The upcoming Sixth Generation (6G) network is projected to grapple with a range of security concerns, encompassing access control, authentication, secure connections among 6G Core (6GC) entities, and trustworthiness. Classical Virtual Private Networks (VPNs), extensively deployed in Evolved Packet Core (EPC) network infrastructure, are notoriously susceptible to a variety of attacks, including man-in-the-middle incursions, Domain Name System (DNS) hijacking, Denial of Service (DoS) attacks, port scanning, and persistent unauthorized access attempts. This paper introduces the concept of Software Defined Perimeter (SDP) as an innovative solution, providing an alternative to VPNs with the goal of fostering a secure zero-trust milieu within the 6G Core networks. We capitalize on the SDP controller-based authentication and authorization mechanisms to secure the EPC network's control and data plane functions, conceiving an architecture that is expansible to the 6G network. Further, we augment the SDP zero-trust capabilities via the incorporation of a dynamic component, the Moving Target Defense (MTD). This enhances the network's resilience against attacks targeting traditionally static network environments established via VPNs. Following rigorous testbed analysis, our proposed framework manifests superior resilience against DoS and port scanning attacks when juxtaposed with traditional VPN methodologies.

翻译：即将到来的第六代（6G）网络预计将面临一系列安全问题，包括访问控制、认证、6G核心（6GC）实体间的安全连接以及可信性。在演进分组核心（EPC）网络基础设施中广泛部署的传统虚拟专用网络（VPN）极易受到多种攻击，包括中间人入侵、域名系统（DNS）劫持、拒绝服务（DoS）攻击、端口扫描以及持续的未授权访问尝试。本文引入软件定义边界（SDP）的概念作为一种创新解决方案，提供VPN的替代方案，旨在在6G核心网络中营造安全的零信任环境。我们利用基于SDP控制器的认证和授权机制来保护EPC网络的控制面和数据面功能，构思了一种可扩展至6G网络的架构。此外，我们通过引入动态组件——移动目标防御（MTD），增强了SDP的零信任能力。这增强了网络对针对传统通过VPN建立的静态网络环境攻击的恢复能力。经过严格的测试平台分析，我们提出的框架在与传统VPN方法对比时，展现出了对DoS和端口扫描攻击的卓越恢复能力。