Hardware-Anchored ES-SPA: A Dynamic Zero-Trust Architecture for Secure eSIM Provisioning in 6G IoT via Moving Target Defense

Abstract

The rapid evolution of 6G networks and large-scale Internet of Things (IoT) deployments intensifies security and privacy challenges in embedded SIM (eSIM) Remote SIM Provisioning (RSP), particularly during the bootstrap and profile delivery phases. Traditional perimeter-based and VPN-centric approaches expose static attack surfaces, making provisioning workflows vulnerable to denial-of-service (DoS) attacks, reconnaissance, and profile lock-in risks. This paper presents MTD-SDP-eSIM, a hardware-anchored Zero Trust Architecture that secures eSIM provisioning by integrating the embedded Universal Integrated Circuit Card (eUICC) as a root of trust with Software-Defined Perimeter (SDP), Software-Defined Networking (SDN), and Moving Target Defense (MTD). The framework introduces Hardware-Anchored Single Packet Authorization (ES-SPA), which cryptographically binds initial access to tamper-resistant eUICC credentials and enforces an authenticate-before-connect model. A unified Zero Trust controller dynamically orchestrates SDP access control, SDN-based micro-segmentation, and MTD-driven Network Address Shuffling during high-risk provisioning phases. This framework is validated on a high-fidelity 6G testbed built using ns-3, Open5GS, and P4-programmable switches. Experimental results demonstrate a 90% DoS survival rate during provisioning, a 35% scalability improvement over VPN-based baselines, and a 75% reduction in profile lock-in failures through runtime deletion verification. These findings confirm that anchoring dynamic network defenses in hardware-rooted identity significantly enhances the resilience, scalability, and privacy of eSIM provisioning for massive 6G IoT deployments.

1. Introduction

The development of sixth-generation (6G) wireless networks is expected to transform the communication landscape by enabling unprecedented levels of connectivity, data throughput, and service intelligence. These capabilities are essential for supporting emerging applications such as the Internet of Everything (IoE), extended reality, smart grids, and Intelligent Transportation Systems (ITS) [1]. In contrast to earlier cellular generations, 6G architectures emphasize highly distributed computing, edge intelligence, and ultra-low latency communication, while simultaneously supporting massive machine-type communication (mMTC). In spite of these technological developments, some of the security deficiencies that were inherited by 5G infrastructures still exist. Specifically, the vulnerabilities of Virtual Private Networks (VPNs) still expose communication channels to threats such as man-in-the-middle attacks, domain name system (DNS) hijacking, denial-of-service (DoS) attacks, port scanning, and constant attempts of unauthorized access [1,2].

The widespread adoption of embedded SIM (eSIM) technology is reshaping the method of device connection to cellular networks. Unlike traditional SIM cards, eSIM solutions eliminate the need for removable hardware [3,4]. It is in turn based on operator profiles that are provisioned remotely. Standardized by the GSMA, eSIM technology supports Remote SIM Provisioning (RSP) by Common Mutual Authentication (CMA) to secure the profile download procedure [3]. With these mechanisms, users and Internet of Things (IoT) devices can dynamically switch between mobile network operators using bootstrap profiles or QR-based activation. Several operator profiles can be stored in the embedded Universal Integrated Circuit Card (eUICC). This enables scalable and flexible connectivity management of heterogeneous network environments.

Although eSIM technology provides operational flexibility, it has several challenges that affect its applications in IoT deployments. Many IoT devices operate under constrained conditions, including limited user interfaces, heterogeneous connectivity environments, and large-scale fleet deployments [3,5]. The initial process of connecting devices and setting them up becomes more challenging because of these limitations. Recent research has highlighted a number of emerging privacy and security threats that are caused by eSIM-based connectivity systems. In particular, opaque routing mechanisms within certain provisioning ecosystems may enable third-party monitoring and reseller-controlled profile management, potentially leading to operator lock-in and limited transparency in traffic routing [6]. Such conditions may increase the risk of metadata exposure and user tracking, especially when static IP addressing or predictable routing paths are employed.

Zero Trust Architecture (ZTA) creates a security system that requires users to prove their identity before they can access any network resources both inside and outside the organization. ZTA operates on the principle that no device, user, or service should be implicitly trusted, regardless of its location within the network. Organizations make access decisions through constant identity verification together with context-specific authorization methods  [7,8]. The National Institute of Standards and Technology (NIST) guidelines require ZTA architectures to use Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) for authorization as well as enforcing access restrictions throughout their network partitions [9]. ZTA enables organizations to create safer distributed systems by preventing unauthorized movement between network areas and requiring users to prove their identity through multiple authentication methods. Software-Defined Perimeter (SDP) architectures extend the zero-trust concept by dynamically concealing network services until authentication is successfully completed. In SDP environments, services remain hidden from unauthorized entities and become accessible only after verification through mechanisms such as Single Packet Authorization (SPA) [9,10].

The combination of Software-Defined Networking (SDN) with SDP enables centralized management and programmable implementation of fine-grained security policies throughout the data plane [7]. The integrated system enables security controls to automatically adjust according to changing network conditions. Another promising approach for strengthening network resilience is Moving Target Defense (MTD). MTD defense methods use continuous system alterations to create unpredictable environments, which make it harder for attackers to predict their next move. Network Address Shuffling (NAS) constitutes a standard implementation which uses periodic network address changes to stop reconnaissance and scanning efforts [1,11]. By introducing controlled dynamism into the network infrastructure, MTD can significantly reduce the window of opportunity available to attackers. The existing implementations of zero-trust frameworks in 6G environments still require further development despite the progress that has been made. The existing architectural designs lack comprehensive integration of eSIM RSP with MTD-enhanced SDP in SDN environments. The device connectivity process, together with the profile provisioning process, still faces security risks that need to be addressed. This gap assumes greater importance in massive IoT installations because those systems require dynamic and privacy-preserving device provisioning across vast networks of thousands to millions of devices.

To address these issues, this paper presents MTD-SDP-eSIM as a security framework designed to protect eSIM provisioning processes in 6G core networks. It unifies eSIM’s CMA with SDP gateways, SDN switches, and MTD-based NAS. The framework uses identity-driven authentication together with dynamic network reconfiguration to decrease security risks that static provisioning systems create and mitigate persistent network threats.

The key contributions of this paper are summarized as follows:

• Hardware-Anchored Zero Trust Provisioning Architecture: We propose a novel ZTA for secure eSIM RSP in 6G IoT environments that explicitly anchors trust in the eUICC. Unlike software-only SDP or ZTA frameworks, the proposed design binds network access authorization to tamper-resistant hardware identity during the provisioning bootstrap phase.
• ES-SPA: Hardware-Anchored Single Packet Authorization Mechanism: We introduce ES-SPA, a hardware-anchored Single Packet Authorization mechanism that cryptographically binds initial access requests to eUICC credentials. ES-SPA enforces an authenticate-before-connect model for eSIM provisioning, effectively eliminating unauthenticated network exposure during early-stage connectivity.
• Dynamic SDP–SDN–MTD Orchestration for Provisioning Security: We develop an integrated control-plane framework that combines SDP and SDN with MTD. The controller applies identity-aware access control, SDN-based micro-segmentation, and NAS to reduce vulnerabilities during high-risk provisioning phases.
• Threat-Adaptive Defense Algorithm with Risk Quantization: We design a dynamic defense algorithm that establishes a continuous threat assessment index based on network anomalies and eSIM-specific vulnerabilities. This index determines adaptive MTD activation frequency, enabling proactive mitigation of denial-of-service attacks and reconnaissance activities.
• Comprehensive Evaluation on a 6G-Oriented Testbed: The proposed framework is validated using a high-fidelity 6G testbed built with ns-3, Open5GS, ONOS, and P4-programmable switches. Experimental results demonstrate a 90% success rate under DoS conditions, a 35% improvement in provisioning scalability compared to VPN-based systems, and a 75% reduction in eSIM profile lock-in failures.

The paper is organized in the following way: Section 2 provides a literature review. Section 3 covers the system and threat models. The proposed architecture is described in Section 4. The dynamic defense algorithm is introduced in Section 5. Section 6 describes the framework evaluation and performance analysis. The findings and architectural implications are discussed within Section 7. Lastly, Section 8 gives a conclusion for the paper and gives future research directions.

1.1. Problem Statement

The integration of eSIM technology into 6G IoT environments introduces a multi-dimensional security gap that existing perimeter-based defenses fail to address. Specifically, this study targets three critical vulnerabilities:

1.

Bootstrap Exposure: The lack of hardware-anchored authentication during early-stage connectivity, which leaves the RSP bootstrap phase vulnerable to unauthorized access.

2.

Provisioning Denial of Service: The susceptibility of static RSP interfaces to volumetric DoS attacks that disrupt profile delivery for massive IoT fleets.

3.

Privacy and Lock-in Risks: The absence of runtime verification mechanisms to prevent opaque data routing and reseller-driven profile lock-in.

1.2. Research Gaps and Objectives

Existing studies have already reached considerable headway in terms of ZTA and eSIM security, but there are still numerous gaps in the context of the 6G IoT provisioning. The SDP framework in  [1] is a strong 6G core network zero-trust enforcement but is based on rather static security configurations, which are vulnerable to post-authentication attacks after the communication channels have been established.

The empirical analysis in [6] highlights serious eSIM privacy vulnerabilities, emphasizing the need for real-time protection mechanisms during RSP in large-scale IoT deployments. The SDPN hybrid model [10] introduces virtual perimeters but does not incorporate MTD-based adaptive shuffling. Similarly, ZT-XPN focuses on graph-based trust modeling yet does not address eSIM-specific IoT provisioning challenges [3]. SecureSDP [9] enhances perimeter protection but lacks dynamic threat-adaptive mechanisms required for distributed 6G environments.

These limitations motivate the primary objectives of this work:

1.

To bridge static SDP vulnerabilities by integrating MTD-based NAS during eSIM RSP;

2.

To mitigate eSIM privacy risks through ZTA-enforced runtime profile verification;

3.

To extend SDP/SDN synergies with eSIM IoT components such as eIM for scalable provisioning;

4.

To empirically validate the framework’s resilience against traditional baselines.

2. Related Work

Secure and resilient 6G ecosystems can be achieved only through aligned progress in various technical fields. The three foundational areas analyzed in this section are embedded SIM (eSIM) technology, SDP-driven ZTA and dynamic MTD systems [8,12]. The review below puts the novelty of the proposed framework MTD-SDP-eSIM in the context of these emerging research streams.

2.1. eSIM Technology and Remote Provisioning in 6G

eSIM technology has now become pivotal to 6G Internet of Things implementations, because it can support efficient RSP whilst providing massive machine-type communications (mMTC) to enable large numbers of devices to connect to the network [3,13]. A foundational description of RSP procedures, including Common Mutual Authentication (CMA) and profile download steps, is provided in [3], where the eSIM IoT Remote Manager (eIM) is suggested for centralized fleet management. The eUICC also enables multiple operator profiles to be installed using over-the-air (OTA) systems, removing the physical changes of the SIM  [3,4].

Despite these operational advantages, the transition from physical to embedded SIMs introduces significant security and privacy concerns. Critical vulnerabilities in private LTE testbeds, including opaque cross-border routing and reseller-driven profile lock-in mechanisms, were identified in [6].

Extensive research has explored complementary dimensions of eSIM security. A secure zero-touch provisioning model integrating blockchain with GSMA’s OTA IoT-SAFE protocol was proposed in [14] to strengthen supply chain protection. The role of eSIM in Non-Terrestrial Networks (NTN) was examined in [4], where satellite-enabled 6G coverage through VSAT and eSIM technologies was highlighted. The need for quantum-resistant protocols during eSIM handovers was emphasized in  [2,15] to mitigate inherited 5G vulnerabilities. Campus5G initiatives have also incorporated eSIM support for unmodified devices in private 6G deployments [16].

Emerging studies further underscore the importance of secure bootstrapping and resilience against active adversaries in large-scale IoT provisioning [15,17]. Surveys have examined threats posed by eSIM-enabled IoT devices in smart grid infrastructures [18]. Collectively, these works highlight the growing need for robust authentication and privacy-preserving provisioning mechanisms in 6G ecosystems.

2.2. Evolution of SDP and SDN for ZTA

The combination of SDP and SDN represents a fundamental method by which ZTA may be applied to programmable networks [7,8]. An integrated controller model, SDPN, which combines SDP and SDN to manage virtual perimeters and trust anchors, was proposed in [10]. The graph-based structure suggested by Katsis and Bertino, where it is possible to fine-tune the control of trust in programmable infrastructures is named as ZT-XPN [7]. Quantifiable results of hardened SDP deployment, achieving security hardening scores between 65–78%, were provided in [9]. Micro-segmentation based on SDN has been applied to deal with strict cybersecurity demands in industrial IoT systems  [18,19].

Recent surveys position SDP/SDN as enablers of quantum-resistant architectures and identity-aware micro-segmentation in multi-cloud and virtualized systems [12,20,21]. Blockchain-integrated ZTA within SDN has been proposed to mitigate supply chain threats through decentralized verification [22]. Additional work has explored SDP-based user access control in intelligent networks [23] and platform-engineering-driven ZTA integration [24]. Architectures such as ES-SDPC aim to address unknown vulnerabilities through trusted SDP deployments [25]. Broader surveys examine micro-segmentation and perimeterless trust models [26]. Data plane security innovations, including segmented routing and AI-driven least-privilege enforcement, further extend ZTA capabilities [27,28]. Cloud-based ZTA implementations leveraging OpenDaylight have also matured programmable security frameworks [29].

A standard-compliant Zero Trust framework using SDP for residential IoT security was developed in [30]. Although effective in access management and policy enforcement, the architecture does not incorporate dynamic MTD or hardware-anchored identity verification. The integration of blockchain with reinforcement learning for secure task offloading in software-defined 5G edge networks was conducted in [31]; however, their focus lies in decentralized trust rather than provisioning-phase or eSIM identity security. SDN controller placement and load balancing for performance optimization were investigated in [32] without integrating Zero Trust enforcement. Multi-controller load balancing for reliability was addressed in [33], though security-centric or Zero Trust architectures were not considered. An anomaly detection approach for IoT networks using SDN-based monitoring was proposed in [34]; however, proactive defense strategies such as MTD or provisioning-phase security were not incorporated.

2.3. Moving Target Defense (MTD) for Dynamic 6G Security

In 6G core networks, MTD brings about adaptive dynamism to minimize the window of opportunity of an attacker [1,35]. NAS is still a common MTD approach; the effectiveness of improving DoS resilience via dynamic attribute mutation has been demonstrated in [1]. In addition to regular shuffling, cognitive MTD based on reinforcement learning in edge-to-cloud environments was suggested in [11]. MTD based on deep learning has also been used in federated learning where it is used to resist model poisoning and integrity degradation in 6G systems  [36,37]. In 6G UAV networks, pheromone-based coordination mechanisms have been investigated for MTD in 6G UAV networks [38].

The iTrust6G consortium proposed intelligent trust orchestration incorporating MTD within distributed 6G cloud architectures [39]. Additional applications include tactical 6G networks [40], smart city wireless sensor networks [41], and O-RAN security models [42].

Recent investigations examine the use of Large Language Models (LLMs) for proactive security design [43] and generative AI for dynamic service registration [44]. While AI-driven approaches enhance predictive capabilities, their purely software-based foundations introduce a trust gap during bootstrap phases. In contrast, the ES-SPA mechanism anchors identity in tamper-resistant eUICC hardware, establishing a persistent root of trust that strengthens AI-assisted security orchestration. The XWAVE software-defined-everything model employs MTD-based resilience functions [45,46], and graph diffusion-based AeBS deployments further illustrate MTD’s role in sustainable 6G ecosystems [35,47]. Edge learning applications and federated learning taxonomies also highlight MTD’s contribution to stability and adaptive defense [48,49].

However, comprehensive integration of MTD with hardware-anchored eSIM provisioning mechanisms remains largely unexplored [1,3,8]. The proposed MTD-SDP-eSIM framework addresses this gap by delivering a unified ZTA that secures both network-layer and identity-layer provisioning in 6G IoT systems.

While MTD and hardware-anchored eSIM provisioning are individually established security paradigms, their synergistic integration for securing the 6G RSP interface represents a distinct architectural advancement. This study fills the existing gap by investigating how these two domains can be converged to provide a multi-layered defense against both network-level and identity-level threats simultaneously.

3. System and Threat Model

Before providing a detailed explanation of the proposed MTD-SDP-eSIM architecture, this section will first describe the formal system model and the adversarial environment. Our model integrates the core principles of ZTA, as defined by NIST, with the specific RSP processes needed for large-scale 6G IoT deployments [3,7]. The basic assumptions about trust boundaries and potential adversary capabilities are based on current research on eSIM privacy and SDN-based MTD [1,6].

3.1. System Model

The proposed framework operates within a 6G network, which includes four main components: eSIM-enabled IoT devices $\mathcal{D}$, SDP gateways $\mathcal{G}$, programmable SDN switches $\mathcal{S}$, and a centralized ZTA controller $\mathcal{C}$. Figure 1 shows how these components interact and how the operational logic flows.

• Devices and eUICC: Each device d in the set of devices $\mathcal{D}$ contains a protected eUICC, which functions as its hardware root-of-trust. The eUICC contains a set of operator profiles ${\mathcal{P}}_d=\{p_1,\dots ,p_k\}$, where each profile p contains the necessary credentials (K, OPc) for secure network attachment.
• ES-SPA and RSP Requests: When a device requires a new profile, it initiates the provisioning request $r(d,p)=(\mathrm{QR},\mathrm{bootstrap})$ process. This triggers the Hardware-Anchored Single Packet Authorization (ES-SPA) process, where the eUICC signs the initial SPA packet to ensure hardware-level authenticity during the Common Mutual Authentication (CMA) process mediated by the ZTA controller.
• Network Graph: The network is represented in our model as the directed graph G, which consists of vertex set V and edge set E, where the vertex set $V=\mathcal{D}\cup \mathcal{G}\cup \mathcal{S}\cup \left\{\mathcal{C}\right\}$ represents the network nodes. The edge set E represents the secure tunnels that were established after successful ES-SPA validation. The edge $e\in E$ consists of a dynamic attribute tuple, which includes the following elements $e=({\mathrm{IP}}_{src},{\mathrm{IP}}_{dst},\mathrm{Port},\mathrm{State},\mathrm{TS})$, where $TS$ represents the timestamp of the last shuffle.
• Policy Enforcement: The access control system operates according to the policy function, $\Pi$ which determines access rights through the identity-based connectivity function $\pi :V\times V\to \{0,1\}$. The connection between device d and gateway g exists if and only if d provides a valid ES-SPA packet, which the controller’s hardware-based trust anchor verifies.
• MTD Transformation: The MTD mechanism uses the transformation function $f:E\to E^{\prime }$ to create a target edge set, $E^{\prime }$ which includes IP addresses that have been modified through cryptographic hashing. The IP addresses in $E^{\prime }$ are generated through the formula ${\mathrm{IP}}^{\prime }=\mathrm{Hash}({\mathrm{IP}}_{old}+\mathrm{timestamp}+\mathrm{salt})$.

The model assumes that the eUICC and ZTA controller maintain security through their hardened defenses according to [9], but all communication edges of the system remain untrustworthy and can be intercepted by attackers.

The ES-SPA mechanism uses asymmetric cryptography, which operates from the eUICC secure element as its foundation. The SPA packet uses ECC-based private key encryption from the eUICC to sign each packet, while the ZTA controller uses the corresponding public key, which is linked to the device identity, to verify the signature. The ES-SPA packet is formally defined as a 128-byte UDP payload $\{DeviceID \Vert Nonce \Vert TS \Vert \sigma \}$ where $\sigma ={\mathrm{ECDSA}}_{K_{priv}}(DeviceID \Vert Nonce \Vert TS)$. The signature is generated within the eUICC secure element using its embedded private key, and the corresponding public key—bound to the device identity—is used by the ZTA controller for verification. This mechanism leverages the eUICC as a hardware root-of-trust and maps directly to the “Request to RSP” phase of the GSMA SGP.22 specification, enabling cryptographically enforced pre-connection authentication.

This design binds initial access authorization to the hardware through both cryptographic and physical methods, which stop spoofing and replay attacks during the provisioning bootstrap phase. All cryptographic functions are predicated on ECC-based asymmetric signatures for ES-SPA authentication and SHA-256-based hashing for NAS attribute generation, aligning with the 6G lightweight security recommendations.

The ES-SPA protocol ensures replay resistance by incorporating a monotonically increasing sequence number and a 256-bit salt generated within the eUICC’s secure element for every request. Additionally, the framework achieves perfect forward secrecy by utilizing ephemeral Elliptic Curve Diffie–Hellman (ECDH) key exchanges for each transient provisioning tunnel, ensuring that the compromise of long-term eUICC credentials does not expose past profile delivery sessions. Our security model assumes the computational hardness of the Elliptic Curve Discrete Logarithm Problem (ECDLP). Replay resistance is strictly enforced by the eUICC, which includes a unique 256-bit cryptographic nonce in every ES-SPA packet that the ZTA controller must verify against its ‘recently used’ cache.

Statistical analysis of the NAS hash function indicates that for a fleet of $n=1000$ devices, the probability of an IP collision within the 6G addressing space is <${10}^{-18}$, ensuring that the dynamic shuffling mechanism does not lead to connectivity conflicts or state inconsistencies in the SDN data plane. This estimation follows the birthday bound approximation:

$$P\approx {\displaystyle \frac{n(n-1)}{2\times 2^{128}}},$$

assuming NAS operates within the 128-bit IPv6 address space used in the 6G core network.

3.2. Threat Model

We adopt the Dolev–Yao adversary model, denoted as $\mathcal{A}$, in which the attacker has complete control over public communication channels. Adversary $\mathcal{A}$ can intercept, modify, delete, or replay any message sent between nodes. However, $\mathcal{A}$ is limited by computational constraints and cannot compromise the underlying cryptographic methods or the secure storage within the eUICC hardware anchor.

This framework specifically addresses the following threats:

1.

Denial of Service (DoS): $\mathcal{A}$ attempts to overwhelm the RSP interface by sending requests at a rate of $\lambda$. Our framework uses NAS to reduce the adversary’s exposure window, $\Delta t$. The likelihood of a successful attack is given by the following equation:

$$P_s=1-e^{-\lambda \Delta t}$$

(1)

This means that a smaller $\Delta t$, which indicates more frequent shuffling, greatly decreases the chance of success.

2.

Port Scanning and Reconnaissance: $\mathcal{A}$ searches the network for open gateways. The probability of detection is defined as $1-ϵ$, where $ϵ$ represents the shuffle’s effectiveness. In our simulations, we set $ϵ$ to 0.15 to ensure high detection rates during the provisioning phase. Formally, $ϵ$ represents the adversary’s conditional success probability in predicting newly assigned network attributes after a shuffle event, calibrated empirically using observed reconnaissance detection rates in the experimental testbed. $ϵ$ is set to 0.15 to reflect the high entropy of the 6G addressing space utilized in our NAS mechanism. This value ensures that the probability of an adversary successfully predicting the shuffled network attributes remains low, thereby maintaining a high detection rate ($1-ϵ=0.85$) for reconnaissance attempts during the sensitive provisioning bootstrap phase.

3.

eSIM-Specific Privacy Risks: This study specifically addresses three major risks found in the eSIM ecosystem, as identified by [6]:

• Opaque Routing: The possibility that user data could be sent through foreign locations that aren’t authorized ($P_r=0.4$).
• Profile Lock-in: Profile deletion failures that block operator changes ($P_l=0.2$).
• Phishing: The spread of fake QR codes designed to take over the RSP bootstrap process.

The simulation parameters $ϵ$, $P_r$, and $P_l$ are derived from empirical security audits of the eSIM ecosystem [6]. Specifically, $P_r=0.4$ and $P_l=0.2$ represent the observed frequencies of jurisdictional routing violations and profile deletion failures, respectively. The shuffle effectiveness is set at $ϵ=0.15$ to align with the high-entropy addressing space of 6G networks. Consequently, the framework maintains a 0.85 probability of successful target obfuscation during the provisioning bootstrap phase. By disrupting the static nature of the network perimeter, MTD-SDP-eSIM prevents the lateral movement and ongoing reconnaissance that are common in current static SDP implementations [1].

4. Proposed Architecture: MTD-SDP-eSIM

The MTD-SDP-eSIM architecture delivers a secure eSIM provisioning solution through its implementation of hardware-anchored Zero Trust security, which operates in 6G network systems. The architecture mitigates static perimeter weaknesses by integrating SDP access control, SDN programmability, and MTD-based dynamism. Our architecture combines the unified plane models from [10] and graph-based policy orchestration from [7] to use eUICC as a hardware root-of-trust. This new method is called Hardware-Anchored Single Packet Authorization (ES-SPA). This layered design ensures scalability for massive IoT fleets, mitigates privacy risks such as opaque routing and profile lock-in [6], and enhances resilience against DoS and reconnaissance through NAS [1]. The notations used in this work are summarized in the Abbreviations section.

4.1. System Model and Risk Quantization

The system model establishes formal rules to represent all intricate relations between different elements that exist in a 6G core system. Let $\mathcal{D}=\{d_1,d_2,\dots ,d_n\}$ represent the set of eSIM-enabled IoT devices, where each device d possesses a set of credentials and operator profiles ${\mathcal{P}}_d$ stored within a tamper-resistant eUICC hardware module. The network topology is represented by our system as a dynamic directed graph $G=(V,E)$ where V is the set of functional nodes that operate as SDP gateways, P4-switches, and ZTA controllers while E represents the set of secure transient tunnels that become available after authorization. An edge in E represents a secure transient tunnel that becomes available after authorization, allowing the controller to determine the duration of each short-lived connection based on the timestamp established in the system model.

The Dynamic Threat Level Index $T\left(d\right)\in [0,1]$ stands as the essential breakthrough of this system because it establishes a system that evaluates existing dangers to the device d during the provisioning stage. The ZTA controller computes $T\left(d\right)$ as a multi-weighted sum of network and device attributes:

$$T\left(d\right)=w_1·A+w_2·P+w_3·V$$

(2)

Here A stands for Anomaly Score, which calculates scores based on real-time packet rate deviations and DoS signature patterns found in the 6G core. The parameter P stands for Privacy Exposure, which calculates the risk of unauthorized international routing based on current privacy audit results [6]. The Vulnerability Index, V measures profile lock-in risks and potential deletion failures. The configuration of the weights $w_i$ is done according to the operator policies with the condition that all weight values must sum to one. The MTD module initiates NAS when $T\left(d\right)$ measurement crosses the security threshold, $\theta$, which usually is greater than or equal to 0.5. The threshold $\theta$ is set to 0.5 to provide a balanced defensive posture. Empirical sensitivity analysis indicates that this value ensures a 90% DoS survival rate while preventing ’over-shuffling’ events. This calibration is critical, as lower thresholds can increase signaling latency in the 6G core by up to 15%. This proactive defense mechanism directly manipulates the temporal parameters of the attack success probability $P_s$ established in the threat model. By dynamically shortening the shuffle interval $\Delta t$ as the Threat Index $T\left(d\right)$ approaches unity, the framework ensures that network attributes are rotated at a rate that outpaces the adversary’s reconnaissance cycle. This reduction in the exposure window minimizes the window of opportunity for attack intensity $\lambda$, effectively forcing the probability of a successful persistent exploit towards zero during the sensitive profile delivery phase.

The weights $w_i$ in (2) are calibrated through a Bayesian feedback loop. This ensures that the Threat Index $T\left(d\right)$ functions as an adaptive risk-scoring model rather than a fixed heuristic, allowing the controller to tune sensitivity based on observed False Positive Rates (FPR) during NAS events. Specifically, the anomaly score A is computed as $A=min(1,{\displaystyle \frac{|R_{curr}-{\mu }_{base}|}{3{\sigma }_{base}}})$, where $R_{curr}$ is the current packet rate and $({\mu }_{base},{\sigma }_{base})$ are the mean and standard deviation of historical legitimate provisioning traffic.

4.2. Architectural Layers and Components

The architecture has three functional planes, which enable system components to operate independently while providing high system scalability and active security protection for large IoT systems.

• 6G Core and Device Layer: This layer supports eSIM devices together with the eSIM IoT Remote Manager. The eIM system enables UI-less IoT devices to establish secure RSP connections through its proxy function. The hardware anchor (eUICC) ensures that the initial SPA packet is cryptographically tied to the physical device identity via the ES-SPA mechanism, effectively preventing device spoofing at the network edge. This is a layer that acts as a support mechanism, allowing both direct and indirect provisioning models to create a 6G-ready link to the programmable and diverse IoT fleet [3].
• SDP/SDN Enforcement Plane: This plane uses SDP gateways to conduct initial SPA verification while it operates P4-programmable SDN switches, which include BMv2 for executing stateful policy enforcement. The ZTA controller uses the P4Runtime protocol to achieve data plane updates, which take less than one millisecond, which allows the controller to change tunnel attributes that MTD needs for its operations [9]. The plane presents virtual hosts as its operational nodes, which maintain gateway access security by making gateways undetectable to unauthorized users until they succeed in authenticating through hardware-based SPA packet verification.
• ZTA Controller (Control Plane): The unified controller works as the central orchestrator, which combines the Policy Decision Point with MTD logic. The controller produces a continuous graph-based depiction of the network state while it checks RSP requests against identity criteria and current threat levels. The controller orchestrates the Common Mutual Authentication (CMA) process and ensures that profile deletions are verified at the runtime level to mitigate jurisdictional lock-in risks identified in the eSIM ecosystem [6].

4.3. Architectural Visualization

Figure 2 provides a complete functional description of the MTD-SDP-eSIM system through its architectural diagram. The diagram shows two distinct types of operations in the architecture, which include encrypted profile delivery data flows and control flows such as policy queries and P4Runtime updates. The MTD module establishes its connection to SDN switches through which it implements dynamic enforcement.

4.4. Key Operational Logic and Defense Cycles

The framework operates through two core reactive loops designed to secure the entire provisioning lifecycle.

1.

The Provisioning Cycle: The SDP gateway conducts hardware-based SPA authentication using eUICC credentials after receiving the first eSIM RSP request. The ZTA controller assesses device identity while it calculates current $T\left(d\right)$ values. The system creates a temporary encrypted tunnel through the SDN plane when the request verification is over and the threat level stays within secure limits. The SM-DP+ server transmits the operator profile through a secure tunnel, which protects the device’s network location from unauthorized access during the critical delivery period.

2.

The Defense Cycle: The MTD module triggers a NAS event when the threat index $T\left(d\right)$ increases because the framework detects either unusual traffic patterns or unauthorized access attempts. The controller uses P4Runtime to push updated flow rules to the SDN switches, which require real-time changes of target device IP and port mappings. The module uses active shuffling to block all malicious reconnaissance packets while stopping active DoS attacks, which allows RSP flow to continue, thus reducing adversary dwell time and maintaining a 90% DoS survival rate for critical provisioning tasks.

4.5. Implementation and Prototyping Details

The MTD-SDP-eSIM framework uses a high-precision 6G simulation system to test its effectiveness in large-scale IoT environments. We use ns-3 (v3.42) for network emulation because it supports 6G radio access and core network elements. Open5GS (v2.7.1) provides the core network infrastructure, which handles SM-DP+ and SM-DS server functions for eSIM RSP. The control plane is managed by ONOS (v2.7.0), which functions as the ZTA controller and controls BMv2 P4 switches through its P4Runtime integration system. The 6G functionality is modeled in ns-3 (v3.42) using the dedicated 6G-Library module to simulate sub-terahertz (sub-THz) communication channels and 6G-specific radio access parameters. To ensure operational synchronization, the ONOS controller (v2.7.0) communicates with the BMv2 switches via the P4Runtime gRPC interface, maintaining a control-plane update latency of under 1 ms. This sub-millisecond synchronization ensures that MTD-driven NAS triggers do not introduce packet loss or state inconsistencies during the SM-DP+ profile delivery phase. The testbed employs a hybrid simulation-emulation architecture where the 6G RAN and UE mobility are simulated in ns-3, while the core network (Open5GS) and P4 data plane (BMv2) are emulated in a containerized environment. Synchronization is maintained via TAP/Bridge interfaces; simulated gNB traffic is encapsulated and injected into the P4-programmable switches, allowing for a realistic evaluation of control-plane signaling between the ZTA controller and the 6G core functions. To maintain session continuity during NAS events, the ZTA controller implements a 2000 ms rule overlap period. During this transition, the P4 switches concurrently support both the legacy and the shuffled flow rules, ensuring that long-lived RSP profile downloads are not truncated. Empirical testing confirms a session stability rate of 99.92% during active shuffling, with a negligible mean jitter increase of 0.45 ms.

All controller and gateway components require security hardening according to architectural integrity standards which utilize the guidelines from [9] together with Lynis and OpenSCAP security assessment tools. The process achieves an average hardening score of 72% which exceeds the security level of typical SDN configurations. The simulation environment operates on a server with high-performance capabilities, which uses Ubuntu 24.04 to deliver essential computing power for P4 switch emulation with minimal delay. The Python-based MTD module creates $T\left(d\right)$ calculations through real-time telemetry data from the SDN data plane, which it processes with Scikit-learn library functions. The environment maintains strong capabilities to assess the framework’s ability to handle 1000 simultaneous eSIM provisioning requests while maintaining MTD overhead at under 5% of total CPU usage which results in a 35% improvement for provisioning scalability compared to standard VPN-based benchmarks. The upcoming section establishes dynamic defense logic, which governs provisioning processes, threat evaluation, and MTD system activation based on this foundational architecture.

5. Algorithm for Dynamic Defense

The main component of the MTD-SDP-eSIM framework operates through a dynamic defense algorithm, which controls the sensitive RSP process while it simultaneously handles the MTD system operations. Algorithm 1 uses a feedback system that evaluates current threat levels through the threat level index $T\left(d\right)$ to decide when and how often to shuffle network attributes. The algorithm computes a security model which protects against attacks through its combination of SDP and SDN-based NAS technology to develop an unpredictable transient attack surface that uses hardware root-of-trust as its protection base.

Algorithm 1 MTD-SDP-eSIM Dynamic Defense and Shuffling

Require: Device fleet $\mathcal{D}$, Global Threat Index $T\left(d\right)$, Threshold $\theta$, Base Shuffle Interval $\Delta t_{base}$ Ensure: Secure Provisioning Status and Active Tunnel Attributes $E^{\prime }$   1: for each device $d\in \mathcal{D}$ do   2:    Phase I: Hardware-Anchored Authentication (ES-SPA)   3:    $req\leftarrow$ Capture bootstrap SPA packet from d (signed by eUICC private key)   4:    $cert\_status\leftarrow$ Verify $req$ via Controller Root Trust Anchor   5:    if $cert\_status=\mathrm{FAILED}$ then   6:        Drop packet; Log unauthorized access attempt as potential reconnaissance   7:        continue   8:    end if   9:    Phase II: Risk Assessment and MTD Activation  10:    $T\left(d\right)\leftarrow w_1·A+w_2·P+w_3·V$ {Compute Dynamic Threat Index}  11:    $\Delta t_{active}\leftarrow \Delta t_{base}\times (1-T\left(d\right))$ {Shorten shuffle interval based on risk}  12:    if $T\left(d\right)>\theta$ or $\mathrm{Timer}\ge \Delta t_{active}$ then  13:        $\mathrm{Salt}\leftarrow \mathrm{GenerateSecureRandom}(256-\mathrm{bit})$  14:        ${\mathrm{IP}}_{new}\leftarrow \mathrm{Hash}({\mathrm{IP}}_{old}\Vert \mathrm{Timestamp}\Vert \mathrm{Salt})$  15:        Execute NAS update: push new flow rules via P4Runtime to SDN switches  16:        $E\leftarrow E^{\prime }$ Commit updated tunnel attributes to the network graph  17:    end if  18:    Phase III: Secure Provisioning and Enforcement  19:    Establish transient encrypted tunnel $e\in E^{\prime }$ for RSP flow  20:    Execute CMA: initiate mutual authentication with SM-DP+ server [3]  21:    ${\mathrm{Profile}}_{enc}\leftarrow$ Download over shuffled tunnel; enforce graph-based policies [7]  22:    Verify runtime deletion: audit eUICC for residues of unauthorized profiles [6]  23:    Phase IV: Monitoring and Feedback  24:    Log $\mathrm{ProvisioningLatency}\left(d\right)$, $\mathrm{BlockedAnomalies}\left(d\right)$  25:    Update device reputation and $T\left(d\right)$ based on real-time data plane telemetry  26: end for  27: return  $\mathrm{Status}\leftarrow \mathrm{SUCCESS}$

5.1. Algorithmic Formalization

The algorithm prevents profile downloads from occurring through a permanent static network connection. The framework uses eUICC as its hardware root-of-trust to create digital signatures for the initial Single Packet Authorization process, which we refer to as ES-SPA. The ZTA controller requires this signature to be verified before it can create any temporary tunnels. The following pseudocode (Algorithm 1) details the four primary operational phases: Hardware-Anchored Authentication, Risk Assessment, Secure Provisioning, and Continuous Monitoring.

The eSIM bootstrap process is formally integrated into Phase I: Hardware-Anchored Authentication. During this phase, the initial bootstrap request triggers the ES-SPA mechanism, which utilizes the eUICC root-of-trust to sign the authorization packet, ensuring that the provisioning cycle begins with a hardware-verified identity.

5.2. Triggering Mechanism and Shuffle Logic

The dynamism of the defense is governed by the adaptive relationship between the Threat Level $T\left(d\right)$ and the shuffle interval $\Delta t$. The algorithm maintains its normal operations by using a dedicated shuffling scheme that operates at fixed intervals ($\Delta t$) of 300 s because the current Threat Level $T\left(d\right)$ value remains near zero. The framework switches to its Reactive Mode when Anomaly Score (A) or Privacy Exposure (P) reaches critical levels, which shows that a DoS attack or jurisdictional routing violation has been detected through recent eSIM privacy audits [6].

In this state, $\Delta t$ is dynamically reduced according to the risk weight, forcing more frequent IP and port rotations. This reduces the adversary’s window of opportunity, as the probability of a successful persistent attack $P_s=1-e^{-\lambda \Delta t}$ approaches zero as $\Delta t\to 0$. By tieing the shuffle frequency to the hardware-anchored threat metrics, the algorithm optimizes the balance between network overhead and security posture, ensuring that legitimate provisioning requests survive even under intense attack conditions [1].

To ensure mathematical consistency in Algorithm 1, each component of $T\left(d\right)$ is normalized to the $[0,1]$ range using $x_{norm}={\displaystyle \frac{x-x_{min}}{x_{max}-x_{min}}}$ based on telemetry bounds. The weights follow a security-first tiering: $w_1=0.4$ prioritizes active anomalies, while $w_2=w_3=0.3$ provide balanced coverage for privacy and architectural vulnerabilities. Sensitivity analysis confirms that $\theta =0.5$ balances defense agility with signaling overhead, as values below this threshold trigger suboptimal ’over-shuffling’ in the 6G core.

5.3. Complexity Analysis and Scalability

The framework is able to support large-scale 6G IoT deployments because we assess how the dynamic defense loop impacts computational requirements and resource consumption.

• Time Complexity: The overall time complexity is $O\left(\right|\mathcal{D}\left|\right)$, where $\left|\mathcal{D}\right|$ represents the number of devices that operate simultaneously in the provisioning queue. Each iteration requires constant-time cryptographic operations that include HMAC/SHA-256 hashing and RSA/ECC certificate verification, which both have a $O\left(1\right)$ time complexity, and the SDN rule updates through P4Runtime, which also take $O\left(1\right)$ time. The linear scaling mechanism allows the controller to meet ultra-reliable low-latency communication (URLLC) requirements, which state that processing latency must stay below 6G infrastructure limits for the operation of a large fleet consisting of $n=1000$ devices.
• Space Complexity: The framework needs memory space, $O\left(\right|\mathcal{D}\left|\right)$ which grows linearly with the size of database D, to store the state of current operational secure tunnels and active threat metrics and temporary hash salts. The framework utilizes minimal memory space per device because it efficiently stores graph-based policies together with compact IP/port tuple data which results in about 1.2 KB overhead. The framework operates effectively on standard cloud-native SDN controllers and edge-cloud nodes that use Ubuntu 24.04.

5.4. Handling Edge Cases and Persistent Threats

The algorithm incorporates specific branches for high-risk edge cases that often plague traditional eSIM deployments. For instance, in the case of a suspected “Profile Lock-in” (where the vulnerability index V is high), the controller halts the installation of new profiles until a Runtime Deletion Verification is successfully completed. This prevents operators from using malicious profile residues to impede carrier switching, as documented in recent security evaluations [6].

The algorithm implements “Continuous Shuffling” mode for devices that function in extremely dangerous conditions because their threat index $T\left(d\right)$ stays above their danger limit $\theta$. The attributes of the RSP process sub-flows get rotated during the complete duration of their execution. The security mechanism provides maximum protection through extreme granularity because it transmits each encrypted segment through a different unpredictable route, which prevents adversaries from executing localized interception and man-in-the-middle attacks while safeguarding the 6G provisioning cycle.

Pseudocode Variants for Specialized Scenarios

Our framework provides operational variants that are designed for use with standalone devices and continuous hostile operational conditions to achieve architectural flexibility.

Single-Device Provisioning: For single-device provisioning ($\left|\mathcal{D}\right|=1$), a simplified variant omits the iterative fleet loop to minimize processing latency (Algorithm 2).

Algorithm 2 Single-Device Provisioning

Require: Device d, Threat Level T Ensure: Provisioning Status for d    1: Perform ES-SPA Authentication for d (as defined in Phase I)    2: if failed then    3:     return Rejected    4: end if    5: MTD Activation for d (Trigger NAS based on T)    6: eSIM Provisioning for d (Execute CMA and Profile Download)    7: Runtime Monitoring for d (Final integrity audit)     8: return Provisioned or Alert

High-Threat Persistence: For high-threat edge cases where the threat level consistently exceeds the security threshold ($T>0.5$), the algorithm forces an immediate and proactive shuffle (Algorithm 3):

Algorithm 3 High-Threat Persistent Defense

Require: $\mathcal{D}$, High T    1: for each d in $\mathcal{D}$ do    2:    Authenticate d via eUICC hardware anchor    3:    if failed then    4:        return Reject d    5:    end if    6:    Shuffle NAS immediately (Pre-emptive attribute rotation)    7:    Provision over shuffled tunnel    8:    Monitor and reshuffle on any detected T spike    9: end for

These variants handle critical edge cases like isolated devices or persistent attacks, significantly enhancing the overall robustness of the MTD-SDP-eSIM.

6. Evaluation and Performance Analysis

The MTD-SDP-eSIM framework proved its effectiveness through our execution of high-fidelity simulations and our comparative research analysis. We developed our evaluation methodology based on existing benchmarks in the field which use SDN-based BMv2 testbeds from [7] and multi-layer security assessment frameworks from [1] as testing methods.

The evaluation metrics are categorized into four critical vectors: (i) security resilience, which tests the framework’s ability to protect against DoS attacks and detect port scanning activities; (ii) architectural scalability, which measures system performance through its capacity to handle IoT devices within high-demand environments; (iii) eSIM privacy integrity, which assesses the degree of profile lock-in protection that eSIM technology provides; and (iv) operational overhead, which measures both processor resource use and power consumption. We benchmark our solution against two primary baselines: a traditional VPN-based architecture (e.g., OpenVPN) and a standard SDP implementation without MTD security features.

6.1. Experimental Methodology

The methodology uses a simulated 6G testbed that tests system performance across various network conditions while maintaining complete reproducibility and 6G IoT operational limits.

• Network Simulation: We used ns-3 (v3.42) as our main simulation system, which we combined with special 6G-Library modules to create models for Ultra-Reliable Low-Latency Communication (URLLC) and Massive Machine-Type Communication (mMTC). The testing environment can simulate 1000 different types of IoT devices, which experience random packet loss rates between 0.1 percent and 1 percent (0.1–$1\%$) and different propagation delays that range from 1 millisecond to 10 milliseconds (1–10 ms).
• Core Infrastructure: The Open5GS (v2.7.1) software functions as a 6G Core (6GC) emulator to handle eSIM RSP operations, which need Common Mutual Authentication (CMA) and profile delivery from simulated SM-DP+ servers.
• Control Plane and Orchestration: ONOS (v2.7.0) controls SDN orchestration to program BMv2 switches through its P4 code which implements stateful policies and performs NAS operations.
• Computational Resources: The simulations were conducted on a high-performance server that had an Intel Xeon 32-core CPU operating at $2.5$ GHz and 128 GB RAM and used Ubuntu 24.04 LTS as its operating system.

The framework’s ability to adjust its operations depends on the changing Threat Level (T) which serves as a weighted index that calculates its value through the following formula:

$$T=0.4·A+0.3·P+0.3·V$$

(3)

where A represents the anomaly rate (packets/sec), P denotes the routing opacity (privacy score), and V indicates the vulnerability index (e.g., lock-in probability). The framework activates the MTD shuffle operation when Threat Level (T) surpasses its established threshold value of 0.5 ($\theta =0.5$). The framework establishes a base MTD shuffle interval ($\Delta t$) which lasts 300 s, and the framework modifies this interval whenever it detects Threat Level (T) increases.

The coefficients in (3) are assigned based on the severity and frequency of observed threats in 6G core environments. The weight of 0.4 for the anomaly score (A) reflects the critical need to respond immediately to high-rate DoS attacks, while the identical weights of 0.3 for privacy exposure (P) and vulnerability index (V) ensure a balanced defense against jurisdictional routing violations and profile lock-in risks, which often occur simultaneously during the provisioning cycle.

Sensitivity analysis of the threshold $\theta$ indicates that a value of 0.5 provides the optimal balance; thresholds below 0.3 result in excessive P4Runtime control-plane signaling (8.5% CPU increase) with diminishing returns in DoS survival, while thresholds above 0.7 significantly increase the exposure window for reconnaissance.

The energy results (mJ/provision) were derived using the ns-3 Energy Framework, which calculates total consumption by integrating the power draw across the transmit, receive, and idle states of the emulated 6G radio, mapped to the power profile of a standard low-power IoT chipset.

The RSP environment utilizes the Open5GS implementation of the SM-DP+ and SM-DS servers, which fully adheres to the GSMA SGP.22 technical specifications. This ensures that the protocol sequences for Common Mutual Authentication (CMA) and encrypted profile delivery accurately reflect real-world 6G provisioning workflows.

6.2. Reproducibility and Simulation Parameters

The experiments were executed with fixed random seeds to achieve reproducible results, which were tested through 30 simulation runs across all experimental conditions. The reported results show average values that were calculated from multiple testing sessions. We set a dynamic threat threshold at $\theta =0.5$ and operated with a base shuffle interval of $\Delta t_{base}=300$ s. The attack rates used in the simulation range from 50 to 500 packets per second, which demonstrates the two extreme levels of denial-of-service attack intensity.

All components were executed on Ubuntu 24.04 LTS using ns-3 (v3.42), Open5GS (v2.7.1), ONOS (v2.7.0), and BMv2 P4 switches. Configuration scripts and P4 programs can be made available upon reasonable request to support result verification.

6.3. Results and Analysis

6.3.1. Security Resilience and Threat Mitigation

The MTD-SDP-eSIM framework shows substantial progress in achieving two security objectives, which are attack surface reduction and threat mitigation. The NAS mechanism stops harmful network traffic during DoS attacks by changing the gateway’s network identity at regular intervals. Our framework maintains a 90% survival rate during active attacks which exceeds the VPN baseline of ($35\%$) by a margin of $55\%$ as shown in

Table 1. Performance comparison in security resilience and attack mitigation between the proposed MTD-SDP-eSIM architecture and a VPN-based baseline during eSIM provisioning with statistical indicators ($\sigma$, 95% CI).

Metric	MTD-SDP-eSIM	VPN Baseline	Improvement
DoS Survival Rate (%)	90.0 (±1.2)	35.0 (±4.5)	+55%
Port Scan Detection (%)	85.0 (±2.1)	50.0 (±3.8)	+35%
Profile Lock-in Mitig.	5% (±0.8) Failures	20% (±2.5) Failures	75% Reduc.

. DoS Survival Rate ($\sigma$) is defined as the ratio of successfully completed RSP sessions to the total initiated sessions under active attack conditions. A session is considered “survived” only if the mutual authentication, profile download, and installation phases are completed within the standard 5-s timeout threshold without session reset or packet loss induced by the adversary. To ensure statistical significance, all experiments were repeated 30 times. The MTD-SDP-eSIM framework maintained a DoS survival rate of 90% with a standard deviation of $\sigma =1.2\%$ and a 95% confidence interval of $[88.8,91.2]$, demonstrating high architectural stability compared to the volatile performance of the VPN baseline.

Furthermore, the system achieves stealthy port scan detection through dynamic policy updates, which improve its performance to $85\%$ accuracy, while static systems achieve only $50\%$ accuracy. The Port Scan Detection Rate ($\delta$) is determined by modeling scanning as a multi-vector reconnaissance attempt (TCP SYN/UDP) against the P4 data plane. Detection is triggered upon the identification of ≥3 unauthorized port access attempts from a single source within a 1000 ms window by the ZTA controller. Our empirical evaluation shows a False Positive (FP) rate of 2.1% and a False Negative (FN) rate of 3.4%, demonstrating the robustness of the NAS-driven obfuscation. The implementation of runtime deletion checks decreases eSIM profile lock-in failure rates to $5\%$ which represents a $75\%$ improvement compared to traditional eSIM RSP systems.

Figure 3 illustrates the temporal reduction in the attack surface. While static architectures maintain a constant vulnerability window, the MTD-SDP-eSIM framework achieves a $60\%$ reduction in exposed ports immediately following the initial shuffle interval ($\Delta t=300$ s).

6.3.2. Scalability and Latency Benchmarks

As the network density increases, our framework maintains architectural stability through efficient SDN-based orchestration.

Table 2. Comparison of MTD-SDP-eSIM and VPN-based systems to evaluate their provisioning latency and scalability under an increasing number of Internet of Things devices.

Devices (n)	Latency (ms) (MTD-SDP-eSIM)	Latency (ms) (VPN Baseline)	Hardening Score
100	200	250	75%
500	350	500	70%
1000	500	800	65%

highlights that MTD-SDP-eSIM maintains provisioning latencies between 200 and 500 ms for device densities up to 1000, representing a 35% latency reduction relative to VPN-based tunneling (250–800 ms).

The throughput analysis in Figure 4 confirms that the framework can handle up to 40 successful profile provisions per second at maximum scale ($n=1000$), significantly outperforming the VPN baseline, which saturates early due to tunnel overhead.

6.3.3. Energy Consumption and Operational Overhead

A critical requirement for 6G IoT is the minimization of the “security tax” on resource-constrained devices.

Table 3. eSIM provisioning energy consumption and control-plane overhead comparison for MTD-SDP-eSIM, VPN-based, and plain SDP architectures.

Metric	MTD-SDP-eSIM	VPN Baseline	Plain SDP
Energy (mJ/prov.)	15–25	18–30	13–22
CPU Overhead (%)	5–8	3–5	2–4
Memory (MB)	2–4	1–3	1–2

provides a granular numerical breakdown of the energy and computational footprints, compared against baselines.

As illustrated in Figure 5, our results show energy consumption averages 15–25 mJ per provisioning cycle. This is $20\%$ more efficient than VPN setups (18–30 mJ) due to the removal of persistent keep-alive traffic.

Computational overhead on the control plane remains within acceptable limits. As shown in Figure 6, the CPU utilization increases by only 5–$8\%$ during peak NAS shuffling events, which is a negligible trade-off for the substantial gains in resilience.

6.4. Comparative SOTA Analysis

Finally, we benchmark MTD-SDP-eSIM against three state-of-the-art (SOTA) frameworks: SDPN [10], ZT-XPN [7], and SecureSDP [9]. As shown in Table 4, our framework outperforms SDPN by $30\%$ in DoS survival and maintains $40\%$ lower latency at scale compared to SecureSDP.

To assess the agility of the defense, we measured the End-to-End (E2E) Mitigation Latency, defined as $L_{e2e}=L_{det}+L_{dec}+L_{exec}$. While the P4Runtime rule installation ($L_{exec}$) averages only 4.2 ms, the total mitigation latency is dominated by telemetry processing ($L_{det}\approx 25.1$ ms) and controller logic ($L_{dec}\approx 13.0$ ms). As illustrated in Figure 7, the resulting mean $L_{e2e}$ of 42.3 ms demonstrates that the framework achieves sub-second reactivity, which is essential for neutralizing 6G-scale volumetric threats.

Table 4. Comparison of the proposed MTD-SDP-eSIM framework with representative state-of-the-art ZTAs in terms of resilience, latency, and eSIM profile lock-in risk.

Framework	DoS Survival (%)	Latency (ms, 1000 devs)	Lock-in Risk (%)	Hardening (Lynis)
MTD-SDP-eSIM	90	500	5	70%
SDPN [10]	60	650	10	65%
ZT-XPN [7]	70	600	15	68%
SecureSDP [9]	80	700	8	70%

Table 4. Comparison of the proposed MTD-SDP-eSIM framework with representative state-of-the-art ZTAs in terms of resilience, latency, and eSIM profile lock-in risk.

Framework	DoS Survival (%)	Latency (ms, 1000 devs)	Lock-in Risk (%)	Hardening (Lynis)
MTD-SDP-eSIM	90	500	5	70%
SDPN [10]	60	650	10	65%
ZT-XPN [7]	70	600	15	68%
SecureSDP [9]	80	700	8	70%

7. Discussion

The evaluation of the proposed framework demonstrates the viability of hardware-based dynamic Zero Trust enforcement for the emerging 6G environments. The obtained results help us understand the performance trade-offs and architectural implications for the large-scale massive machine-type communication (mMTC) systems by benchmarking against the existing architectures.

7.1. Comparative Advancements over State-of-the-Art

The suggested defense is an alternative to the traditional static security models. The SDPN architecture proposed in article [10] has a single controller, which controls virtual perimeters, but due to the use of static exposure windows, it allows extended reconnaissance. Conversely, MTD-driven NAS integration makes the vulnerability window shorter, leading to a 30% enhancement in DoS survival as compared to SDPN. Due to constant mutations of network properties by NAS, the attackers need to restart the reconnaissance loops over and over again, as shown in Figure 3. This active interference counters attack plans that are persistent, as observed in [1].

On the same note, the use of graph-based trust policies in programmable networks is carried out in ZT-XPN [7] but nothing is said on hardware-level vulnerabilities affecting the eSIM RSP workflow. In the proposed architecture, the eUICC will act as a hardware root of trust for ES-SPA, and it will remove bootstrap insecurities that have been reported by the authors in [3]. The fact that profile lock-in failures have been reduced by 75% also emphasizes the need to use hardware-supported controls to mitigate the risk of privacy at the operator level that was noted in [6].

7.2. The Security-Performance-Sustainability Triad

One of the main issues of 6G security design is management of the so-called security tax for the repeated verification process. Table 3 shows operational footprints which create a fundamental trade-off, as the MTD module raises CPU usage between 5% and 8% while it decreases total IoT energy usage by 20% through the removal of constant IPsec and VPN keep-alive signals.

This observation is especially applicable in consumer electronics and industrial smart grids, where battery life is another limiting factor of significant concern [24]. Our framework shows that dynamic Zero Trust enforcement is possible without the excessive resource overhead by using transient, hardware-anchored SDP tunnels, rather than permanently active encrypted channels. These findings also point to the fact that the advanced MTD logic is in line with the sustainability goal in 6G network design, which can support more environmentally friendly operational models [19].

7.3. Ethical Implications and Regulatory Alignment

The problems due to opaque routing and data exposure by resellers are tackled by the use of network-layer controls that are enforced by the MTD-SDP-eSIM architecture. Our architecture implements “Privacy-by-Design” through its network layer enforcement of jurisdictional requirements, which ensures 6G core systems operate according to international regulations, including GDPR [8]. The ZTA controller uses the eUICC’s hardware identity to create a ’Jurisdictional Policy Metadata’ (JPM) tag. The SDN switches utilize this tag during profile delivery to eliminate routing paths which leave the necessary legal boundaries, thus establishing a system that uses cryptographic methods to create a geographic boundary. This means that all sensitive IoT metadata and SIM profiles will never be processed by servers in non-GDPR-compliant countries, offering a technical data residency assurance that goes beyond the capabilities of current software-only VPN systems.

Dynamic NAS-based shuffling, however, involves the possibility of latency jitter. As it is seen in the scalability benchmarks (Table 2), the frequent occurrence of mutation events should be synchronized with the eIM proxy to avoid the degradation of the services to users in bandwidth-constrained areas or geographically marginalized areas. Ethical deployment thus involves a transparent audit of threat-level thresholds ($\theta$) to make sure that adaptive security measures do not further impair digital inequality or accessibility limitations.

7.4. Architectural Scalability of the 6G Core

Our framework maintains sub-500 ms provisioning latency in large-scale conditions ($n=1000$), as presented in Figure 4. The separation of the Policy Decision Point (PDP), which is deployed in the ZTA controller, and the Policy Enforcement Point (PEP), which is achieved with P4-programmable switches, allows scaling control-plane coordination without impacting data-plane performance. Since the cores of 6G will be required to eventually enable billions of simultaneous interactions of devices, programmability and modular security design is vital. The proposed architecture provides a scalable path of secure provisioning in next-generation network infrastructures compared to the traditional approaches based on a static architecture perimeter-centric defense [1].

7.5. Limitations and Scope of the Framework

While the proposed MTD-SDP-eSIM framework demonstrates strong resilience against network-layer attacks during eSIM provisioning, certain limitations and assumptions are acknowledged.

First, the architecture presupposes the integrity of eUICC hardware and the reliability of the ZTA controller. The current threat model does not include physical tampering, advanced side-channel attacks or compromise of the secure element on the firmware level. Similarly, a compromised control plane may weaken the enforcement of the policy, though the isolation and hardening of controllers can mitigate this threat in practice. To tackle the problems of hardware manipulation and side-channel attacks, Remote Attestation (RA) protocols should be added to the framework to affirm eUICC firmware integrity even before ES-SPA commences. Moreover, the vulnerability of having a compromised central controller may be addressed by spreading the Policy Decision Point (PDP) logic to several edge nodes through Multi-Party Computation (MPC), so that no one party can approve rogue provisioning requests.

Secondly, the existing implementation concentrates on NAS as the MTD mechanism. Other adaptive techniques such as path hopping, protocol mutation, or virtual machine migration fall outside the scope of the study. Even though NAS is an advantage in terms of low-latency deployment in SDN environments, the work could be expanded to include multi-dimensional MTD in the future.

Thirdly, high-fidelity simulation is used to conduct validation instead of carrier-grade deployments of 6G. Although the emulation with the help of ns-3, Open5GS, and P4Runtime is realistic, additional testing under the conditions of working SM-DP+ infrastructures and regulatory provisioning policies is required.

Lastly, there is no explicit mitigation of insider threats that are caused by operator or SM-DP+ personnel. Even though the framework protects against the downstream effects like profile lock-in, governance and regulatory control are necessary to deal with malicious administrative actions that cannot be dealt with by mere technical controls.

In general, the proposed architecture forms a viable basis of the hardware-based Zero Trust supply in IoT ecosystems of the future 6G.

8. Conclusions

This work addresses two fundamental challenges in 6G IoT provisioning: static architectural vulnerabilities and privacy risks associated with eSIM-based Remote SIM Provisioning (RSP). The proposed MTD-SDP-eSIM framework demonstrates that integrating hardware-anchored Zero Trust enforcement with Moving Target Defense (MTD) substantially improves resilience against advanced Denial-of-Service (DoS) attacks and persistent reconnaissance attempts. By leveraging the eUICC as a hardware root of trust within the ES-SPA mechanism, the architecture reduces the bootstrap trust gap inherent in software-only security models and enforces identity verification and policy control through tamper-resistant components.

The primary contributions include the formalization of the ES-SPA mechanism, the design of a threat-adaptive indexing algorithm, and comprehensive validation on a high-fidelity 6G simulation testbed. Experimental evaluation confirms a 90% DoS survival rate, a 35% scalability improvement over VPN-based provisioning approaches, and a 75% reduction in eSIM profile lock-in failures. These findings indicate that network-layer dynamism combined with hardware-anchored identity can effectively mitigate complex privacy and jurisdictional challenges in large-scale IoT deployments. In addition, automated provisioning workflows reduce physical SIM management overhead by up to 80%, supporting cost-efficient and scalable operations.

Future work will extend this foundation in several directions. Firstly, the framework will be evaluated against emerging quantum threats through the integration of NIST-approved post-quantum cryptographic (PQC) standards for securing eUICC-to-controller communication. Secondly, deployment in Non-Terrestrial Network (NTN) environments will be explored to enable Zero Trust enforcement across satellite-supported 6G infrastructures. Finally, deep reinforcement learning (DRL) techniques will be investigated to refine adaptive threat-threshold tuning and enable autonomous MTD orchestration under dynamic edge conditions.