The upcoming Sixth Generation (6G) network is projected to grapple with a range of security concerns, encompassing access control, authentication, secure connections among 6G Core (6GC) entities, and trustworthiness. Classical Virtual Private Networks (VPNs), extensively deployed in Evolved Packet Core (EPC) network infrastructure, are notoriously susceptible to a variety of attacks, including man-in-the-middle incursions, Domain Name System (DNS) hijacking, Denial of Service (DoS) attacks, port scanning, and persistent unauthorized access attempts. This paper introduces the concept of Software Defined Perimeter (SDP) as an innovative solution, providing an alternative to VPNs with the goal of fostering a secure zero-trust milieu within the 6G Core networks. We capitalize on the SDP controller-based authentication and authorization mechanisms to secure the EPC network's control and data plane functions, conceiving an architecture that is expansible to the 6G network. Further, we augment the SDP zero-trust capabilities via the incorporation of a dynamic component, the Moving Target Defense (MTD). This enhances the network's resilience against attacks targeting traditionally static network environments established via VPNs. Following rigorous testbed analysis, our proposed framework manifests superior resilience against DoS and port scanning attacks when jux-taposed with traditional VPN methodologies.

中文翻译：

---

迈向零信任 6GC：具有动态移动目标防御机制的软件定义周界方法

即将推出的第六代 (6G) 网络预计将解决一系列安全问题，包括访问控制、身份验证、6G 核心 (6GC) 实体之间的安全连接以及可信度。广泛部署在演进分组核心 (EPC) 网络基础设施中的经典虚拟专用网络 (VPN) 非常容易受到各种攻击，包括中间人入侵、域名系统 (DNS) 劫持、拒绝服务(DoS) 攻击、端口扫描和持续的未经授权的访问尝试。本文介绍了软件定义边界 (SDP) 的概念，作为一种创新解决方案，提供 VPN 的替代方案，其目标是在 6G 核心网络内培育安全的零信任环境。我们利用基于SDP控制器的身份验证和授权机制来保护EPC网络的控制和数据平面功能，构想出可扩展到6G网络的架构。此外，我们通过合并动态组件移动目标防御（MTD）来增强 SDP 零信任功能。这增强了网络抵御针对通过 VPN 建立的传统静态网络环境的攻击的能力。经过严格的测试台分析，我们提出的框架与传统 VPN 方法结合使用时，表现出针对 DoS 和端口扫描攻击的卓越弹性。