dNextG: A Zero-Trust Decentralized Mobile Network User Plane
ACM International Symposium on QoS and Security for Wireless and Mobile Networks (ACM Q2SWinet) 2023.
Recent technological and regulatory changes are paving the way to enable decentralized, zero-trust mobile network models. Properly secured decentralization allows or improves “inherently distributed” use cases such as military coalition mobile networks distributed between ally infrastructures or community-infrastructure networks. While zero-trust security has been flagged by the U.S. NIST as critical to modern networks, the security threats associated with decentralized mobile environments have not been thoroughly studied and have mostly focused on distributing only the Radio Access Network (RAN) portion of the mobile network, potentially leading to unreliable Quality of Service (QoS) and low security in the network core. We therefore introduce dNextG, a mobile core network user plane that provides a zero-trust security monitoring framework to enable reliable decentralization even in the presence of malicious internal network nodes. With dNextG, both centralized and decentralized node operators can run User Plane Functions (UPFs) and Base Stations without giving up any node control; instead, the nodes maintain a permissioned blockchain that tracks the average reputation of each node according to tamper-resistant connectivity tests that they must periodically perform on each other. We identify various types of malicious node threats including dropping or modifying traffic and lying about reputation, and design dNextG to overcome these threats and provide a long-term, reliable QoS. We implement and evaluate dNextG to illustrate that its design overcomes these threats and satisfies NIST’s Zero-Trust Tenets 5 and 7. We provide an open-source, instantly replicatable version of dNextG on the POWDER (Platform for Open Wireless Data-driven Experimental Research) platform.