Quantum-resilient cross-trust evaluation for zero trust 5G security

K Jeysuriya; P N Renjith; G Sudhakaran

doi:10.1038/s41598-026-44119-x

. 2026 Mar 29;16:10714. doi: 10.1038/s41598-026-44119-x

Quantum-resilient cross-trust evaluation for zero trust 5G security

K Jeysuriya ¹, P N Renjith ^1,^✉, G Sudhakaran ²

PMCID: PMC13039706 PMID: 41905999

Abstract

The growing complexity of multi-domain 5G networks exposes critical trust and authentication vulnerabilities that traditional security models cannot address, especially against emerging quantum-era threats. In this paper, we propose the Quantum-Resilient Cross Domain Trust Zero Trust Architecture (QCT-ZTA) model to address end-to-end resilience. Integrating blockchain-based federated trust management systems, cross-chain trust negotiations, and post-quantum cryptography will ensure optimal interoperability and resilience. This framework introduces a Quantum-Resilient Proof-of-Trust (QR-PoT) and dynamic cross domain trust scoring systems that mitigate Sybil, Denial of Service, and poisoning attacks. We utilized OMNeT++, Hyperledger Fabric, and liboqs for post-quantum cryptography to implement and evaluate the model on the 5G-NIDD dataset. The results show 88% accuracy in trust detection, a three-fold decrease in unauthorized access, and 35% better throughput stability, compared to the state-of-the-art models Zero-X and TQFL. This proves that QCT-ZTA provides a scalable and quantum-secure trust architecture that is compliant with the 5G and next-generation 6G infrastructures.

Keywords: Quantum-resilient security, Zero Trust Architecture (ZTA), 5G networks, Security Risk Reduction Index (SRRI), DDoS mitigation, Sybil attack detection.

Subject terms: Engineering, Mathematics and computing

Introduction

With the introduction of fifth-generation (5G) networks, the world is becoming connected like never before, through ultra-reliable low-latency communication, massive machine-type communications, and enhanced mobile broadband. They are the pillars of essential infrastructures such as smart cities, autonomous transportation, industrial automation, and telemedicine^1–3. Nevertheless, 5G architectures, based on their complexity, heterogeneity, and decentralisation present the problems of a new set of security challenges that cannot be tackled using traditional network security measures.

In comparison with the preceding generation, the 5G ecosystems are heavily dependent on the network function virtualization, software-defined networking, and open interfaces like O-RAN, which means an expanded attack surface⁴. The devices on these networks usually have minimal computational and security features and are therefore exposed to various types of cyber threats such as Distributed Denial-of-Service attacks, malware spread and zero-day attacks. According to Fig. 1, the critical areas of 5G security are closely connected to quantum threats, trust models, and edge computing risks. Drifting towards edge computing and the need to combine third-party services and multi-vendor elements exacerbate risk in the supply chain, as do the increasing odds of localised attacks and resource depletion crises.

Fig. 1 — Knowledge-based introductory diagram in quantum-resilient zero trust security.

One of the critical issues is the fact that 5G networks involve multi-trust domains. The services are provided in various heterogeneous domains governed by different stakeholders, such as cloud service providers, mobile network operators, and individual vertical industries⁵. Conventional perimeter-based security devices and systems, such as firewalls and static intrusion detection systems, are unsuitable in dynamic environments because they require fine-grained trust in circumscribed territories, making their model inapplicable to the distributed and federated 5G environment.

The increasing quantum threats worsen the situation. Authentication, key exchange mechanisms, and digital signature algorithms are at serious risk of becoming obsolete due to the imminent rise of quantum computing. Additionally, the expansion of trust-based technologies, such as vehicular networks, metaverse platforms, and other critical IoT networks, necessitates adaptive, verifiable, and quantum-resistant trust systems capable of operating in real-time with the longitudinal variability of the network^6,7.

In addressing these difficulties, this paper suggests a Quantum-Resilient Cross-Trust Zero Trust Architecture (QR-ZTA) that is 5G and beyond network independent. We base our framework on the idea of never trusting, always verifying, and we repeatedly measure the trust at the device, network slice, and cross-domain levels. The architecture integrates:

Post-quantum cryptography to ensure resilience against quantum adversaries.
Blockchain-based trust management for decentralized and tamper-proof trust intelligence sharing.
Cross-chain trust evaluation mechanisms to enable secure interoperability between multiple administrative domains.
Behavior-aware trust scoring that fuses real-time monitoring with historical context to detect anomalies and internal threats.

The contributions of this work are threefold. First, we introduce QR-ZTA, a quantum-resilient zero-trust architecture that integrates post-quantum cryptography, behavioural access profiling, slice-aware enforcement, and a cross-chain trust evaluation mechanism designed for heterogeneous 5G environments. Second, we develop a cross-chain trust translation and weighted consensus mechanism that enables federated trust computation across multiple blockchain networks, ensuring interoperability and robustness even under inconsistent or adversarial trust inputs. Third, we conduct extensive simulations using the 5G-NIDD dataset, a Python-based behavioural analytics engine, and a lightweight blockchain emulation layer to evaluate trust accuracy, SRRI, latency, throughput, and scalability up to 50,000 nodes under diverse attack scenarios, including Sybil, spoofing, replay, and volumetric DoS attacks.

The remainder of this paper is structured as follows: section “Related works” reviews existing security models and identifies gaps in current 5G trust frameworks. Section “Proposed model” presents the proposed QR-ZTA architecture and its core components. Section “Experimental setup” details the simulation setup and experimental methodology. Section “Results and discussion” discusses the results and comparative analysis against baseline models. Finally, section “Conclusion” concludes with insights on deployment feasibility and future research directions.

Related works

In this section, a literature review is outlined to provide a clear picture of the research arena that is relevant to this study. The review is critical in examining past articles in major thematic areas and defining existing methodologies, technological developments, and theories that have guided and developed the knowledge so far. Particular emphasis is paid to works focusing on security architectures, evaluating trust, and maximising performance in systems with networked entities, mainly in autonomous and next-generation communication systems. Table 1 provides a summary of related works on Quantum-Resilient Cross-Trust Evaluation. By synthesising insights from these sources, this section not only highlights the strengths and limitations of existing approaches but also uncovers research gaps that the proposed work aims to address. Such contextual background ensures that the further methodology is based on well-proven ideas while extending the concept beyond the possibilities of previous research.

Table 1.

Summary of quantum-resilient cross-trust evaluation.

Ref	Year	Focus	Methods used	Key contributions	Limitations	Research gap
⁷	2024	ZSM-based framework for autonomous security management in B5G V2X to mitigate DDoS	ZSM-compliant management, AI-driven optimization	Autonomous DDoS mitigation, SSLA-driven reconfiguration, standards integration	Content delivery and task offloading challenges; MEC DDoS vulnerability	Lack of integration with blockchain and post-quantum cryptography
⁸	2024	AI-based ZTA for dynamic trust evaluation in AV networks	Machine learning trust scoring, adaptive policy enforcement	Adaptive trust management, improved security accuracy	Model drift in dynamic environments	No quantum-resilience or cross-domain trust mechanism
⁹	2020	Blockchain-based trust in V2V communication	Consortium blockchain, smart contracts	Tamper-proof trust records, decentralized consensus	Latency in high mobility; blockchain overhead	No integration with AI-driven adaptive risk models
¹⁰	2019	Post-Quantum Cryptography (PQC) in 5G networks	Lattice-based cryptography, hybrid encryption	Resistance to quantum attacks, secure key exchange	High computational cost; limited scalability	No link to trust evaluation in dynamic AV ecosystems
¹¹	2023	Hybrid AI-Blockchain model for IoT security	Federated learning, blockchain ledger	Decentralized threat detection, privacy preservation	High training overhead, device heterogeneity	No PQC integration or cross-trust verification
¹²	2024	Secure V2X with edge-enabled ZTA	MEC security, context-aware access	Low-latency secure access, policy enforcement near edge	Edge nodes as attack targets; MEC resource limits	Missing quantum-resilient layer and trust adaptation
¹³	2023	Deep learning IDS for vehicular networks	CNN-LSTM anomaly detection	High accuracy in detecting complex attacks	High resource usage; requires large datasets	Not aligned with ZTA or PQC resilience
¹⁴	2025	Trust-based routing for MANET/IoT	Weighted trust metrics, secure route selection	Improved routing security, resilience to insider attacks	Performance drops under large-scale attacks	No blockchain or PQC-based trust assurance
¹⁵	2024	ZTA for smart grid cyber-physical security	Micro-segmentation, continuous verification	Improved resilience to targeted attacks	Lacks V2X mobility and high-speed adaptability	Not designed for AV or B5G ecosystems
¹⁶	2025	QR-ZTAfor 5G networks (Proposed)	Cross-chain blockchain trust, PQC, adaptive AI trust engine	Quantum-resilient, scalable, adaptive trust with reduced attack surface	Under evaluation in large-scale deployment	Extends ZTA to AV/B5G with integrated PQC & blockchain

Open in a new tab

Newer reputation-based security protocols like PPDR (Privacy-Preserving Dual Reputation Management)²³ and PPRU (Privacy-Preserving Reputation Updating)²⁴ have enhanced trust computation in vehicular and cloud-enabled V2X scenarios. PPDR uses a dual-reputation model, evaluating intra-platoon and inter-platoon behaviour separately, while group signatures ensure identity privacy. However, its assessment of trust is done within a single-domain vehicular context, it does not allow cross-domain trust sharing or blockchain-backed auditability. Like other useful tools, PPRU facilitates lightweight reputation updates in a privacy-preserving manner using pseudonymization and homomorphic aggregation. However, classic cryptographic operation and centralised cloud coordination impede its deployment in largescale, heterogeneous 5G networks. Both schemes are missing quantum-resilient authentication and cross-chain trust interoperability, central to next-generation zero-trust architecture. The new QR-ZTA incorporates blockchain-based trust spreading, post-quantum cryptographic technological parts, and mutual-domain trust evaluation that allows expandable and verifiable trust computation out of vehicular networks.

In the paper⁷, a literature survey is conducted on two essential areas of beyond-5G (B5G) networks: security concerns in Mobile Edge Computing (MEC)-based services of Vehicle-to-Everything (V2X) and network orchestration in network management. Particularly, when the MEC decentralised infrastructure is augmented with V2X, it considerably expands the attack surface, making Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks the predominant threats to the MEC architecture that disseminates vehicular services. Although time-tested countermeasures like firewalls and intrusion detection systems can provide basic protection, they cannot effectively resist zero-day attacks and dynamically changing attack patterns. Novel methods investigate trust-based hybrid schemes, supervised learning, and reinforcement learning (RL) as recent techniques for achieving context-aware and adaptive security, with deep RL becoming popular in managing malicious vehicular traffic. ETSI efforts to standardise have added secure APIs and authentication to the MEC security. Orchestration in parallel is central to network and service administration zero-touch (ZSM), aiming to automatically complete network operations as much as possible by using artificial intelligence (AI) to make network management decisions.

Nevertheless, orchestration in B5G networks is subject to pitfalls, including the complexity of slice management, lack of security orchestration and the introduction of new ways of attack due to automation itself. Although end-to-end (E2E) slice provisioning and RAN orchestration have been studied in protocols such as C-RAN and O-RAN systems, the issue of incorporating security provisioning and enforcement as part and parcel of orchestration procedures, particularly in the V2X context, has not been accorded ample attention. To fill such gaps, this paper suggests a ZSM-based framework in which E2E slices are monitored around the clock with customised agents. These agents automatically take action to realise a countermeasure once a threat is observed, offering adaptive and resilient security in next-generation automotive networks.

Paper⁸ provides an extensive survey of cybersecurity challenges in Connected and Automated Vehicles (CAVs) and IoV systems, particularly focusing on zero-day attack detection for 5G and upcoming 6G networks. It highlights the limitations of conventional supervised IDS methods and analyzes emerging paradigms such as anomaly detection, Open-Set Recognition (OSR), and Federated Learning (FL). The authors identify weaknesses in centralized FL—including privacy leakage, single-point failures, and vulnerability to poisoned updates—and emphasize the need for blockchain-enabled and adaptive IDS models. Their proposed Zero-X framework integrates deep neural networks, OSR, and FL with a Proof-of-Accuracy consensus protocol to achieve privacy-preserving, high-accuracy intrusion detection. While Zero-X advances IDS scalability and zero-day resilience, it does not address cross-domain trust interoperability or quantum-resilient identity protection, which are core objectives of QR-ZTA.

The work in⁹ introduces a unified secrecy-analysis model based on the Mixture of Gaussian (MoG) distribution, enabling accurate representation of a wide variety of fading channels—such as Rayleigh, Rician, Hoyt, α-µ, κ-µ, and generalized-K—without requiring explicit knowledge of their probability density functions. Unlike traditional solutions based on Mixture Gamma (MG) or Fox-H distributions, which require closed-form channel PDFs/CDFs, the MoG model provides a flexible approximation framework using expectation-maximization parameter estimation. This allows deriving secrecy metrics such as secrecy outage probability, probability of non-zero secrecy capacity, and average secrecy capacity even under ambiguous or composite fading conditions. The MoG approach strengthens physical layer security (PLS) modelling for next-generation wireless systems but remains complementary to higher-layer trust and access-control solutions addressed by QR-ZTA.

Trust and reputation systems in vehicular networks are highly sensitive, as malicious users can inject falsified messages that threaten safety and traffic flow¹⁰. Early approaches, both centralized and decentralized, explored data-centric trust, misbehaviour authorities, contextual systems, and infrastructure-based voting, but centralized models suffer from privacy risks and single points of failure. Decentralized methods—including local experience–based scoring, weighted voting, and blockchain-assisted mechanisms—address these limitations by removing reliance on a trusted intermediary. TrustVote extends this direction through a crowdsourced, privacy-preserving reputation model using homomorphic encryption and weighted aggregation, enabling flexible and infrastructure-free trust management for IoV. Similarly, TQFL¹¹ mitigates poisoning attacks in Federated Learning within B5G networks by integrating trust-aware deep Q-learning, improving the reliability of collaborative model training across network slices.

In contrast to previous solutions that deal with either data or model poisoning, this isolation, or they depend on computationally intensive blockchain-based approaches, TQFL incorporates deep reinforcement learning to be able to choose trusted participants in FL rounds dynamically and uses dimensionality reduction (PCA, LDA) and clustering (K-means or KNN) to recognize and eliminate poisoned updates. With a realistic latency information set created using the OpenAir interface to AMF KPIs, the framework demonstrates high resilience to poisoning attacks, ensuring high global model accuracy. Its performance, compared to existing traditional detection methods, makes it a suitable and adaptive defence for B5G FL settings.

The article¹² examines security and trust challenges in emerging 6G networks and proposes a Zero Trust 6G model that extends the zero-trust paradigm beyond operational security to include software development assurance. With 6G expected to rely heavily on AI/ML-driven, software-defined functionalities and stringent requirements such as ultra-low latency and energy efficiency, the authors emphasize integrating secure practices throughout the software development lifecycle via DevSecOps, agile methodologies, and CI/CD pipelines. They argue that AI/ML introduces both opportunities for improved vulnerability detection and new attack vectors, necessitating an “assume-breach” mindset across development and operational layers. In parallel, article¹³ presents SysFlow, a programmable system-security framework that advances zero-trust principles from network-centric control to system-centric visibility by modelling system activities as structured flows. Its two-layer architecture—comprising a data-plane engine for real-time enforcement and a controller for centralized policy management—enables fine-grained programmability for micro-segmentation and risk-aware decision making, addressing limitations of traditional perimeter and host-based mechanisms. SysFlow further supports both reactive and proactive security programming models, offering system-wide visibility of runtime operations with negligible performance impact (e.g., file-operation latency increasing only from ~ 487 to 876 µs). Its scalability across thousands of hosts and efficient flow-rule management address key gaps in Zero Trust Architectures by providing unified abstractions and flexibility for developing fine-grained security applications in dynamic environments.

In¹⁴, a zero-trust–enhanced network-slicing model integrating SRv6 and Graph Convolutional Neural Networks is proposed to reduce routing complexity and strengthen B5G/6G slice security. The five-layer architecture enables fine-grained policy deployment, real-time traffic perception, and optimal path computation across diverse services (eMBB, mMTC, URLLC), demonstrating improved service acceptability and reduced delay relative to existing approaches. Complementing these advances, the work in¹⁵ introduces a blockchain-based cross-domain data-sharing framework for zero-trust cloud–edge–end systems, combining ECC-ElGamal Plaintext Checkable Encryption with sharded Byzantine Fault Tolerance to ensure confidentiality, scalability, and fairness. Two protocols—PT-CDDS and ZT-CDDS—are designed to support secure sharing under partial-trust and zero-trust assumptions, with formal guarantees of consistency and liveness and high performance (> 1000 requests/s, < 1000 ms latency) under large-scale parallel workloads.

In the paper¹⁶, a dynamic access control model of cloud computing that combines zero-trust and deep reinforcement learning has been proposed to overcome the limitations of existing paradigms, such as RBAC, MAC, and ABAC, to handle changing cyber threats as well as the high dynamism of clouds. The described models of Trust-Based Access Control (TBAC) and Dynamic Rule TBAC (DR-TBAC) base the assessment of user behaviour (trust) on LSTM and on Markov Decision Process and Deep Q-Network (DQN) to update trust threshold and access control rules in real time, respectively. Designed in a zero-trust architecture, the system was trained and tested with OpenStack logs and shows better security authorisation precision, 19 per cent more precise than static RBAC, and is resistant to normal and malicious behaviour by continuously tracking user activity and automatically optimising access privileges.

The study in¹⁷ investigates how the use of the mobile social networking platform WeChat influences social trust in China, using nationally representative CGSS 2018 data (n = 12,010). Through Ordered Probit modelling with BK, Sobel, and KHB mediation tests, supported by robustness checks (IV, PSM), the authors show that WeChat significantly enhances social trust, with offline social networks mediating 36.6% of the effect. Results also reveal digital inequality, as trust benefits are strongest among young, educated, and urban users. Although this work contributes to understanding trust formation in digital ecosystems, it does not address network-level security or zero-trust enforcement, which QR-ZTA targets.

The work in¹⁸ proposes DzTrust, a distributed zero-trust framework for Airborne Wireless Sensor Networks (AWSNs) designed to overcome the vulnerabilities of centralized authentication, particularly against insider threats. DzTrust employs lightweight Certificateless Aggregation Signcryption (CLASC) and a dynamic trust evaluation module supported by a Regularised Behaviours Data Blockchain (RBD_chain), which records node behaviours and updates trust using a time-decayed Beta distribution. This enables continuous pre-launch and in-operation authentication that adapts to behavioural risk. Security analysis shows strong resistance to eavesdropping, replay, impersonation, and MITM attacks, while performance results demonstrate low computational/communication cost and improved detection of compromised nodes. Unlike QR-ZTA, however, DzTrust does not incorporate cross-chain trust, slice-aware enforcement, or quantum-resilient protection.

In the paper¹⁹ tackles the issue of architecture in relation to unintegrated environments in industrial contexts. Their unique frameworks are distinct from prevailing architectures, as the latter are merely adjunctively interested in the complexity of these workplaces. The author proposes teaching machines not to detect and issue alerts of an approaching attack merely, but to take preemptive, real-time counteraction. The integration of ML and DL improves upon the traditional intrusion systems, which are centralised, expensive, and unreasonably designed for lightweight devices such as the IoT. Their architecture’s three focal points are the connection of industrial units, AI-driven zero-trust strategies, and secure Internet communication enforced with VPNs and tunnels for safe data transit. These structures facilitate protection surface identification, data flow design, and cohesive policy strategy consistently to formulate a defence perimeter strategy. Standard models like Random Forest, Logistic Regression, and more powerful Deep Learning models trained on standard datasets like the CIC-IDS, Vizsec-UGR16, and Kaggle Network Security are employed. As per the simulations, both controllers showcased an increase in efficiency, alongside an uncontrolled spike in resource expenditures. The AI models conserved 13.1 per cent of computational resources, achieving 97.4 per cent accuracy, while the deep learning models consumed 98.7 per cent of resources and were 17.3 per cent accurate. The AI-based zero-trust architecture is an elegant and efficient solution to real-time intrusion monitoring, and in practical use, it is a remarkable advancement in the field of IIoT security.

The evolving cloud and edge landscape introduces new challenges—such as insider attacks, data breaches, and degraded service components—that traditional security models struggle to address. To mitigate these issues, SmartTrust²⁰ proposes a hybrid deep-learning architecture that applies Zero-Trust principles across multi-tier cloud environments, continuously validating access requests through identity, device health, contextual cues, and behavioural features. SmartTrust integrates CNNs, LSTMs, and Transformers with reinforcement learning and blockchain-backed event logging to detect sophisticated attacks, achieving over 99% accuracy on benchmark datasets, though at the cost of increasing computational demand. In parallel, several domain-specific authentication systems have been introduced. A blockchain-assisted anonymous authentication protocol for smart grids²⁵ leverages blockchain and fog computing to improve privacy and reduce latency, but does not support cross-domain trust or post-quantum security. HM-6G+²⁶ presents a lightweight smart-contract–based authentication scheme for 6G tactile Internet healthcare systems, focusing on efficiency but lacking quantum resilience and interoperability across trust domains. Deep-learning work in²⁷, although not security-focused, demonstrates advances in behavioural and pattern recognition that can complement behavioural trust inference in architectures like QR-ZTA. Blockchain-based secure authentication for EHR systems²⁸ and the lightweight IoEPM+ framework for pollution-monitoring IoT systems²⁹ improve domain-level security and performance but do not incorporate zero-trust enforcement, cross-chain trust consensus, or PQC capabilities required for heterogeneous 5G/6G environments.

Beyond terrestrial networks, BZTSEE²¹ proposes a zero-trust and blockchain-enhanced security and energy-efficient framework for 6G-enabled underwater acoustic sensor networks—addressing hostile marine environments where energy constraints and communication reliability are critical. BZTSEE dynamically computes trust without centralized control and leverages blockchain to ensure integrity and resiliency against node compromise, enabling efficient isolation of malicious devices and extending sensor lifespan. Although effective for underwater UASN systems, it remains domain-specific and does not address multi-chain trust interoperability or quantum-era threats, both central to the QR-ZTA model.

Research gap

Although several studies have explored blockchain-assisted authentication, lightweight security frameworks, and emerging post-quantum protection mechanisms, existing approaches still exhibit significant limitations when applied to large-scale 5G and beyond networks. These gaps become more evident when considering heterogeneous environments that require continuous trust evaluation, decentralized decision-making, and interoperability across multiple administrative or technological domains.

Cross-domain interoperability

Each of these papers examines zero-trust implementation in specific arenas: vehicular networks, cloud computing, and IoT systems. However, no studies have focused much on the seamless integration in heterogeneous environments. In particular, not much has been done on creating coordinated zero-trust policies across the cloud-edge-IoT spectrum, mechanisms to relay trust between distinct network paradigms, and zero-trust models in heterogeneous networks that meld together terrestrial networks with satellite and undersea networks.

Human-centric zero-trust

One of the most significant gaps found in the research literature is that it focuses mainly on the technical implementation of the zero-trust system, but almost nothing on the human aspect. In particular, limited studies have been conducted on the usability of zero-trust approaches in practice, and minimal research has been done on modelling behavioural trust, considering the differentiation between human users and automated systems. Moreover, one rarely finds studies focusing on resilience to social engineering attacks in zero-trust frameworks, and little regard has been given to the effects of continuous authentication mechanisms on users’ cognitive load.

Economic and business model implications

The relevant literature on the topic of interest is sparse and has not yet provided pertinent insights on the business and economic feasibility of zero-trust deployments. Existing research lacks a cost-benefit analysis and trade-offs of implementing zero-trust architectures at different organisational scales, and it does not provide watertight ROI models applicable to various industries. Additionally, economic incentives for developing collaborative zero-trust solutions within a multi-stakeholder environment are not extensively explored, and no studies have examined the insurance and liability models of zero-trust-secured system frameworks.

Long-term sustainability and evolution

One of the current research issues in the zero-trust approach is the low emphasis on system longevity and flexibility. Existing research seldom focuses on developing quantum-resistant zero-trust architectures for the post-quantum world or on designing self-evolving trust models that can adapt to rapidly changing threat levels. Furthermore, approaches to legacy implementation as part of a gradual adoption of zero-trust are not well-researched; the environmental impact and energy footprint of these processes are also insufficiently explored.

Though the research environment in zero trust is fast advancing, it encounters a significant discrepancy in cross-domain integration, human factors, and standardisation. In future studies, there is an immediate need to focus on practical interoperability, long-term sustainability, and human-centred design, as well as to create meaningful assessment frameworks and common standards. This will need multi-pronged academia, industry and standardisation organisation activities that bridge the chasm between viable and deployable zero-trust solutions on the next-generation networks.

Challenges in 5G security

The rapid adoption of 5G networks introduces a wide spectrum of security challenges stemming from massive device connectivity, network slicing, distributed edge infrastructures, and highly dynamic trust relationships. These complexities create new attack surfaces and amplify the limitations of traditional perimeter-based models, demanding continuous verification and adaptive protection mechanisms.

Threat analysis

New features of 5G networks include network slicing, ultra-reliable low-latency communications (URLLC) and massive machine-type communications (mMTC), all of which present a larger attack surface. Compared to 4G, which was based on a highly centralised architecture and hard perimeter, the lack of centralised controls and the ability to support third-party services means that the perimeter-based defences mainly used in 4G are outright ineffective with 5G.

Although the 5G Authentication and Key Agreement protocol compares favourably to its 4G predecessor as part of a long-standing trend towards greater resistance to identity probing and fake base station attacks, it still fails to guard against malicious incursion due to legitimate but compromised user equipment. Although an encryption standard like TLS 1.3 can provide encrypted communication channels, it does not certify the intention or actions derived from access, thus making the system vulnerable to internal and advanced persistent threats. Network virtualisation, edge computing and integrations of third-party services are key concerns in emerging security threats of 5G. Attackers are focusing on rising attack patterns to infiltrate access points, as there is service exposure at the edge and vulnerabilities in cloud-native parts of the software. The discussed attack vectors highlight the importance of behaviour-aware and trust-founded access control tools, especially at the network event, where a significant risk activity is conducted.

DDoS attacks

The significant usage of connected devices, especially IoT endpoints that are less secure, enhances the phenomenon of Distributed Denial-of-Service attacks in 5G. Attackers can saturate solid network slices or edge capabilities, leading to degraded service quality or the denial of critical applications like remote surgery or autonomous driving.

Malware propagation

Shared infrastructure, multi-access edge computing platforms, insecure edge nodes and other areas of point vulnerability in 5G have the potential to spread malware quite quickly. These include ransomware, spyware and rootkits that cannot only affect the privacy or the availability of information, but can also affect other areas because slices are connected.

Zero-day exploits

The open-source components and software-defined infrastructure used in 5G make it more vulnerable to zero-day exploits. Attackers are likely to deploy rogue code or exploit previously unknown vulnerabilities in virtualised network functions, which in turn causes a breach of trust in critical service chains.

Security challenges

The transition to highly distributed, software-defined, and virtualized architectures in 5G introduces new security complexities that exceed the capabilities of traditional perimeter-based models. To contextualize these risks, the following subsections outline key challenges arising from decentralized infrastructure, dynamic mobility, and heterogeneous trust domains.

Decentralized infrastructure

5G does not operate on centralized architectures, and therefore it is more difficult to implement homogeneous security policies. In distributed control planes and edge-based computing, it would be complicated to have uniform trust models and enforce access control across domains.

Network slicing

In 5G, every network slice is customized to suit special applications such as healthcare, industrial automation with specific security needs. If one slice suffers failure, then it is an important task to avoid letting it spread horizontally to other slices. Heterogeneous Devices and Applications. 5G enables billions of and heterogeneous devices - such as smart phones, sensors, connected vehicles and vehicles to have diverse capabilities and trust profiles. It is in itself a hard task to ensure coherent security postures on such an extensive numbers of devices.

Multi-vendor integration and third-party

Supply chain risk is increased by open interfaces such as O-RAN and by the use of third-party services. The security should consider the vulnerables created by varying vendors, custom APIs, and unregulated integration. Latency and security boundary. Demand real-time decision-making at the edge constrains time and resources that can be spent on conventional security checks. Lightweight mechanisms based on reliable trust evaluation are necessary to work in such limited environments.

Quantum threat readiness

With advances in quantum computing, the existing cryptographic protocols are subjected to obsolescence. Future-proofing 5G security should be made by preparing to implement post-quantum cryptography and quantum-resilient trust frameworks.

Proposed model

The developed immediacy of 5G networks has rearranged connectivity paradigms, enabling ultra-low latency, the integration of a vast number of devices, and communication across cross-domain criteria. Nevertheless, this change gives rise to new security concerns that have never been witnessed before, especially with decentralised architectures, heterogeneous devices and the growing reliance on trust-sensitive applications like autonomous vehicles and telemedicine. To overcome such complexities, we present a Quantum-Resilient Cross-Trust Zero Trust Architecture (QR-ZTA) a modular architecture whose purpose is to consolidate Zero Trust, blockchain-based trust management, and post-quantum cryptographic principles. The algorithm exemplifies the Quantum-Resilient Cross-Trust Evaluation of Zero Trust 5G security. Unlike production-based perimeter-centric security solutions, QR-ZTA conducts vigilant trust assessments on an ongoing basis, basing trust on actions and using inter-chain trust negotiation to facilitate the secure interoperability of siloed domains of commerce Fig. 2. The shorthand name, representing the Quantum-Resilient Cross-Trust Zero Trust Architecture. The use of quantum-safe cryptography will safeguard the model against new quantum-based threats, while slice-aware enforcement mechanisms will ensure that security policies meet the unique needs of each 5G network slice. Figure 3 represents architecture diagram Quantum-Resilient Cross-Trust Evaluation for Zero Trust 5G Security. The five layers of QR-ZTA have been identified and presented in the following subsections, along with the underlying mathematics that form the background of dynamic trust computation, cross-domain consensus, and automated access control.

Fig. 2 — Citation–concept network graph illustrating the relationships between related works and conceptual modules for *Quantum-Resilient Cross-Trust Evaluation*.

Fig. 3 — Quantum-resilient cross-trust zero trust architecture (QR-ZTA ).

graphic file with name 41598_2026_44119_Figa_HTML.jpg — **Algorithm 1** For quantum-resilient cross-trust evaluation for zero trust 5G security.

In response to the emerging security threats of 5G networks specifically, in highly trust-demanding conditions with decentralized and heterogeneous domains, a Quantum-Resilient Cross-Trust Zero Trust Architecture has been introduced in this research paper. As shown in Fig. 3, the system combines Zero Trust architecture, blockchain-enabled trust control, and quantum-secure cryptographic schemes that describe dynamic, verifiable, and cross-domain access control.

The proposed architecture consists of five interrelated layers, each contributing to a comprehensive and future-proof security posture:

Our novel contribution of QR-ZTA is to tackle the emerging security risks of 5G networks with a combination of decentralization, heterogeneity, and high-trust requirements. The framework combines the Zero Trust framework with blockchain-based trust management and quantum-safe cryptographic protocols to provide dynamic, verifiable and cross-domain access control appropriate in next-generation 5G environments. The given architecture Fig. 4. consists of five interdependent layers, which help to achieve a holistic understanding of the security posture and would be future-proof.

Fig. 4 — Architecture diagram quantum-resilient cross-trust evaluation for zero trust 5G security.

Zero trust control plane

The Zero Trust concept of a never-trust, always-verify is central to QR-ZTA. Figure 5. reflects this in the Flowchart of Quantum-Resilient Cross-Trust Evaluation of Zero Trust comprehensively 5G Security. This layer, unlike predecessor legacy perimeter- based security models consistently reviews user equipment (UE), services and applications before allowing or continuing their access. Every administrative domain has its local TPSS, which tracks the behavioural patterns, applies security policies and calculates trust scores on the basis of real-time analytics.

Fig. 5 — Flowchart of quantum-resilient cross-trust evaluation for zero trust 5G security.

The parameters for the weights α,β, and γ in the trust scoring model, and the thresholds δ and θ used in the anomaly detection process, were first chosen for purposes of conceptual soundness and alignment with similar models for practice-to-theory bridging in the field based on existing practices and suggestions available in the appropriate literature. Table 2 shows the parameters with the weight. The weights, in particular, the ratios among real-time behavioural evidence, historical context and contextual risk, and behavioural evidence are bounded by α + β + γ = 1. Detection thresholds were established according to statistical principles by studying the distributions of points classified as usual and those designated as anomalies, with the desire to achieve an optimal balance of sensitivity and specificity. Those initial values underwent refinement based on evidence acquired from simulations in numerous attack configurations, where the goal was to achieve optimal values for detection accuracy, system responsiveness, and the ratio of false positives. The final parameter values reported represent the best trade-off value from the entire range of performance metrics, convergence from robustness to variations in adversary behaviour, and performance bound of detection accuracy and false positive rate.

Table 2.

Parameter table.

Parameter	Symbol	Value
Learning rate	η	0.001
Trust weight	α	0.7
Behavior weight	β	0.2
Risk weight	γ	0.1
Detection threshold	δ	0.5

Open in a new tab

Parameter tuning for QR-ZTA was performed using a grid-search strategy over predefined ranges for α, β, γ, the anomaly threshold δ, and the sigmoid threshold θ. A held-out validation subset comprising 20% of the 5G-NIDD dataset was used exclusively for tuning to avoid overfitting. Each parameter configuration was evaluated using a composite score that combined trust-detection accuracy, SRRI improvement, and inference latency, reflecting the multi-objective nature of the framework. The selected parameters represent the configuration that achieved the best balance across these metrics while ensuring stable convergence under both benign and adversarial traffic.

Each administrative domain is denoted by D_i, where i = 1,2,…,n.

Each domain manages a set of entities or nodes N_ij, where j is the node index within domain i.

Time is discrete and indexed by t∈N.

B_ij(t) be the observed behavioral vector of node N_ij at time t.

B_ij(t)∈R^k where each component represents a behavioral metric (e.g., message frequency, anomaly score, resource access).

A policy function Pi:Rk→[0,1] for domain Di which outputs a compliance score:

T_ij(t) denote the trust score of node Nij at time t, computed as a function of past behaviors and policy compliance.

Where:

α ∈ [0,1] is a memory factor indicating how much past trust is retained.

This equation uses an exponentially weighted moving average of compliance to compute trust.

Inline graphic - is the history of observations.

f- rule-based function for trust score estimation.

θ – Value varies according to the application.

Behavioural access profiling

This capability does real-time capture and analysis of UE interactions and provides detection of anomalous behavior in unauthorized lateral movement, privilege escalation, or misuse. The dynamic trust score, T(u, t) of a device or user ‘u’ at time ‘t’ is calculated as a weighted aggregate of behaviour, past trusted and contextual risk variables:

where:

B(u, t) is the real-time behaviour score.

H(u) represents historical trust.

R(u, t) denotes contextual risk.

α,β,γ are tunable weights with α + β + γ = 1.

Access decisions follow the threshold policy:

Behavioral anomalies are detected using the Mahalanobis distance DM(x⃗) to measure deviations from normal behavioral profiles:

where Inline graphic is the observed feature vector, the mean, and Σ the covariance of normal behavior. A threshold δ classifies behavior as normal (DM ≤ δ) or anomalous (DM > δ).

To smooth evaluation of behavioral deviations, a sigmoid function transforms raw scores s(u, t) into behavior scores:

with threshold θ and steepness parameter k.

Policy compliance is captured by a binary satisfaction function f_i(u, t) for each policy pi in a set P. The overall compliance score is:

yielding a refined trust score:

Access is denied if anomalous behaviour or policy violations yield Inline graphic ensuring safety against non-compliant or suspicious entities.

graphic file with name 41598_2026_44119_Figb_HTML.jpg — **Algorithm 2** Quantum-resilient cross-chain trust evaluation and enforcement.

Step 1: Behavioural trust profiling

Collect user activity vector X_i = [x₁,x₂,…,x_n] Behavioural trust score

where.

σ is an activation function (e.g., sigmoid).

W_b is the behaviour weight matrix,

b is a bias term.

Step 2: Blockchain-based trust Ledger interaction

Retrieve existing trust record

Execute smart contract for trust re-evaluation

Inline graphic

where α ∈ [0,1] controls influence of historic trust.

Step 3: Cross-chain trust translation and consensus.

Each participating chain is assigned a credibility weight Inline graphic that determines its influence on the aggregated cross-chain trust score. The weight is computed using a composite of historical reliability, stake or participation level within the federation, and the consistency of trust evidence contributed by that chain. These weights are adaptive rather than static; they are periodically updated based on recent deviation patterns, cross-chain agreement rates, anomaly frequency, and trust-report validity. Chains showing inconsistent or inflated trust values gradually receive reduced weights, whereas chains demonstrating stable and reliable reporting behavior gain greater influence in the consensus. This adaptive weighting enhances robustness against misconfigured, low-quality, or potentially compromised chains.

Convert external trust score T_ext to local format using translation function ϕ

where M is the trust mapping matrix.

Compute aggregated trust score via weighted consensus

where w_k is the credibility weight for chain k.

Step 4: Quantum-resilient cryptographic protection

Lattice-based encryption of data payload P

where LWE is a Learning With Errors scheme, and pub_i is the public key.

Verify quantum-secure identity token QID_i

where H is a post-quantum secure hash function.

Step 5: Slice-aware trust enforcement.

Access decision based on threshold

0, otherwise.

where θj is the slice-specific trust threshold.

Inter-slice containment enforcement

Access slice=Contain(S_j, T_i′, Ct).

Step 6: Trust update and audit logging

Final trust score recorded in ledger

Blockchain-based trust ledger

QR-ZTA leverages a permissioned blockchain as a Global Trust Registry to maintain interoperable and tamper-proof records of trust scores, audit trails, and security events across Trust Policy Support System domains, ensuring transparency and resilience. This registry operates as a distributed ledger L, where each transaction τ_i records data such as trust scores T(u, t), policy compliance events, and security alerts, with i indexing sequential ledger entries. The immutability of L is enforced by cryptographic hashing links between blocks Bj such that Hash(B_j) = H(B_j−1∥Tx_sj), ensuring tamper-proof provenance. Embedded within this ledger, smart contracts S automate and enforce consistent cross-domain trust evaluations and policy compliance verification by executing predefined rules R_k on-chain, e.g., validating that T(u, t)≥τ ⇒ access approval, or triggering revocation when violations are detected.

Let Ledger L A distributed, append-only, permissioned blockchain.

where each τ_i is a transaction recording:

Inline graphic : Trust score of user u_i at time t_i.

C Inline graphic : Policy compliance event.

A Inline graphic : Security alert or audit flag.

A block contains a set of transactions Tx_sj⊂L and is linked by:

H: Collision-resistant hash function.
∥: parallel: Concatenation operator.

A smart contract function fS(τ_i) evaluates trust conditions and updates states atomically, guaranteeing auditability and automatic enforcement. Thus, QR-ZTA’s permissioned blockchain enables decentralized governance and transparent forensic auditing by securely recording all access and trust-related events, supporting timely revocation through cryptographically secured, verifiable evidence.

Cross-chain trust evaluation layer

To enable interoperability between diverse, isolated trust domains (e.g., industrial IoT, healthcare, metaverse ecosystems), the architecture integrates cross-chain mechanisms. Figure 5. Framework for Zero-Trust Cross-Chain Access with behavioural Profiling.

Trust gateways

Middleware components facilitate secure trust data exchange between heterogeneous blockchain networks, leveraging protocols such as Polkadot and Cosmos.

Let TG_ij be a middleware between domains D_i and D_j that:

Maps trust scores and events from L_i to a shared format:

Where Mij is a unified metadata schema

Consensus translation engines

These modules normalize differing trust evidence and policy semantics to support consistent, cross-domain decision-making.

Let D_i and D_j be two trust domains.

Each domain is defined by:

L_k: Local ledger (blockchain).

C_k : Consensus protocol.

P_k : Trust policy rules.

T_k(u, t): Trust score for user u at time t.

τ_i∈L_i: A trust transaction in domain D_i

π_i: Trust evidence generated under consensus protocol C_i.

Each consensus protocol C_k has a confidence function γ_k:τ→[0,1]:.

γ_k(τ_i)=probabilistic confidence in validity of τ_i.

Then the normalized trust score under consensus is:

Let N_ij be a semantic mapping function between policies P_i and P :

Inline graphic

A decision function Rj operates under domain Dj’s policy:

Quantum-Resilient cryptographic layer

Seeking to address the vulnerability of communication and identity due to the power of adversaries endowed with quantum computing, the QR-ZTA framework incorporates the use of post-quantum cryptography primitives, specifically, lattice-based encryption and quantum-secure identity tokens to allow communication and identity assurance even when the adversary possesses a quantum computer able to execute the Shor and Grover algorithms.

Let Inline graphic =(KeyGen, Enc, Dec) represent a lattice-based cryptosystem constructed over the Learning With Errors (LWE) hardness assumption, formally defined as:

Key generation

Where λ is the security parameter, and p_k, s_k are public and private keys respectively

where m ∈ {0,1}ⁿ is the message and r is a random vector.

This construction provides quantum-resistant security against key exchange interception and digital signature forgery, relying on the intractability of approximating shortest vector problems (SVP) in high-dimensional lattices. Instead of classical X.509 certificates, QR-ZTAuses quantum-secure identity tokens Inline graphic , where each token for user u is a signed construct:

ID_u: User identity.

pk_u: User’s public key.

σ_u = Signsk(IDu∥pku): Post-quantum digital signature from a quantum-secure Certificate Authority.

ρ_u: Revocation status, updated via a quantum-resilient revocation list.

Anticipating threats from quantum adversaries, QR-ZTA incorporates post-quantum cryptographic primitives:

Lattice-Based Encryption: Employed for key exchanges and digital signatures resistant to quantum algorithms like Shor’s.
Quantum-Secure Identity Tokens: Replace classical certificates with quantum-safe tokens supporting non-repudiation, revocation, and authentication in a post-quantum environment.

Slice-aware trust enforcement

Exploiting 5G’s network slicing capability, the framework enforces slice-specific trust policies:

Context-Aware Access Control: Access decisions account for slice characteristics, quality of service (QoS) requirements, UE sensitivity, and real-time threat intelligence.
Inter-Slice Containment: Breach containment mechanisms prevent lateral threat propagation between isolated network slices, preserving overall integrity.

This modular, extensible architecture positions QR-ZTA as a comprehensive next-generation security paradigm for 5G networks, enabling secure cross-domain collaboration and quantum-safe trust governance (Table 3).

Table 3.

Key features and advantages.

End-to-End verifiability	Cryptographically logged and scored access requests across multiple trust domains ensure auditability and accountability
Scalable trust delegation	Federated TPSS models enable lightweight, decentralized trust management without central authority dependence
Quantum readiness	Early integration of post-quantum cryptography strengthens resilience against emerging quantum threats.
Adaptive security posture	Dynamic trust evaluation adapts to evolving threats, behaviors, and network contexts, ensuring robust, real-time protection

Open in a new tab

System assumptions and practical deployment scope

Although the proposed Quantum-Resilient Cross-Trust Zero Trust Architecture (QCT-ZTA) is designed to withstand future quantum-capable adversaries, the framework does not assume the immediate availability of quantum communication channels, quantum registers, or NISQ-era hardware in present-day 5G deployments. Instead, the architecture is intentionally designed to be deployable within existing classical network infrastructures while remaining forward-compatible with future quantum-enabled environments.

In this work, a clear distinction is made between components that are physically deployable today and those that are evaluated through software-based simulation or abstraction. All network entities—including user equipment (UE), gNodeBs, 5G core network functions (such as AMF and SMF), and multi-access edge computing (MEC) servers—are assumed to operate on classical computing platforms using standard IP-based communication. Blockchain-based trust management is implemented using a permissioned blockchain (Hyperledger Fabric) deployed on conventional cloud or edge servers. Quantum resistance is achieved through software-based post-quantum cryptographic primitives, specifically Kyber for key exchange and Dilithium for digital signatures, which are implemented using standardized cryptographic libraries and are executable on existing hardware without requiring quantum memory or quantum communication links. No physical quantum channels are assumed between network entities in the evaluated system. Mechanisms related to cross-chain trust negotiation and interoperability are assessed through abstraction and simulation rather than through native quantum-secure inter-chain communication. The adversary model assumes attackers with enhanced computational capabilities consistent with post-quantum threat scenarios, but without access to operational quantum networks or quantum registers. Trust evolution, attack propagation, and mitigation dynamics are evaluated using OMNeT++- and Python-based simulation environments, enabling controlled analysis of large-scale behavior under diverse attack intensities and trust conditions. Accordingly, concepts associated with quantum communication and cross-domain trust translation are treated as forward-compatible security models intended for future 6G or quantum-enabled networks. The proposed architecture should therefore be interpreted as quantum-resilient rather than quantum-dependent, ensuring practical feasibility in near-term 5G deployments while maintaining extensibility toward emerging quantum networking paradigms.

Threat model and operational assumptions

The proposed QCT-ZTA framework operates under a realistic threat model aligned with current 5G deployments while accounting for post-quantum adversarial capabilities. Application chains—including vehicular, healthcare, and IoT service chains—are assumed to execute on classical 5G and MEC infrastructures and are capable of generating behavioral logs, enforcing slice-level policies, and interacting with local Trust Policy Support Systems (TPSS). These application chains are not implicitly trusted and are continuously verified according to zero-trust principles.

Relay nodes, including MEC servers, blockchain peers, and trust gateways, are assumed to operate on classical hardware and to follow prescribed protocols, but they are treated as semi-trusted entities. Consequently, all trust computations, cross-domain trust translations, and policy enforcement actions performed by relay nodes are logged, verified, and auditable through the permissioned blockchain. No single relay node is assumed to be fully trusted, and compromise of a subset of relay nodes is considered within the threat model.

Adversaries are modeled as both classical and post-quantum capable attackers. Classical adversaries may launch Distributed Denial-of-Service (DDoS), Sybil, spoofing, insider misuse, and trust manipulation attacks across network slices. Post-quantum adversaries are assumed to possess sufficient computational power to break classical public-key cryptographic schemes but are not assumed to have access to operational quantum communication networks, quantum registers, or trusted quantum hardware within the 5G infrastructure. The adversary is further assumed to have partial network visibility and the ability to compromise a limited number of user devices or relay nodes, but not a majority of blockchain peers or the underlying consensus mechanism. Under these assumptions, QCT-ZTA aims to ensure continuous trust evaluation, rapid threat containment, and resilience against both present-day and future quantum-enabled attacks.

Experimental setup

The experimental evaluation of the proposed QR-ZTA framework was conducted using an integrated test environment combining OMNeT + + 6.0 for network-level simulation, Hyperledger Fabric 2.5 for blockchain-based trust management, and Python 3.12. A network topology comprising up to 4,600 autonomous nodes and 10 MEC servers was simulated to evaluate scalability. Realistic traffic traces were generated using the 5G-NIDD dataset [22], with both normal and attack traffic DoS, Sybil, and poisoning scenarios. Federated learning rounds were set to 100 with a batch size of 64 and Adam optimizer. Post-quantum security was enabled via Kyber for key exchange and Dilithium for signature authentication. Performance metrics included detection precision, latency, throughput, energy overhead, and Security Risk Reduction Index (SRRI). All quantum-resilient mechanisms evaluated in this study rely on software-based post-quantum cryptography and abstracted trust models; no physical quantum channels, quantum registers, or NISQ-era hardware are assumed.

Results and discussion

Trust score evaluation

As the trust score development in Fig. 6. shows, the proposed Quantum-Resilient Zero Trust Architecture (QR-ZTA ) was much more effective compared to a simple network model. The findings are presented in three entities (user equipment, UE) among which UE1, UE2, and UE3. During the first step, all UEs will have intermediate or high trust rating, which shows the minimum level of trusting the system. Figure 7. Trust Score Test QR-ZTA against Basic Network. Trust Score Analysis QR-ZTA Basic Network. The trust scores change over time with both of the architectures. The scores in QR-ZTA framework stabilize or rise by a small magnitude, which denotes greater resilience and substability in trust assessment processes. As an example, in UE1, trust score is slightly improved, whereas the trust score in UE2 and UE3 is rather competitive in the QR-ZTA policy.

Fig. 7 — Framework for zero-trust cross-chain access with behavioral profiling.

The Basic Network model as may be seen on the other hand shows a little bit degradation in the accuracy of trust scores especially in UE2 where the trust score falls below the QR-ZTA score. This has been the pattern as it has demonstrated the failure of the simple network to maintain reliable trust assessment, particularly in dynamic circumstances or in an adversarial environment. On the whole, the comparison confirms that QR-ZTA not only maintains but increases trust assessment over time because of balancing post-quantum-compatible cryptographic primitives and dynamic trust measures and provides a safer and more reliable 5G network environment.

Trust score progression across phases

The Fig. 8. Trust Score Progression across Phases gives a layered breakdown of trust rating across a wide range of operational phases, among three UEs (UE1, UE2, UE3): Initial, Post Behavior Analysis, Post Attack, and Cross-Chain evaluation. This step-by-step shows the dynamic adjustments of trust measurements by the QR-ZTA using real-time behavioral patterns and external sources of trust. The scores of trust in the Traditional Network do not evolve too much and are to a large extent agnostic to behavior. UE1 and UE3 are assigned a trust of 0.80 and 0.90 respectively and have a pass because of their higher trust scores whereas a marginal trust of 0.60 received by UE2 will result in a restricted pass. This brings out a binary decision model based on threshold, which does not identify more complex anomalies like trust spoofing or DDoS attacks.

--- Traditional Network ---
UE1 → Trust: 0.80 → Access: Granted
UE2 → Trust: 0.60 → Access: Restricted
UE3 → Trust: 0.90 → Access: Granted
--- Quantum-Resilient ZTA Network ---
[!] DDoS Detected from UE2
[!] Trust Spoofing Detected from UE3
UE1 → Local: 0.85, External: 0.39 → Combined: 0.67 → Access: Restricted
UE2 → Local: 0.30, External: 0.66 → Combined: 0.44 → Access: Restricted + Monitoring
UE3 → Local: 1.05, External: 0.17 → Combined: 0.70 → Access: Restricted

Under QR-ZTA, trust scores are refined through multi-phase trust evaluation:

UE1, initially trusted, is downgraded after external analysis (external trust: 0.39), resulting in a combined trust score of 0.67 and restricted access due to inconsistencies.
UE2, identified as a DDoS source, experiences a sharp decline post-attack (trust: 0.30), and though external sources yield a higher score (0.66), the combined trust score (0.44) prompts both restriction and monitoring.
UE3 presents a case of trust spoofing — showing artificially high local trust (1.05) but extremely low external validation (0.17), leading to a combined trust score of 0.70 and restricted access despite an initially high trust in traditional settings.

The strength of this model of adaptive and granular trust is that QR-ZTA can identify the presence of very complex types of attacks, including internal compromise and fake credentials that are missed by the traditional trust models. Besides, the cross-chain verification mechanism also guarantees the decentralized consensus regarding trust and increases the reliability of access control decisions and minimizes false positive decisions. The findings support the usefulness of QR-ZTA in dynamically modulating the level of access privileges with the basis on both internal and external trust cues, which renders it a more secure operational substitute to the generic static schemes in a next-generation 5G context.

Attack intensity

The performance of the QR-ZTA is evaluated against a traditional access control mechanism under varying levels of attack intensity (0–100). Figure 9. represent attack intensity over various parameters. Four critical parameters are analyzed: traffic volume, latency, risk score, and access decision.

Fig. 9 — Attack intensity under varying parameters.

Traffic volume vs. attack intensity

As illustrated in Fig. 8(A), traffic volume exhibits a linear increase with escalating attack intensity, ranging from 100 to 600 packets per second. This simulates typical distributed denial-of-service (DDoS) behavior, where higher attack levels directly correlate with elevated packet influx. Both the traditional model and QR-ZTA receive the same input traffic, providing a consistent baseline for comparison.

Latency vs. attack intensity

Figure 8(B) shows that latency increases non-linearly with attack intensity, starting from 10 ms and reaching approximately 36 ms at full attack. This rise in latency is attributed to queuing delays and resource contention in the network infrastructure. While the latency is common across both models, it sets the foundation for evaluating system responsiveness under stress.

Risk score vs. attack intensity

The contrast between traditional and QR-ZTA risk assessment is highlighted in Fig. 8(C). The traditional model shows a linear increase in risk score, reaching values close to 1.0 under high attack intensity. This implies a high sensitivity to anomalous traffic patterns, potentially leading to false positives. In contrast, the QR-ZTA model maintains a sublinear growth in risk, with values remaining in the 0.3 to 0.52 range even at maximum intensity. This indicates the QR-ZTA ’s ability to perform more nuanced risk evaluation using post-quantum cryptographic primitives and cross-chain trust mechanisms, thereby avoiding overreaction to volumetric anomalies.

Access decision vs. attack intensity

Conventional model denies access (decision = 0) past a risk level (approximately above 50% strength of attack), even to the rightful users (Fig. 8D), there is a possibility of service denial to the authorized users too. On the other hand, the QR-ZTA provides an access (decision = 1) at all levels of the intensity attack. A multi-dimensional trust assessment is done on this stability, which involves identity checks, behavior assessment and situational intelligence. Due to this, QR-ZTA proves to be better in adversarial conditions in terms of resilience and availability. The simulation results prove that QR-ZTA provides effective access control and precise risk prediction in the wave of adversarial traffic. Contrary to traditional models that rely on static threshold-based decision-making, the proposed QR-ZTA employs quantum-safe and context-aware trust adaptation, allowing it to respond dynamically to evolving threats. These results help support the plausibility of QR-ZTA in an emerging framework that provides 5G and beyond network security.

Impact of attack intensity on system metrics

A gradual simulation attack that covers a range of 0–50 was established to assess the strength and adaptability of the system based on a gradual increase of the intensity of the cyber attack. Figure 10 the index of the attack. The measure of the response included the Traffic Volume, Latency, and the Risk Score that applied to the three different User Equipments (UE1, UE2, and UE3). The results are compared in charts of varying forms of bar charts depending on the level of intensity. At Attack Intensity: 0, baseline performance indicators show an efficient lack of outside effect. UE2 has the largest volume of traffic (45.2 packets/sec), latency (30.1 ms), and risk score (45.1) signifying a bit more dense initial load than UE1 and UE3.

When the intensity of the attacks goes up to 10 experiments, the trend in the three metrics shows a proportional rise as well. It is also interesting to note that the volume of traffic increases by 16.6% and latency rises by 12.6% in UE2. Strength of risks in UE1 and UE3 also demonstrate upticks as risk scores in these regions arrive at 44.8 and 39.8, respectively. By Intensity: 20, there are traffic volumes in each of the UEs greater than 40 packets/sec and UE2 once again demonstrates the highest at 61.1. Latencies also exhibit similar trends and climb to 38.1 ms in case of UE2 and 28.1 ms in case of UE3. The breach of the risk scores is more than 50 in UE1 and UE2. The situation is more dramatic at attack intensity of 30%. UE2 currently records 68.8 packets/sec traffic and 41.9 ms latency risk score almost reaching 60.9. This would indicate elevated system load and a greater sense of threat resulting in scoring upscaled risks. In Intensity 40, UE2 determines the highest number of packets of 77.1/sec and latency of 46ms, whereas the responses of UE1 and UE3 are moderated a little. All UEs risk scores are around or above 60, which implies that many of them detect strange actions. Lastly, with the highest tested intensity of 50, UE2 yields 84.7 packets/sec and 49.8 ms latency which is the highest in the study. There are also high bumps in UE1 and UE3, which indicates the possible occurrence of the congestion or profile of attacks. Risk scores reach their peak at 69.8 (UE2), 64.8 (UE1), and 59.8 (UE3), which proves the sensitivity of the system to the threat scale. These measurements confirm that the offered system effectively scales its risk analysis and measures the QoS parameters when facing the growing intensity of the attacks, allowing the dynamic access control and prioritizing mechanisms in real time.

Response time analysis for threat detection

Over 50 attacks, the response time to recognize and eliminate two essential types of cyberattacks, Distributed Denial of Service (DDoS) and Trust Spoofing, was tested. Figure 11. shows relative recruitment delay of the QR-ZTA and a baseline Traditional model. The findings indicate that there was a steady and considerable decrease in the response time when QR-ZTA occurred. The time taken by the traditional techniques to respond is between 10 and 20 s with regular spikes greater than 18 s that show a slower time of threat identification and resolution. Comparatively, QR-ZTA has a response window of 2 to 9 s in almost all the cases of attacks.

Fig. 11 — Response time to treat detection.

Performance of the traditional model seems to deteriorate when faced with more sophisticated or repeated attacks (trust spoofing attacks whereby identity validation mechanisms are side-tracked). A more robust QR-ZTA, which is guaranteed with post-quantum identity authentication and context-sensitive access control measures, responds rapidly and activates alerting and containment measures on near-real-time basis. Furthermore, the small and consistent variance within QR-ZTA resistance to time in several course areas of attack shows that a stable and consistent resistance to attack generates an agile and resilient system under attack conditions. The ability to find anomalies faster leads directly to enhanced containment, shorter exploitation windows on attack surface and enhanced system resiliency. The results confirm the QR-ZTA adaptive trust judgement and quantum-resilient cryptographic mechanisms to be one of the main impactful features of rapid threat reaction, especially important in time-sensitive 5G applications and autonomous systems as well as important IoT networks.

Attack impact on network performance

The resilience of the QR-ZTA was further evaluated under escalating attack intensities ranging from 0% to 100%. The following key network performance metrics were analyzed: Packet Loss, Jitter, and Throughput Drop. Figure 12 presents the comparative results between the traditional baseline system and QR-ZTA .

Fig. 12 — Attack impact on network performance metrics.

To rigorously substantiate the performance claims, statistical validation measures including confidence intervals and p-values have been incorporated to support the reported detection accuracy of 88% and the threefold reduction in unauthorized access events. These metrics were derived from multiple simulation runs under varying attack scenarios to ensure reliability and repeatability of the results. Furthermore, quantitative performance metrics such as throughput, latency, and jitter are systematically tabulated to complement qualitative discussions, providing clear numerical comparisons between the proposed QR-ZTA and baseline models. This comprehensive presentation enhances transparency, allowing readers to assess the statistical significance and practical impact of the proposed approach in securing 5G network environments.

Packet loss

When the intensity of the attack was raised, packet loss for the traditional system showed a sharp surge of the loss when it was up to the rate of 47% at the level of 100% of intensity. On the contrary, QR-ZTA sustained comparatively lower levels of loss up to approximately 19% even in most severe attack scenarios. This implies that the traffic filtering and congestion control procedures of QR-ZTA are superior than those of the QR, and hence they prevent the packet drop in true malicious overload.

Jitter

The fluctuation of the time of packet arrival or jitter is used as the sign of network instability. The traditional architecture suffered jitter as high as 48 ms at maximum attack rate, which was very likely to cause a disturbance to the time-sensitive apps. Instead, QR-ZTA limited jitter to less than 27 ms with better base packet scheduling and prioritization patterns even in volumetric and timing-based attacks.

Degradation of throughput

The traditional system experienced more than 55% throughput decrease at full attack load, meaning that it was at the point of major performance bottlenecks. QR-ZTA, on the contrary, suffered a throughput decrease of a maximum 35%, hence retaining much of the network working capacity. This resilience is evidenced by its smart routing and quantum-resilient proof of trust which allows the delivery of vital services to sustain for a long time. In general, the findings reflect strong mitigation capabilities and the operational stability of QR-ZTA, which fulfills the criteria to be a prospective software-based cryptographic solution deployed securely in 5G and post-quantum networks where availability and reliability are at a premium.

Trust dynamics over time

Figure 13 illustrates the trust score evolution of five user entities (UE1 to UE5) over 40 discrete time steps. The trust scores are represented as a heatmap, where the color intensity varies from blue (low trust) to yellow (high trust). A red dashed vertical line at time step 20 denotes the onset of a coordinated attack on the network.

In the period leading up to the attack (time steps 0–19), there is a steady level of high trust of all entity users as there is a benign nature of operation. After the initiation of the attack in time step 20, negative trends in the trust scores are quite evident especially between malicious or compromised nodes. On the other hand benign nodes do not exhibit large and long-lasting trust values changes or recover rapidly as the QR-ZTA trust assessment engine is adaptive. The identified dynamics indicate clearly the efficiency of the suggested QR-ZTA in preserving trust integrity throughout malicious occurrences. The fact that the best way of identifying unusual behavior and modify the trust scores in a timely fashion proves the strength of the underlying trust assessment model. Additionally, the rebuilding of scores of trust by the non-malicious nodes implies the ability of the system to eliminate false positives and guarantee the nonstop access of the legitimate users. These results support the resilience and adaptability of the system which is a critical feature of secure operations in unpredictable 5G and beyond.

Security risk reduction index

Its Security Risk Reduction Index (SRRI) under the proposed QR-ZTA was tested against five common cyber threats (Replay, Spoofing, Man-in-the-Middle (MITM), Denial-of-Service (DoS) and Sybil attack). The related results have been presented in Fig. 14 that represents the normalized risk reduction scores on 0-100 scale. The system being proposed had the best risk reduction proficiency in terms of MITM attacks with the effectiveness rate at 80 per cent. This accentuates the fact that the cryptographic handshake and session validation protocol within QR-ZTA are especially fortified processes that counteract threats of eavesdropping and interception. Likewise, a very good level of performance is achieved against Replay attacks where an effectiveness level of close to 72% of effectiveness was achieved due to deployment of nonce-based challenge-response authentication where packet reuse is avoided.

Fig. 14 — Security risk reduction index.

Contrasting, the system showed an average degree of analysis at Spoofing as it attributed a score of reduction of 66%. Although the zero-trust concept maintains identity confirmation at multiple access points, spoofing remains moderately difficult because of the device fingerprinting restriction of some of the networks. Moreover, the worst results were those concerning DoS and Sybil crack as their average was approximately 54%. These findings are indicative of the fact QR-ZTA will benefit traffic throttling and session isolation techniques but it has an incomplete procedure to protect volumetric attacks and a node identity validation mechanism on a large-scale distributed system. The radar plot shows that the QR-ZTA framework is especially efficient to the threats that entail session hijacking and replay but it has to be improved in terms of resistance to resource exhaustion and node impersonation attacks. Future research should consider combining both adaptive models that detect anomalies and distributed ledger technologies with a view to enhancing Sybil and DoS threats mitigation, which will improve overall security posture.

False access grant rate

Figure 15 makes the comparison of unauthorized access granted to users on the basis of traditional threshold-based systems with the proposed QR-ZTA. The traditional model has around 12% of unauthorized users that ended up being granted access by mistake. QR-ZTA massively brought this ratio to 4% only. The findings show that QR-ZTA framework is more effective in detecting and preventing unauthorized accessibility cases compared to other frameworks.

Fig. 15 — Unauthorized access grant comparison.

Static threshold checks used in traditional access control mechanisms are prone to evasion, particularly through identity spoofing and profile mimicry. In contrast, QR-ZTA employs a dynamic, context-aware trust evaluation model that continuously re-assesses user and device behaviour, enabling the detection of subtle anomalies and compromised identities. The resulting threefold reduction in unauthorized access demonstrates the improved accuracy and robustness of QR-ZTA, especially in high-risk and mission-critical 5G environments.

To ensure rigorous validation, we performed a quantitative benchmarking study comparing QR-ZTA against three prominent contemporary trust and intrusion detection frameworks—Zero-X⁸, TrustVote¹⁰, and TQFL¹¹. These models were selected due to their relevance in blockchain-enabled, federated, and trust-centric 5G/IoV architectures. Table 4 summarizes the comparative evaluation. The results show that QR-ZTA achieves competitive trust-accuracy levels while significantly outperforming existing frameworks in scalability, throughput stability, and access-control responsiveness.

Table 4.

Quantitative benchmarking of QR-ZTA against state-of-the-art models.

Framework	FPR (%)	Response latency (ms)	SRRI(%)	Throughput degradation (%)	Response time (s)	Scalability (nodes)
Zero-X⁸	7.2	28	70.2 ± 2.0	40	10.5s ± 1.2s	2000
TrustVote¹⁰	9.5	31	68.1 ± 1.9	44	1.5s ± 1s	3200
TQFL¹¹	8.8	30	66.5 ± 2.3	42	12.0s ± 2.0s	3500
QR-ZTA (Proposed)	6	29	80.3 ± 1.6	35	2.0s ± 0.4 s	4600

Open in a new tab

All reported results are averaged over 30 independent experimental runs with randomly initialized parameters. Confidence intervals (95%) were computed using a t-distribution. The cumulative results demonstrate that QR-ZTA consistently outperforms baseline models across multiple operational and security metrics. The trust-score progression analysis confirms that QR-ZTA accurately detects spoofed credentials and compromised nodes with 88% precision, while simultaneously achieving a threefold reduction in unauthorized access and significantly shorter response times. Although QR-ZTA prioritizes adaptive trust computation rather than pure anomaly detection, it still delivers accuracy comparable to intrusion-focused frameworks, with up to 35% lower throughput degradation and substantially improved scalability. Furthermore, the integration of cross-chain blockchain components enables faster consensus formation and reduced latency without compromising resilience, reinforcing the quantitative superiority of QR-ZTA in dynamic 5G environments.

Extended scalability assessment for large-scale 5G IoT deployments

Although the primary simulation environment was configured for 4,600 autonomous nodes, real-world 5G ecosystems—particularly massive IoT deployments—often involve tens of thousands of devices. To address this gap, an extended scalability assessment was conducted using a hierarchical node-emulation model that synthesizes large-scale traffic patterns by replicating behavioural vectors, trust-event sequences, and communication graphs derived from the 5G-NIDD dataset. Using this approach, QR-ZTA was evaluated under virtualized network sizes from 10,000 to 50,000 nodes. As summarized in Table 5, the permissioned blockchain trust ledger maintains stable block-commit times with only an 11% latency increase at 50k nodes, while trust inference computations converge within 1.8–2.6 s, demonstrating sub-linear degradation as network density increases.

Table 5.

Extended scalability performance of QR-ZTA for large-scale 5G/IoT deployments.

Number of nodes	Avg. trust computation convergence time (s)	Blockchain ledger commit latency (ms)	Cross-chain consensus delay (ms)	Overall system overhead (%)
4,600 (baseline)	1.21 s	82 ms	94 ms	0%
10,000	1.48 s	91 ms	112 ms	4.20%
20,000	1.72 s	96 ms	131 ms	7.80%
30,000	2.03 s	101 ms	148 ms	9.60%
40,000	2.41 s	108 ms	159 ms	10.20%
50,000	2.58 s	113 ms	173 ms	11.00%

Open in a new tab

Overall, these results highlight that QR-ZTA preserves operational feasibility even within large-scale, heterogeneous 5G/IoT deployments. The stable cross-chain consensus behaviour further indicates that the weighted aggregation mechanism effectively mitigates synchronization delays in dense environments. While additional hardware-based and distributed edge testbeds remain a valuable direction for future work, the extended evaluation strongly suggests that the architecture is scalable to next-generation networks with device populations far exceeding the initial simulation limits.

The proposed QR-ZTA has been designed with consideration towards compatibility and alignment with existing industry standards, particularly those published by ETSI and 3GPP, which govern security and trust management in 5G and beyond networks. Key architectural elements such as behavior-based trust evaluation, cross-chain trust coordination, and post-quantum cryptographic integration adhere to the principles outlined in standards like ETSI’s Zero Trust Network Access and 3GPP’s Security architecture specifications. This compliance facilitates interoperability with existing and emerging 5G infrastructure components, enabling smoother integration and adoption in practical deployments. Future work will further formalize these alignments and undertake certification activities to assure full standards compliance and deployment readiness.

Limitations and future optimization

QR-ZTA is effective against most threat categories; however, its resilience to high-volume DoS and Sybil attacks remains moderate (SRRI ≈ 54%) because volumetric traffic overwhelms the data plane even when control-plane trust checks remain intact. Enhancements such as session-level isolation, adaptive traffic throttling, and multi-source identity validation can improve resistance to large-scale resource-exhaustion attacks. Deploying post-quantum cryptography also introduces computational and energy overhead for constrained IoT devices, as lattice-based schemes like Kyber and Dilithium involve larger keys and more complex arithmetic. Practical adoption therefore requires balancing PQC security with device capabilities using hybrid classical–PQC modes, selective activation, lightweight lattice parameters, or offloading heavy operations to edge nodes. Approximate NIST PQC benchmarks show that Kyber-512 adds ~ 1–2 ms to key-exchange handshakes and Dilithium-II introduces ~ 1.5–3 ms for signing and ~ 0.5–1 ms for verification, with CPU usage typically 1.3×–1.8× higher than classical ECC. These values indicate that PQC overhead is noticeable but manageable for mid-range IoT devices, providing a reasonable trade-off between quantum-resistant security and operational efficiency in QR-ZTA deployments.

Conclusion

The presented work introduces a Quantum-Resilient Cross-Trust Zero Trust Architecture (QR-ZTA) tailored to the emerging security needs of 5G and beyond. By integrating zero-trust principles, blockchain-based decentralized trust management, and post-quantum cryptographic primitives, QR-ZTA addresses the core challenges of distributed, high-assurance environments. Its cross-chain trust appraisal plane enables secure interoperability across administrative domains, while slice-aware enforcement adapts security policies dynamically to evolving slice requirements. Semi-formal simulations demonstrate improved trust-evaluation accuracy, reduced access-control latency, and sustained performance under adversarial conditions such as DDoS, spoofing, and quantum-level threats. The framework also yields notable security-risk reduction and false-access prevention compared to conventional models, highlighting its suitability for large-scale IoT and mission-critical deployments. While QR-ZTA offers strong quantum resilience, future work must address performance implications—particularly the computational and energy demands of PQC, which impose overhead on constrained IoT devices due to larger key sizes and complex arithmetic. Lightweight lattice variants, optimized hardware support, and adaptive or hybrid cryptographic modes may help balance forward security with operational efficiency. Additionally, cross-chain trust negotiation, although beneficial for responsiveness, introduces communication and processing delays that warrant optimization. Future directions therefore include reducing consensus latency, integrating AI-driven anomaly detection, refining PQC mechanisms for multi-cloud and satellite-enabled 6G networks, and enhancing interoperability for next-generation digital ecosystems such as metaverse platforms, autonomous systems, and industrial automation.

Author contributions

J.K. and R.P.N. developed the main algorithmic framework and wrote the main manuscript text. R.P.N. prepared Figs. 1, 2, 3, 4, 5 and 6 and conducted the simulation experiments. S.G. contributed to the theoretical formulation and critically reviewed and edited the manuscript. All authors reviewed and approved the final version of the manuscript.

Funding

Open access funding provided by Vellore Institute of Technology. This research received no specific grant from any funding agency in the public, commercial, or not-for-profit sectors.

Data availability

The datasets used and/or analysed during the current study available from the corresponding author on reasonable request.

Competing interests

The authors declare no competing interests.

Footnotes

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

References

1.Chen, J. et al. Design of a dynamic trust management and defense decision system for shared vehicle data based on blockchain and deep reinforcement learning. Sci. Rep.15, 26662. 10.1038/s41598-025-11511-y (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]
2.Laghari, A. A. et al. A novel and secure artificial intelligence enabled zero trust intrusion detection in industrial internet of things architecture. Sci. Rep.15, 26843. 10.1038/s41598-025-11738-9 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]
3.Selvi, M., Kumar, S. & Thangaramya, S. V. N. Energy efficient trust aware secure routing algorithm with attribute based encryption for wireless sensor networks. Sci. Rep.15, 19724. 10.1038/s41598-025-03558-8 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]
4.Su, G. & Zhang, B. Synergized security framework: revolutionizing wireless sensor networks through comparative methodological analysis. Sci. Rep.15, 18196. 10.1038/s41598-025-00474-9 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]
5.Punitha, S. & Preetha, K. S. Enhancing reliability and security in cloud-based telesurgery systems leveraging swarm-evoked distributed federated learning framework to mitigate multiple attacks. Sci. Rep.15, 27226. 10.1038/s41598-025-12027-1 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]
6.Jothi, M. Blockchain-enabled federated learning with edge analytics for secure and efficient electronic health records management. Sci. Rep.15, 27524. 10.1038/s41598-025-12225-x (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]
7.Asensio-Garriga, R. et al. ZSM-based E2E security slice management for DDoS attack protection in MEC-enabled V2X environments. IEEE Open J. Veh. Technol.5, 485–495. 10.1109/OJVT.2024.3375448 (2024).
8.Korba, A. A., Boualouache, A. & Ghamri-Doudane, Y. Zero-X: a blockchain-enabled open-set federated learning framework for Zero-Day attack detection in IoV. IEEE Trans. Veh. Technol.73, 12399–12413. 10.1109/TVT.2024.3385916 (2024).
9.Kong, L., Chatzinotas, S. & Ottersten, B. Unified framework for secrecy characteristics with mixture of Gaussian (MoG) distribution. IEEE Wirel. Commun. Lett.9, 1625–1628. 10.1109/LWC.2020.2999361 (2020).
10.Azad, M. A., Bag, S., Parkinson, S. & Hao, F. TrustVote: privacy-preserving node ranking in vehicular networks. IEEE Internet Things J.6, 5878–5891 (2019).
11.Saad, S. B., Brik, B. & Ksentini, A. Toward securing federated learning against poisoning attacks in zero touch B5G networks. IEEE Trans. Netw. Serv. Manage.20, 1612–1624. 10.1109/TNSM.2023.3278838 (2023).
12.Køien, G. M. The road to a trustworthy 6G; on the need for a zero trust 6G paradigm. J. Mob. Multimedia. 20 (1), 45–68. 10.13052/jmm1550-4646.2013 (2024). [Google Scholar]
13.Hong, S. et al. SysFlow: toward a programmable zero trust framework for system security. IEEE Trans. Inf. Forensics Secur.18, 2794–2808 (2023). [Google Scholar]
14.Wang, X., Yi, B., Li, Q., Mumtaz, S. & Lv, J. SRv6 and zero-trust policy enabled graph convolutional neural networks for slicing network optimization. IEEE J. Sel. Areas Commun.43, 2279–2292 (2025).
15.Liu, Y. et al. Secure and scalable cross-domain data sharing in zero-trust cloud-edge-end environment based on sharding blockchain. IEEE Trans. Dependable Secure Comput.21, 2603–2617. 10.1109/TDSC.2023.3313799 (2024).
16.Wang, R., Li, C., Zhang, K. & Tu, B. Zero-trust based dynamic access control for cloud computing. Cybersecurity8 (1), 1–16 (2025). [Google Scholar]
17.Liu, J. & Zhang, Y. The impact of mobile social network sites on social trust: evidence from the China. Human. Soc. Sci. Commun.12, 1041 (2025).
18.Wang, K., Hong, Y., Li, Y., Yan, R. & Feng, J. A distributed zero-trust scheme for airborne wireless sensor networks using dynamic identity authentication. Sci. Rep.15 (8036), 1–29 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]
19.Laghari, A. A. et al. A novel and secure artificial intelligence enabled zero trust intrusion detection in industrial internet of things architecture. Sci. Rep.15, 26843. 10.1038/s41598-025-11738-9 (2025). [DOI] [PMC free article] [PubMed]
20.Lilhore, U. K. et al. SmartTrust: a hybrid deep learning framework for real-time threat detection in cloud environments using Zero-Trust Architecture. J. Cloud Comput.14, 35. 10.1186/s13677-025-00764-7 (2025).
21.Hussain, A. et al. Blockchain-enabled zero trust-based secure and energy efficient scheme for 6G-enabled UASNs. J. Cloud Comput.14 (21), 1–26 (2025). [Google Scholar]
22.Sehan, S. et al. 5G-NIDD: a comprehensive network intrusion detection dataset generated over 5g wireless network. IEEE Dataport10.21227/xtep-hv36 (2022).
23.Sun, Y. et al. PPDR: a privacy-preserving dual reputation management scheme in vehicle platoon. IEEE Trans. Depend. Secure Comput. (2025).
24.Liu, Z. et al. PPRU: a privacy-preserving reputation updating scheme for cloud-assisted vehicular networks. IEEE Trans. Veh. Technol. (2023).
25.Kumar, V., Obaidat, M. S. & Ali, R. A security-enhanced anonymous authentication protocol for blockchain-assisted smart grids. In 2025 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI), Hangzhou, China 1–8 (2025). 10.1109/CCCI65983.2025.11215135.
26.Kumar, V., Ali, R. & Sharma, P. K. HM-6G+: a secure real-time E-healthcare monitoring framework using smart-contract over 6G tactile-internet. Cluster Comput.28, 760. 10.1007/s10586-025-05423-9 (2025). [Google Scholar]
27.Yadav, P. et al. A deep learning approach for recognizing and solving handwritten mathematical equations. Neural Comput. Appl.37, 8759–8772. 10.1007/s00521-025-11025-8 (2025). [Google Scholar]
28.Kumar, V., Ali, R. & Sharma, P. K. A secure blockchain-assisted authentication framework for electronic health records. Int. J. Inf. Tecnol.16, 1581–1593. 10.1007/s41870-023-01705-w (2024). [Google Scholar]
29.Vipin, K., Rifaqat, A. & Pawan, K. S. IoEPM+: a secured and lightweight 6G-enabled pollution monitoring authentication framework using IoT and blockchain technology. Comput. Netw.250, 110554. 10.1016/j.comnet.2024.110554 (2024).

Associated Data

This section collects any data citations, data availability statements, or supplementary materials included in this article.

Data Availability Statement

The datasets used and/or analysed during the current study available from the corresponding author on reasonable request.

[CR1] 1.Chen, J. et al. Design of a dynamic trust management and defense decision system for shared vehicle data based on blockchain and deep reinforcement learning. Sci. Rep.15, 26662. 10.1038/s41598-025-11511-y (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR2] 2.Laghari, A. A. et al. A novel and secure artificial intelligence enabled zero trust intrusion detection in industrial internet of things architecture. Sci. Rep.15, 26843. 10.1038/s41598-025-11738-9 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR3] 3.Selvi, M., Kumar, S. & Thangaramya, S. V. N. Energy efficient trust aware secure routing algorithm with attribute based encryption for wireless sensor networks. Sci. Rep.15, 19724. 10.1038/s41598-025-03558-8 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR4] 4.Su, G. & Zhang, B. Synergized security framework: revolutionizing wireless sensor networks through comparative methodological analysis. Sci. Rep.15, 18196. 10.1038/s41598-025-00474-9 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR5] 5.Punitha, S. & Preetha, K. S. Enhancing reliability and security in cloud-based telesurgery systems leveraging swarm-evoked distributed federated learning framework to mitigate multiple attacks. Sci. Rep.15, 27226. 10.1038/s41598-025-12027-1 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR6] 6.Jothi, M. Blockchain-enabled federated learning with edge analytics for secure and efficient electronic health records management. Sci. Rep.15, 27524. 10.1038/s41598-025-12225-x (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR7] 7.Asensio-Garriga, R. et al. ZSM-based E2E security slice management for DDoS attack protection in MEC-enabled V2X environments. IEEE Open J. Veh. Technol.5, 485–495. 10.1109/OJVT.2024.3375448 (2024).

[CR8] 8.Korba, A. A., Boualouache, A. & Ghamri-Doudane, Y. Zero-X: a blockchain-enabled open-set federated learning framework for Zero-Day attack detection in IoV. IEEE Trans. Veh. Technol.73, 12399–12413. 10.1109/TVT.2024.3385916 (2024).

[CR9] 9.Kong, L., Chatzinotas, S. & Ottersten, B. Unified framework for secrecy characteristics with mixture of Gaussian (MoG) distribution. IEEE Wirel. Commun. Lett.9, 1625–1628. 10.1109/LWC.2020.2999361 (2020).

[CR10] 10.Azad, M. A., Bag, S., Parkinson, S. & Hao, F. TrustVote: privacy-preserving node ranking in vehicular networks. IEEE Internet Things J.6, 5878–5891 (2019).

[CR11] 11.Saad, S. B., Brik, B. & Ksentini, A. Toward securing federated learning against poisoning attacks in zero touch B5G networks. IEEE Trans. Netw. Serv. Manage.20, 1612–1624. 10.1109/TNSM.2023.3278838 (2023).

[CR12] 12.Køien, G. M. The road to a trustworthy 6G; on the need for a zero trust 6G paradigm. J. Mob. Multimedia. 20 (1), 45–68. 10.13052/jmm1550-4646.2013 (2024). [Google Scholar]

[CR13] 13.Hong, S. et al. SysFlow: toward a programmable zero trust framework for system security. IEEE Trans. Inf. Forensics Secur.18, 2794–2808 (2023). [Google Scholar]

[CR14] 14.Wang, X., Yi, B., Li, Q., Mumtaz, S. & Lv, J. SRv6 and zero-trust policy enabled graph convolutional neural networks for slicing network optimization. IEEE J. Sel. Areas Commun.43, 2279–2292 (2025).

[CR15] 15.Liu, Y. et al. Secure and scalable cross-domain data sharing in zero-trust cloud-edge-end environment based on sharding blockchain. IEEE Trans. Dependable Secure Comput.21, 2603–2617. 10.1109/TDSC.2023.3313799 (2024).

[CR16] 16.Wang, R., Li, C., Zhang, K. & Tu, B. Zero-trust based dynamic access control for cloud computing. Cybersecurity8 (1), 1–16 (2025). [Google Scholar]

[CR17] 17.Liu, J. & Zhang, Y. The impact of mobile social network sites on social trust: evidence from the China. Human. Soc. Sci. Commun.12, 1041 (2025).

[CR18] 18.Wang, K., Hong, Y., Li, Y., Yan, R. & Feng, J. A distributed zero-trust scheme for airborne wireless sensor networks using dynamic identity authentication. Sci. Rep.15 (8036), 1–29 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR19] 19.Laghari, A. A. et al. A novel and secure artificial intelligence enabled zero trust intrusion detection in industrial internet of things architecture. Sci. Rep.15, 26843. 10.1038/s41598-025-11738-9 (2025). [DOI] [PMC free article] [PubMed]

[CR20] 20.Lilhore, U. K. et al. SmartTrust: a hybrid deep learning framework for real-time threat detection in cloud environments using Zero-Trust Architecture. J. Cloud Comput.14, 35. 10.1186/s13677-025-00764-7 (2025).

[CR21] 21.Hussain, A. et al. Blockchain-enabled zero trust-based secure and energy efficient scheme for 6G-enabled UASNs. J. Cloud Comput.14 (21), 1–26 (2025). [Google Scholar]

[CR22] 22.Sehan, S. et al. 5G-NIDD: a comprehensive network intrusion detection dataset generated over 5g wireless network. IEEE Dataport10.21227/xtep-hv36 (2022).

[CR23] 23.Sun, Y. et al. PPDR: a privacy-preserving dual reputation management scheme in vehicle platoon. IEEE Trans. Depend. Secure Comput. (2025).

[CR24] 24.Liu, Z. et al. PPRU: a privacy-preserving reputation updating scheme for cloud-assisted vehicular networks. IEEE Trans. Veh. Technol. (2023).

[CR25] 25.Kumar, V., Obaidat, M. S. & Ali, R. A security-enhanced anonymous authentication protocol for blockchain-assisted smart grids. In 2025 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI), Hangzhou, China 1–8 (2025). 10.1109/CCCI65983.2025.11215135.

[CR26] 26.Kumar, V., Ali, R. & Sharma, P. K. HM-6G+: a secure real-time E-healthcare monitoring framework using smart-contract over 6G tactile-internet. Cluster Comput.28, 760. 10.1007/s10586-025-05423-9 (2025). [Google Scholar]

[CR27] 27.Yadav, P. et al. A deep learning approach for recognizing and solving handwritten mathematical equations. Neural Comput. Appl.37, 8759–8772. 10.1007/s00521-025-11025-8 (2025). [Google Scholar]

[CR28] 28.Kumar, V., Ali, R. & Sharma, P. K. A secure blockchain-assisted authentication framework for electronic health records. Int. J. Inf. Tecnol.16, 1581–1593. 10.1007/s41870-023-01705-w (2024). [Google Scholar]

[CR29] 29.Vipin, K., Rifaqat, A. & Pawan, K. S. IoEPM+: a secured and lightweight 6G-enabled pollution monitoring authentication framework using IoT and blockchain technology. Comput. Netw.250, 110554. 10.1016/j.comnet.2024.110554 (2024).

PERMALINK

Quantum-resilient cross-trust evaluation for zero trust 5G security

K Jeysuriya

P N Renjith

G Sudhakaran

Abstract

Introduction

Fig. 1.

Related works

Table 1.

Research gap

Cross-domain interoperability

Human-centric zero-trust

Economic and business model implications

Long-term sustainability and evolution

Challenges in 5G security

Threat analysis

DDoS attacks

Malware propagation

Zero-day exploits

Security challenges

Decentralized infrastructure

Network slicing

Multi-vendor integration and third-party

Quantum threat readiness

Proposed model

Fig. 2.

Fig. 3.

Fig. 4.

Zero trust control plane

Fig. 5.

Table 2.

Behavioural access profiling

Retrieve existing trust record

Execute smart contract for trust re-evaluation

Convert external trust score Text to local format using translation function ϕ

Compute aggregated trust score via weighted consensus

Lattice-based encryption of data payload P

Verify quantum-secure identity token QIDi​

Access decision based on threshold

Inter-slice containment enforcement

Final trust score recorded in ledger

Blockchain-based trust ledger

Cross-chain trust evaluation layer

Trust gateways

Consensus translation engines

Quantum-Resilient cryptographic layer

Key generation

Slice-aware trust enforcement

Table 3.

System assumptions and practical deployment scope

Threat model and operational assumptions

Experimental setup

Results and discussion

Trust score evaluation

Fig. 6.

Fig. 7.

Trust score progression across phases

Fig. 8.

Attack intensity

Fig. 9.

Traffic volume vs. attack intensity

Latency vs. attack intensity

Risk score vs. attack intensity

Access decision vs. attack intensity

Impact of attack intensity on system metrics

Fig. 10.

Response time analysis for threat detection

Fig. 11.

Attack impact on network performance

Fig. 12.

Packet loss

Jitter

Degradation of throughput

Trust dynamics over time

Fig. 13.

Security risk reduction index

Fig. 14.

False access grant rate

Fig. 15.

Convert external trust score T_ext to local format using translation function ϕ

Verify quantum-secure identity token QID_i