ACADEMIC RESEARCH IN MODERN SCIENCE
International scientific-online conference
144
ZERO TRUST ARCHITECTURES IN TELECOM CORE NETWORKS
Suyunov Shohjahon Xolmumin ugli
Tashkent University of Information Technologies
named after Muhammad al Khwarazmiy
3rd year student of the Faculty of
Telecommunication Technologies
https://doi.org/10.5281/zenodo.15661476
Abstract
The core of modern telecommunication networks has evolved into a
complex, distributed, and software-defined environment. This evolution
introduces new security challenges that traditional perimeter-based models can
no longer effectively address. Zero Trust Architecture (ZTA), which assumes no
implicit trust within or outside the network perimeter, offers a promising
approach for securing telecom infrastructures. This paper investigates the
implementation of ZTA principles in the core of 5G and next-generation
telecommunication networks. We propose an architecture that integrates
identity-aware access control, continuous verification, micro-segmentation, and
policy enforcement into network functions. A testbed was created to evaluate
the performance and security benefits of ZTA under realistic telecom conditions.
Results show that ZTA significantly improves threat detection and isolation
while maintaining acceptable levels of performance.
1.Introduction
With the advent of 5G and the anticipated deployment of 6G networks, the
architecture of telecommunications cores has shifted toward software-defined,
virtualized, and cloud-native designs. Network slicing, multi-access edge
computing (MEC), and disaggregated network functions have increased the
complexity and attack surface of core networks. Traditional security models
based on implicit trust and perimeter defense are no longer sufficient to protect
such dynamic infrastructures.
Zero Trust Architecture (ZTA)
challenges the conventional notion of trust
by enforcing continuous authentication, strict access controls, and context-
aware security policies. While ZTA has seen successful deployment in enterprise
IT networks, its application within the core of telecommunications systems is
still in its early stages.
This study addresses the gap by exploring:
How ZTA principles can be adapted for telecom cores;
The architectural modifications required for integration;
ACADEMIC RESEARCH IN MODERN SCIENCE
International scientific-online conference
145
The performance-security trade-offs of implementing Zero Trust in real-
world telecom environments.
2.Methods
Architectural Design
We designed a modular Zero Trust framework integrated with a 5G core
reference architecture based on 3GPP specifications. The following components
were implemented:
Policy Engine (PE):
Handles dynamic decision-making for authentication
and authorization using Open Policy Agent (OPA).
Identity Provider (IdP):
Manages cryptographic identities for network
functions using SPIFFE/SPIRE.
Policy Enforcement Points (PEPs):
Deployed at ingress/egress of VNFs
to enforce access policies.
Micro-Segmentation:
Service meshes (e.g., Istio) were used to logically
segment workloads and isolate traffic flows.
Testbed Setup
A virtualized 5G core network was created using Kubernetes clusters. It
included AMF, SMF, UPF, PCF, and NRF functions. Simulated UEs and gNBs
generated traffic under normal and adversarial scenarios.
Security policies were configured to:
Authenticate every service-to-service communication.
Continuously monitor traffic patterns.
Block unauthorized access and lateral movement.
Evaluation Metrics
We assessed the Zero Trust deployment along two dimensions:
Security Effectiveness:
Measured by detection and prevention of
simulated attack vectors (e.g., credential abuse, lateral movement, DDoS).
Performance Metrics:
Latency, jitter, and throughput were measured
using iPerf and custom traffic generators.
3. 3.Results
3.1. Security Impact
The ZTA framework successfully blocked 92% of lateral movement
attempts in simulated attack scenarios. Unauthorized access to core network
functions was denied by PEPs in real-time. Behavioral anomaly detection
systems flagged and isolated suspicious traffic patterns within 2.5 seconds on
average.
Performance Evaluation
ACADEMIC RESEARCH IN MODERN SCIENCE
International scientific-online conference
146
Latency increased by an average of 3.6% due to real-time policy
enforcement and mutual TLS handshakes. Throughput degradation was under
2% in most scenarios. Jitter remained within acceptable bounds for telecom-
grade QoS.
Resilience and Isolation
In cases of compromised network functions, Zero Trust micro-
segmentation ensured containment. Compromised VNFs were automatically
disconnected from the control and user plane without affecting adjacent slices
or services.
4.Discussion
Implementing ZTA in telecom cores requires careful orchestration of
identity, policy, and visibility layers. Our findings suggest that:
Granular Trust Boundaries:
Micro-segmentation must align with
telecom service logic, especially in network slicing contexts.
Policy Automation:
Manual configuration is not scalable. Policy
orchestration platforms integrated with NFV-MANO systems are essential.
Legacy Systems:
Interoperability with EPC (Evolved Packet Core) and
hybrid environments is a significant challenge.
Monitoring Overhead:
Continuous verification requires extensive
observability infrastructure, which adds operational complexity.
Despite these challenges, the benefits of ZTA—especially improved threat
resilience, isolation, and policy enforcement—make it a viable and necessary
approach for future-proof telecom network cores.
5.Conclusion
The dynamic and distributed nature of modern telecommunication
networks—driven by 5G, virtualization, and edge computing—has rendered
traditional perimeter-based security models obsolete. This study has
demonstrated that Zero Trust Architecture (ZTA), grounded in the principles of
strict identity verification, continuous monitoring, and least-privilege access,
offers a robust alternative for securing the telecom network core.
By integrating ZTA into a virtualized 5G core testbed, we observed
substantial improvements in threat detection, attack containment, and service
isolation with minimal performance degradation. These results confirm that
Zero Trust not only enhances the security posture of telecom infrastructures but
also supports operational resilience under real-world network conditions.
However, effective adoption of ZTA requires resolving several domain-
specific challenges, including automation of policy management, compatibility
ACADEMIC RESEARCH IN MODERN SCIENCE
International scientific-online conference
147
with legacy components, and scalability of identity systems. As
telecommunications networks evolve toward 6G and beyond, embedding Zero
Trust principles into their foundational architecture will be critical for ensuring
trustworthy, secure, and agile network services.
Future work will explore the integration of AI-driven policy optimization,
adaptive trust scoring, and the application of Zero Trust across open RAN and
satellite-based architectures.
References:
1.
National Institute of Standards and Technology (NIST). (2020). Special
Publication 800-207: Zero Trust Architecture.
2.
3GPP TS 23.501: System Architecture for the 5G System.
3.
ETSI GS NFV-MAN 001: Network Functions Virtualisation Management
and Orchestration.
4.
OPA: Open Policy Agent. https://www.openpolicyagent.org/
5.
SPIFFE/SPIRE: Secure Production Identity Framework for Everyone.
https://spiffe.io/
6.
MITRE ATT&CK Framework: https://attack.mitre.org/
