state of assets, network infrastructure, and network traffic is tracked to improve security policies, context awareness, and enforcement.

For more information, see NIST SP 800-207.

By adopting a zero-trust model, Open RAN can protect interfaces and APIs, obtain telemetry across clouds, and impose context-specific security measures through network slicing.

Implementing a zero-trust architecture

The prerequisites to efficiently implement the far-reaching tenets of a zero-trust architecture are as follows:

  • A common horizontal multi-cloud platform

  • Security mechanisms and controls that are built into the RAN stack and its network

  • Automation to dynamically apply and adjust security measures

In Telco Cloud Platform RAN, management interfaces and APIs are secured by using the built-in security features of VMware vSphere, including authentication, access control, authorization, and certificates.

To support VNFs and CNFs, the zero-trust model can be implemented by using automation to create and manage Kubernetes clusters and to onboard, deploy, and update RAN network functions.