The 6G network architecture introduces the paradigm of Trust+Security,representing a shift in network protection strategies from external defense mechanisms to endogenous security enforcement.While ZTNs(zerotrust netw...The 6G network architecture introduces the paradigm of Trust+Security,representing a shift in network protection strategies from external defense mechanisms to endogenous security enforcement.While ZTNs(zerotrust networks)have demonstrated significant advancements in constructing trust-centric frameworks,most existing ZTN implementations lack comprehensive integration of security deployment and traffic monitoring capabilities.Furthermore,current ZTN designs generally do not facilitate dynamic assessment of user reputation.To address these limitations,this study proposes a DPZTN(Data-plane-based Zero Trust Network).DPZTN framework extends traditional ZTN models by incorporating security mechanisms directly into the data plane.Additionally,blockchain infrastructure is used to enable decentralized identity authentication and distributed access control.A pivotal element within the proposed framework is ZTNE(Zero-Trust Network Element),which executes access control policies and performs real-time user traffic inspection.To enable dynamic and fine-grained evaluation of user trustworthiness,this study introduces BBEA(Bayesian-based Behavior Evaluation Algorithm).BBEA provides a framework for continuous user behavior analysis,supporting adaptive privilege management and behavior-informed access control.Experimental results demonstrate that ZTNE combined with BBEA,can effectively respond to both individual and mixed attack types by promptly adjusting user behavior scores and dynamically modifying access privileges based on initial privilege levels.Under conditions supporting up to 10,000 concurrent users,the control system maintains approximately 65%CPU usage and less than 60%memory usage,with average user authentication latency around 1 s and access control latency close to 1 s.展开更多
基金funded by the Basic Research Operating Expenses Postgraduate Innovation Programme(Grant No.W24YJS00010,received by J.Yan)the National Key R&D Program of China(Grant No.2018YFA0701604,received by H.Zhou)the National Natural Science Foundation of China(NSFC)(Grant No.62341102,received by H.Zhou).
文摘The 6G network architecture introduces the paradigm of Trust+Security,representing a shift in network protection strategies from external defense mechanisms to endogenous security enforcement.While ZTNs(zerotrust networks)have demonstrated significant advancements in constructing trust-centric frameworks,most existing ZTN implementations lack comprehensive integration of security deployment and traffic monitoring capabilities.Furthermore,current ZTN designs generally do not facilitate dynamic assessment of user reputation.To address these limitations,this study proposes a DPZTN(Data-plane-based Zero Trust Network).DPZTN framework extends traditional ZTN models by incorporating security mechanisms directly into the data plane.Additionally,blockchain infrastructure is used to enable decentralized identity authentication and distributed access control.A pivotal element within the proposed framework is ZTNE(Zero-Trust Network Element),which executes access control policies and performs real-time user traffic inspection.To enable dynamic and fine-grained evaluation of user trustworthiness,this study introduces BBEA(Bayesian-based Behavior Evaluation Algorithm).BBEA provides a framework for continuous user behavior analysis,supporting adaptive privilege management and behavior-informed access control.Experimental results demonstrate that ZTNE combined with BBEA,can effectively respond to both individual and mixed attack types by promptly adjusting user behavior scores and dynamically modifying access privileges based on initial privilege levels.Under conditions supporting up to 10,000 concurrent users,the control system maintains approximately 65%CPU usage and less than 60%memory usage,with average user authentication latency around 1 s and access control latency close to 1 s.
