-
StatusOngoing
-
Status date2025-12-01
-
Activity Code3F.011
The ZETA-NTN project aims to provide zero trust in 5G NTN with different type of architectural options such as store & forward (S&F), regenerative payload, RU/DU/CU split and edge computing. Zero trust will be guaranteed through a set of mechanisms that will span across the whole network such as radio access and core, where in some cases edge computing will be also integrated. The proposed security architecture will be tested using a comprehensive 5G NTN testbed and applying a security framework with different tools and practices.
The ZETA-NTN will address challenges that can be found within 3GPP today such as different tenets consideration for applying zero trust in 5G NTN. On the other hand, S&F expose different security risks that need to be mitigated with the proposed zero architecture. Moreover, RAN split is also a challenge in terms of cybersecurity while edge computing is relevant to services offered over 5G NTN in a secure way. UE-Sat-UE is considered also as a secure end-to-end service.
The product will be a zero-trust framework for 5G NTN compliant 3GPP standards in terms of tenets provision, S&F, RAN split and edge computing architectures. The project will offer an overall a generic zero trust infrastructure to NTN systems/NTN actors such as satellite telecom operators.
The product features are listed below:
- Auth timing/link outage enables delayed/authenticated registration for continuous authentication;
- Continuous Monitoring and Validation: authentication and authorization are not one-time events but are continually verified based on contextual factors, such as user identity, device health, and network location;
- DoS protection: Filters or rate-limits unauthenticated uplink messages;
- Onboard policy enforcement: enables local or cached policy decisions;
- Reusable testbed for testing regenerative payload implementation with S&F capabilities;
- O-RAN split options for secure 5G NTN regenerative payload systems;
- Secure edge computing capability in conjunction with the regenerative payloads in 5G NTN to integrate edge computing, allowing satellites to perform computations near the data source;
- Secure UE-Sat-UE communication services provided by zero trust architecture.
The system architecture consists of the following elements:
- gNb on satellite board;
- O-RAN split options for secure RU/DU/CU;
- AMF and AUSF on satellite board;
- NWDAF on satellite board;
- OAM agent on satellite board;
- Implementation of policy engine (PE) and Policy Decision Point (PDP) on the ground;
- Edge application and enabler servers on the satellite board and edge configuration server on the ground;
- UE-Sat-UE secure communication services.
The project plan is summarised as follows:
- To provide a Finalised Technical Specification of Milestone 1 in month 3 with details about zero trust functionalities in case of regenerative payload, S&F and edge computing 5G NTN architectures;
- To provide the Selected Technical Baseline of zero trust architecture for 5G NTN in Month 6, Milestone 2 with details on testbed framework and security testing tools;
- To provide a Verified Detailed Design of zero trust architecture for 5G NTN in Month 9, Milestone 3 with details about the security testing framework of each of the zero trust features;
- To provide a Implementation and Verification Plan of zero trust architecture for 5G NTN in Month 12, Milestone 4 with details on the development phase;
- To provide a Verified Deliverable Items and Compliance Statement of zero trust architecture for 5G NTN in Month 18, Milestone 5 with details about the verification methodology of the zero trust principles for 5G NTN;
- To provide a Technology Assessment and Development Plan of zero trust architecture for 5G NTN in Month 24, Milestone 6 that will establish the full ZTA-NTN framework.
The ZETA-NTN has already specified the zero-trust architecture and the relevant mechanisms in case of S&F, O-RAN split and edge computing scenarios.
