dNextG: A Zero-Trust Decentralized Mobile Network User Plane

Abstract

Recent technological and regulatory changes are paving the way to enable decentralized, zero-trust mobile network. Properly secured decentralization allows or improves "inherently distributed'' use cases such as military coalition mobile networks distributed between allies or community-infrastructure networks. While zero-trust security has been flagged by the U.S. NIST as critical to modern networks, decentralized mobile network environment security threats have not been thoroughly studied and mostly focus on distributing only the Radio Access Network (RAN), potentially leading to unreliable Quality of Service (QoS) and low security in the network core. We therefore introduce dNextG, a mobile core network user plane that provides a zero-trust security monitoring framework to enable reliable decentralization even in the presence of malicious internal network nodes. With dNextG, both centralized and decentralized node operators can run User Plane Functions (UPFs) and Base Stations without giving up any node control; instead, nodes maintain a blockchain tracking node average reputation using tamper-resistant connectivity tests that they must periodically perform on each other. We identify various malicious node threats including dropping or modifying traffic and lying about reputation, then design, implement, and evaluate dNextG to overcome these threats and provide a long-term, reliable QoS. We provide an open-source, instantly replicable version of dNextG on POWDER (Platform for Open Wireless Data-driven Experimental Research).