Cellular networks have become foundational to modern communication, supporting a broad range of applications, from civilian use to enterprise systems and military tactical networks. The advent of fifth-generation and beyond cellular networks (B5G) introduces emerging compute capabilities into the Radio Access Network (RAN), transforming it from a traditionally closed, vendor-locked infrastructure into an open and programmable ecosystem. This evolution, exemplified by Open-RAN (O-RAN), enables the deployment of control-plane applications from diverse sources, which can dynamically influence user-plane traffic in response to real-time events. As cellular infrastructures become more disaggregated and software-driven, security becomes an increasingly critical concern. Zero-Trust Architecture (ZTA) has emerged as a promising security paradigm that discards implicit trust assumptions by acknowledging that threats may arise from both external and internal sources. ZTA mandates comprehensive and fine-grained security mechanisms across both control and user planes to contain adversarial movements and enhance breach detection and attack response actions. In this paper, we explore the adoption of ZTA in the context of 5G and beyond, with a particular focus on O-RAN as an architectural enabler. We analyze how ZTA principles align with the architectural and operational characteristics of O-RAN, and identify key challenges and opportunities for embedding zero-trust mechanisms within O-RAN-based cellular networks.

翻译：蜂窝网络已成为现代通信的基础设施，支撑着从民用、企业系统到军事战术网络等广泛的应用。第五代及未来蜂窝网络（B5G）的出现将新兴计算能力引入无线接入网（RAN），使其从传统的封闭式、供应商锁定的基础设施转变为开放可编程的生态系统。以开放无线接入网（O-RAN）为代表的这一演进，使得来自不同来源的控制平面应用得以部署，并能根据实时事件动态影响用户平面流量。随着蜂窝基础设施日益解耦和软件驱动化，安全性成为愈发关键的问题。零信任架构（ZTA）作为一种新兴的安全范式，通过承认威胁可能来自外部和内部，摒弃了隐式的信任假设。ZTA要求在控制平面和用户平面部署全面且细粒度的安全机制，以遏制敌对行为，并提升漏洞检测与攻击响应能力。本文探讨了在5G及未来网络中采用ZTA的路径，特别聚焦于O-RAN作为架构使能者的角色。我们分析了ZTA原则如何与O-RAN的架构和运营特性相契合，并指出了在基于O-RAN的蜂窝网络中嵌入零信任机制的关键挑战与机遇。