Zero-Trust Mechanisms for Securing Distributed Edge and Fog Computing in 6G Networks

Abstract

The rapid advancement in 6G networks, driven by the proliferation of distributed edge and fog computing, has introduced unprecedented challenges in securing these decentralized architectures. Traditional security paradigms are inadequate for protecting the dynamic and heterogeneous environments of 6G-enabled systems. In this context, we propose ZTF-6G (Zero-Trust Framework for 6G Networks), a novel model that integrates Zero-Trust principles to secure distributed edge and fog computing environments. Robust security is ensured by ZTF-6G by adopting a “never trust, always verify” approach, which comprises adaptive authentication, continuous verification, and fine-grained access control against all entities within the network. Within this context, our proposed framework makes use of Zero-Trust-based multi-layering that extends to AI-driven anomaly detection and blockchain-based identity management for the authentication and real-time monitoring of network interactions. Simulation results indicate that ZTF-6G is able to reduce latency by 77.6% (up to 2.8 ms, compared to the standard models’ 12.5 ms), improve throughput by 70%, and improve resource utilization by 41.5% (90% of utilization). Additionally, the trust score accuracy increased from 95% to 98%, energy efficiency improved by 22.2% (from 88% to 110% efficiency), and threat detection accuracy increased to 98%. Finally, the framework perfectly mitigated the insider threats by 85% and enforced a dynamic policy within 1.8 ms. ZTF-6G maintained a low latency while providing more resilience to insider threats, unauthorized access, and data breaches, which is a requirement of 6G networks. This research aims to lay a foundation for deploying Zero-Trust as an integral part of the next-generation networks which will face the security challenges of the distributed systems driven by 6G networks.

1. Introduction

Zero-Trust (ZT) mechanisms [1,2,3] have led to a new paradigm of cybersecurity, which is the new concept of “never trust, always verify” [1]. Zero-Trust does not implicitly trust any entity, inside or outside the network. Continuous authentication, fine-grained access control, and real-time monitoring are used in system security against increasing numbers of threats [4,5,6]. Today, this approach is especially important in environments of decentralized architecture, dynamic user behavior, and multiple access points [7,8,9,10]. Within the realm of next-generation networks, particularly 6G, the adoption of Zero-Trust can be a solution to the challenges brought on by highly complex distributed computing systems [11,12,13,14,15].

Integrating distributed edge and fog computing plays a crucial role in the architecture of 6G networks, as it brings the data processing closer to its source so that it can minimize latency and further optimize resource utilization [16]. When compared to edge computing, fog computing goes one step further, as it comprises additional layers between the edge devices and the cloud, as its name suggests [17,18,19,20]. To be able to support latency-sensitive applications such as autonomous vehicles, industrial IoT, and all of the smart city applications mentioned in [21,22,23,24], these paradigms are indispensable. However, the cybersecurity vulnerability of edge and fog computing environments, due to their distributed and decentralized nature, is significantly higher when compared to traditional computing environments [25,26,27,28,29]. Nonetheless, traditional security mechanisms are usually poor at dealing with these challenges, as they do not scale to the peculiar demands of these environments [30,31,32].

In the context of 6G networks, their ultra-low latency, high reliability, and connectivity of a massive number of devices are key, and, hence, robust security mechanisms are needed. They can be integrated into 6G networks with distributed edge and fog computing environments, where these challenges can be solved by using the scalable, adaptive solution of Zero-Trust principles [33,34,35,36]. Zero-Trust can be enabled with the usage of cutting-edge technologies like AI-powered anomaly detection, identity management on a blockchain, and dynamic access control policies to verify all the network entities continually. We introduce ZTF-6G, a Zero-Trust-based solution that can be used to deploy Zero-Trust and security to the distributed edge and fog computing in 6G networks; it is also capable of addressing their limitations and aligning with the next-generation system requirements [37,38,39,40].

Figure 1 illustrates the proposed trust evaluation techniques in 6G Zero-Trust networks. The framework includes real-time anomaly detection, dynamic access control, and blockchain-based authentication to ensure security at the edge and fog layers.

Figure 1. Trust evaluation techniques for 6G networks.

Implementing Zero-Trust in 6G networks presents several challenges due to ultra-low latency requirements, a massively distributed architsaecture, and an expanding attack surface. Security mechanisms must operate within a sub-millisecond latency to support critical applications, such as autonomous vehicles and industrial IoT, without introducing delays [41,42,43,44]. The highly decentralized nature of 6G networks, with thousands of edge and fog nodes, makes centralized security models ineffective [45,46,47,48]. Additionally, multi-node authentication across edge, fog, and cloud layers remains complex and prone to performance bottlenecks [49,50]. Zero-Trust principles—such as ‘never trust, always verify’—face significant challenges when applied to 6G networks. Sixth-generation networks are anticipated to be highly distributed, low-latency, and massively connected with billions of devices. This introduces several obstacles for traditional Zero-Trust models:

(a)

Decentralized Security Infrastructure: 6G networks require security mechanisms that scale across a highly decentralized and heterogeneous environment consisting of edge, fog, and cloud nodes. Traditional Zero-Trust frameworks, often designed for centralized environments, are ill suited for such vast and distributed systems.

(b)

Ultra-Low Latency: For applications such as autonomous vehicles and industrial IoT, the Zero-Trust mechanisms must not only be secure but also efficient to minimize latency. Blockchain-based consensus and AI-driven anomaly detection can introduce delays that are not acceptable in latency-sensitive applications.

(c)

Massive Device Connectivity: With billions of devices connected, dynamic trust evaluations and continuous authentication must be handled efficiently without overwhelming network resources.

(d)

AI and Blockchain Integration: Implementing AI-based anomaly detection and blockchain for decentralized identity management in real time requires heavy computation and resource usage, which may not be feasible for all 6G-enabled edge devices.

The rapid growth of IoT and untrusted devices further expands the attack surface, increasing risks such as insider threats, unauthorized access, and AI-driven cyberattacks. Traditional Zero-Trust frameworks, designed for centralized cloud environments, struggle to scale efficiently for billions of 6G transactions. Moreover, resource-constrained edge devices lack the computational power to handle frequent re-authentication and heavy cryptographic processing, rendering traditional security approaches impractical.

To address these challenges, we propose ZTF-6G (Zero-Trust Framework for 6G Networks), which integrates AI-driven anomaly detection and blockchain-based authentication for real-time security enforcement. The framework dynamically adjusts trust scores based on user behavior and network anomalies, ensuring continuous verification without impacting performance. Blockchain-based identity management eliminates reliance on centralized trust authorities, providing tamper-proof authentication while reducing security risks. The use of lightweight cryptographic verification optimizes security for resource-constrained devices. Additionally, scalable and adaptive security policies ensure efficient multi-layer authentication, maintaining low latency while securing network interactions.

By mitigating security risks within 1.8 ms, ZTF-6G effectively blocks insider threats, unauthorized access, and AI-driven attacks, making it a highly scalable and efficient Zero-Trust solution for 6G networks.

1.1. Justification of Novelty and Improvement

The proposed ZTF-6G framework introduces a novel integration of Zero-Trust security mechanisms, specifically tailored for the 6G network environment. It addresses the growing security challenges associated with distributed edge and fog computing. Unlike traditional security models, which rely on static perimeter-based defenses and predefined access controls, ZTF-6G adopts a dynamic and AI-driven security approach that continuously evaluates trust scores derived from real-time network interactions. By leveraging machine learning-based anomaly detection, the framework can proactively identify and mitigate emerging threats, thereby reducing the risk of unauthorized access, data breaches, and insider threats. Additionally, ZTF-6G integrates blockchain-based identity verification, providing a decentralized, tamper-proof authentication system. This eliminates reliance on centralized trust authorities and enhances the integrity of access control mechanisms. The framework further employs adaptive anomaly detection algorithms that adjust network security policies based on contextual factors such as device behavior, historical interactions, and emerging threats. Unlike conventional approaches that compromise performance for security, ZTF-6G is designed to maintain ultra-low latency and high computational efficiency essential for 6G-enabled distributed computing environments. The combination of AI-driven security analytics, blockchain-backed authentication, and real-time access control makes ZTF-6G a highly scalable, resilient, and future-proof Zero-Trust solution for next-generation networks. It ensures that security mechanisms evolve alongside the rapid advancements in 6G technologies.

1.2. Securing Distributed Edge and Fog Nodes with Zero-Trust Mechanisms

In 6G networks, it is necessary to employ a robust mechanism that continuously authenticates and authorizes network entities while maintaining low latency and minimal resource overhead on the distributed edge and fog nodes. The key challenge is to design a Zero-Trust-based model in which interactions are dynamically monitored, and fine-grained access controls are enforced to prevent unauthorized access and insider threats.

The problem formulations are clearly defined, with corresponding symbols and descriptions outlined in Table 1.

$$\mathrm{m}\mathrm{i}\mathrm{n}{R}_s=\sum _{i=1}^N\sum _{j=1}^N{\mathbf{A}}_{i,j}\cdot \left(1-T_{i,j}\right)\cdot C_{i,j}$$

(1)

Table 1. Nomenclature.

Symbol	Description
$N$	Total number of nodes in the network (edge and fog nodes).
$E$	Set of edges representing communication links between nodes.
$P_{i,j}$	Permission level for interaction between node $i$ and node $j$.
$T_i$	Trust score of node $i$.
${\delta }_t$	Trust threshold for maintaining node access.
$\mathrm{A}$	Adjacency matrix representing connectivity between nodes.
$C_{i,j}$	Communication cost between node $i$ and node $j$.
$R$	Total resource availability in the network.
$D_i$	Data size of tasks for node $i$.
$B_i$	Bandwidth allocated to node $i$.
$P_i$	Power consumption of node $i$.
$B_{total}$	Total bandwidth available in the network.
$P_{total}$	Total power budget of the network.

Here, $R_s$ represents the total risk score of the network, which needs to be minimized. The term $A_{ij}$ denotes the adjacency matrix representing the connection between nodes $i$ and $j$, while $T_{ij}$ is the computed trust score between them. The cost function $C_{ij}$ captures the security cost of interactions. The objective is to minimize risk by penalizing connections with lower trust scores, effectively reducing the likelihood of communication between potentially compromised nodes.

Subject to the following:

$$T_i\ge {\delta }_t, \forall i\in N$$

(2)

$$\sum _{i=1}^N{R}_i\le R$$

(3)

$$P_{i,j}\in \left\{0,1\right\}, \forall i,j\in N$$

(4)

$${\mathbf{A}}_{i,j}\in \left\{0,1\right\}, \forall i,j\in N$$

(5)

This approach periodically computes trust scores for each node to ensure that communication only occurs when the trust thresholds are met. The network topology is represented using an adjacency matrix, and the objective function aims to minimize the aggregated risk score by considering both trust scores and communication costs. Resource usage is constrained within predefined limits, and communication is permitted only under specified access control constraints.

1.3. Dynamic Resource Allocation for Secure Edge and Fog Computing

Resource allocation in distributed edge and fog computing for 6G networks under Zero-Trust security constraints remains a critical optimization challenge. The goal is to balance resource utilization, maintain low latency, and implement dynamic access policies to ensure secure and efficient operations.

$$\mathrm{m}\mathrm{i}\mathrm{n}{L}_{cost}=\alpha \sum _{i=1}^N{\displaystyle \frac{D_i}{B_i}}+\beta \sum _{i=1}^N{P}_i$$

(6)

$B_i$ represents the allocated bandwidth for node $i$, while $P_i$ denotes power consumption. The coefficients $\alpha$ and $\beta$ control the trade-off between latency and energy efficiency.

A risk-aware bandwidth allocation strategy can be incorporated by introducing a risk factor $R_s$, which accounts for node reliability, past performance, and authentication frequency. Higher $R_s$ values indicate potentially compromised nodes, prompting stricter bandwidth restrictions and additional security verifications.

Subject to the following:

$$\sum _{i=1}^N{B}_i\le B_{total}$$

(7)

$$\sum _{i=1}^N{P}_i\le P_{total}$$

(8)

$$T_i\ge {\delta }_t, \forall i\in N$$

(9)

The focus of this formulation is to minimize latency and energy efficiency in the resource allocation problem for secure edge and fog operations. The trade-off between latency and energy consumption is balanced as part of the objective function, and the total bandwidth and power consumption are constrained to system limits. Just like Zero-Trust, trust scores are established to ensure that resource access is secure.

The integrity and security of 6G-enabled distributed systems are threatened by unique and evolving security risks. This research introduces a novel framework that combines Zero-Trust principles with cutting-edge technologies to provide a robust, scalable, and adaptive security solution to the 6G-enabled distributed systems.

• Proposed a novel Zero-Trust Framework (ZTF-6G): It is designed for securing dynamic and decentralized edge and fog computing environments in 6G networks.
• Developed AI-driven anomaly detection modules: It guarantees the real-time identification and solving of security threats.
• Implemented blockchain-based identity management: It provides decentralized, tamper-proof authentication and fine-grained access control.
• Validated the framework through simulations: The system demonstrated significant improvements in security, scalability, and overall performance when compared to traditional approaches.
• Optimized Resource Allocation and Performance: Achieves 77.6% lower latency, 70% higher throughput, and 41.5% better resource utilization compared to traditional models.

The paper is organized into four main sections, as described below: The research begins by presenting the problem that requires Zero-Trust principles for 6G network security. Section 2 details the related works and literature studies. Section 3 details the proposed ZTF-6G framework, including its architecture, key components, and methodology, outlining the design, implementation, and simulation setup. Section 4 discusses the results and evaluations, comparing the performance of ZTF-6G with the existing methods. Section 5 concludes the paper by summarizing the key findings and suggesting future research directions.

2. Related Work

Zero-Trust frameworks have emerged as crucial security paradigms for 6G networks, addressing diverse security challenges such as risk mitigation, access control, authentication, and anomaly detection. Several existing models have been proposed to enhance the security of distributed computing in 6G, leveraging AI, blockchain, and decentralized trust mechanisms.

Security experts recognize the growing need to implement Zero-Trust mechanisms for 6G networks, as they address specific security demands of distributed edge and fog computing platforms [1,2,3]. According to researchers [4,5,6,7,8], Zero-Trust analytics offer solutions for modernized authentication, enhanced access control, and threat detection in dynamic, decentralized 6G environments.

The 6G network architecture relies on edge and fog computing, which places data processing resources close to their sources, thereby enabling low-latency processing [10,11,12,13,14]. This method reduces data analysis time, making it suitable for applications such as autonomous vehicles, smart healthcare systems, and real-time analytics. Although these paradigms are inherently decentralized, the attack surface, so to say, is significantly expanded, making the network vulnerable to a variety of security threats, such as unauthorized access, data breaches, and distributed denial of service (DDoS) attacks [8]. In order to address these concerns, Ali et al. [4] proposed a maturity framework for Zero-Trust security in multi-access edge computing. On the basis of fine-grained access control mechanisms and continuous monitoring, their framework puts an emphasis on risk mitigation and robust defense mechanisms. Kaur et al. [16] also studied the application of Zero-Trust principles in securing fog computing in the healthcare domain. Their blockchain-integrated Zero-Trust framework ensures secure data exchange and tamper-proof authentication, addressing the sector’s high standards for privacy and data integrity [15,16,17,18,19,20]. These studies collectively underscore the flexibility of Zero-Trust principles in adapting to dynamic and distributed environments such as edge and fog computing [9,21,22,23,24]. However, practical implementations of these solutions continue to face challenges, including the scalability of security mechanisms to accommodate the growing number of connected devices and the resource efficiency required to operate within constrained environments [25,26,27,30].

The adoption of Zero-Trust mechanisms in 6G networks has gained substantial momentum due to the stringent security requirements of ultra-low latency, high reliability, and mission-critical applications such as remote surgery, industrial automation, and autonomous systems [28,29,32,33,37]. Given their massive device connectivity and reliance on real-time data exchange, 6G networks require advanced security solutions. To address these needs, Chen et al. [7] proposed a software-defined Zero-Trust model, integrating AI-driven security policies for dynamic trust evaluation in 6G networks. This model employs behavior-based anomaly detection, continuously adapting access control policies based on network conditions. However, its heavy dependency on AI inference accuracy may result in false positives or negatives, potentially compromising overall security reliability. To overcome the limitations of centralized authentication, Sedjelmaci et al. [34] developed a decentralized Zero-Trust framework for 6G Radio Access Networks (RANs). Their model introduces hierarchical trust scoring, decentralized access control, and lightweight encryption techniques to enable low-latency authentication. Despite its advantages, the computational overhead of trust management could negatively impact real-time network performance. Enright et al. [10] applied artificial intelligence to integrate Zero-Trust frameworks, utilizing machine learning algorithms for intelligent threat detection and automated response mechanisms. In addition, this integration not only accelerates threat management, but also provides a proactive view of potential vulnerabilities before they are exploited. Collectively, these contributions highlight Zero-Trust as a foundational security paradigm for 6G networks. However, challenges remain in terms of operational complexity and seamless integration with the existing infrastructure—both of which are active areas of research.

With the rise in intelligent decision-making and data-handling techniques, emerging fields such as artificial intelligence (AI) and blockchain have enhanced the capabilities of Zero-Trust frameworks. Ramezanpour et al. [26] designed a Zero-Trust model that combines AI and blockchain for 6G security, enhancing proactive threat mitigation and decentralized identity management. By integrating biometric authentication, the framework ensures robust security. However, its computational intensity makes it less suitable for resource-constrained edge devices. Blika et al. [6] proposed a Federated Learning-based Zero-Trust model, which enhances security in distributed nodes while preserving user privacy. By applying adaptive risk assessment policies, the model strengthens authentication mechanisms. Nevertheless, federated learning introduces communication overhead, which may affect network efficiency in high-load environments. Similarly to the work of Yiliang et al. [40], the Zero-Trust-based mobile network security architecture proposed for decentralized identities uses a blockchain to manage decentralized identities. The inherent immutability and transparency of blockchain make its authentication processes tamper-proof and verifiable, thereby mitigating risks such as identity spoofing and unauthorized access. The integration of AI and blockchain not only enhances security mechanisms but also addresses key challenges such as scalability, decentralized control, and system interoperability. This is especially relevant in distributed environments such as edge and fog computing, where traditional centralized security models face significant limitations. These technologies enable dynamic, distributed control and promote robust, efficient, and adaptive implementation of Zero-Trust in next-generation networks.

Several comprehensive surveys have synthesized the growing body of research on Zero-Trust architecture, examining its applications, benefits, and outstanding challenges. According to Nahar et al. [22], Zero-Trust plays a central role in 6G networks, addressing issues such as system heterogeneity, interoperability, bandwidth and computational limitations, and the dynamic enforcement of policies in evolving network contexts. Their findings emphasize the need for adaptable and resource-efficient frameworks capable of supporting the diverse requirements of 6G applications. In the context of 6G smart networks, Liyanage et al. [19] investigated the convergence of Zero-Trust with technologies such as IoT and artificial intelligence. The primary objective of their review is to understand how these technologies can improve Zero-Trust with the help of intelligent automation, real-time analytics, and secure device-to-device communication. Across these studies, researchers emphasize the urgent need for Zero-Trust frameworks that not only secure systems but also maintain performance and usability in complex, distributed environments. Given the increasing heterogeneity and connectivity of modern networks, Zero-Trust principles and emerging technologies must jointly address challenges such as horizontal scaling, latency, and dynamic resource allocation.

Beyond general use cases, Zero-Trust framework implementations are rapidly expanding across sectors, as organizations recognize the need for tailored security solutions that address their specific industry requirements. Safak et al. [31] studied security and privacy mechanisms in 6G-enabled Internet of Everything (IoE) networks within the banking domain, where institutions face advanced cyber threats such as financial fraud, data breaches, and ransomware attacks. The study demonstrated how Zero-Trust principles—such as continuous monitoring, granular access control, and secure identity verification—can collectively mitigate these risks by ensuring only authorized users and devices access sensitive financial data. Similarly, Son et al. [38] proposed a Zero-Trust authentication scheme for IoT environments in 6G networks, incorporating secure and context-aware access control for interconnected devices. This approach evaluates not only user credentials, but also contextual factors such as device behavior and location, providing an additional layer of protection against unauthorized access. These studies emphasize the flexibility of Zero-Trust frameworks in addressing diverse and sector-specific security requirements, from industrial IoT to financial systems. With Zero-Trust, the security mechanisms are themselves set as flexible and adaptive, which makes it a foundational paradigm to support strict sector-specific use cases.

The rapid advancement in 6G wireless networks necessitates robust security frameworks to tackle evolving cyber threats and network vulnerabilities. Yang et al. [42] explored cross-layer automated security solutions for 6G, emphasizing the importance of Zero-Trust networks that incorporate AI-driven anomaly detection and self-adaptive security mechanisms. While they proposed Zero-Trust security automation, their model lacked decentralized trust mechanisms, making it vulnerable to identity spoofing. Although their approach enhances automation, the absence of decentralized trust management renders it vulnerable to insider attacks. In contrast, Singh et al. introduced WIND, a Wireless Intelligent Network Digital Twin, leveraging federated learning and multi-layer optimization to enhance privacy-preserving security mechanisms in decentralized networks [43]. However, federated learning—though effective in distributed environments—introduces computational overhead that can hinder real-time Zero-Trust enforcement. Additionally, Hamroun et al. provided an extensive survey on intrusion detection in 5G and Wi-Fi networks, identifying critical limitations in current intrusion detection methods, particularly in multi-access edge computing (MEC) scenarios [44]. Their work highlights the need for adaptive, AI-driven security frameworks capable of mitigating novel attack vectors in heterogeneous 6G environments. Building upon these studies, the proposed ZTF-6G framework integrates blockchain-based authentication, real-time AI-driven anomaly detection, and Zero-Trust adaptive access control, addressing the limitations of the existing models and enhancing security, scalability, and efficiency in distributed 6G edge and fog computing networks.

The convergence of Zero-Trust principles with emerging technologies, such as AI and IoT, within the 6G framework has been extensively studied, upon which new opportunities for securing distributed systems in real time have been found. IoT environments are being scrutinized by Singh et al. [36], who examined the part that Zero-Trust architecture plays within these environments to help resolve its critical problems, including ensuring that data are authentic, preventing the use of unauthorized devices, and protecting the massive quantities of data generated by IoT devices. This reaffirms Zero-Trust’s importance for secure device-to-device communication and data integrity in environments where traditional security methods fail to meet the complexity and scale requirements. Another significant contribution comes from Partala and Agrawal [25], who explored Secure Edge Intelligence in 6G networks, integrating Zero-Trust principles with AI-driven security policies. Their framework supports secure data offloading and distributed decision-making, ensuring robust authentication and threat mitigation. However, the model prioritizes computational efficiency over advanced security enforcement, which may create vulnerabilities in mission-critical applications.

Recent advancements in Zero-Trust security for 6G networks focus on decentralized authentication and proactive enforcement to address evolving cyber threats. Traditional models struggle with scalability and resource constraints in distributed edge and fog computing. Bai et al. [41] proposed a blockchain-based caching strategy for mobile edge computing but lacked adaptive trust mechanisms. Chen et al. [7] introduced an AI-driven Zero-Trust model for 6G but faced high computational overhead. To overcome these limitations, we propose ZTF-6G, integrating AI-driven anomaly detection and blockchain-based authentication for real-time trust scoring and tamper-proof identity verification. Unlike previous models, ZTF-6G ensures high security, minimal latency, and efficient resource utilization, making it an optimal Zero-Trust solution for 6G networks.

Ali et al. [4] introduced a Zero-Trust framework for multi-access edge computing (MEC), focusing on risk mitigation through continuous monitoring and fine-grained access control. This framework enforces real-time authentication and adaptive security policies, ensuring that only verified entities can access critical resources. However, it lacks blockchain-based identity verification, which could further enhance the integrity of authentication mechanisms. In contrast, Kaur et al. [16] developed a blockchain-powered Zero-Trust framework tailored for fog computing in healthcare. Their model ensures tamper-proof authentication and secure data exchange among medical IoT (MIoT) devices by utilizing smart contracts. While effective for healthcare applications, the model’s scalability remains a challenge when applied to broader 6G environments.

While each of these frameworks contributes valuable security enhancements, they exhibit limitations such as lack of scalability, high computational requirements, or inefficiencies in anomaly detection. Our proposed ZTF-6G framework addresses these gaps by integrating AI-driven anomaly detection, blockchain-based identity management, and adaptive trust scoring into a unified security architecture. Unlike prior models, ZTF-6G ensures a multi-layered security approach by incorporating lightweight AI models to reduce computational overhead and optimize real-time authentication. Additionally, it supports scalable security solutions applicable across diverse 6G domains, including smart cities, autonomous vehicles, and industrial IoT. By leveraging blockchain’s decentralized authentication and AI-driven trust scoring, ZTF-6G overcomes the weaknesses of the existing frameworks and offers a robust, scalable, and adaptive Zero-Trust solution for next-generation 6G networks.

Table 2 presents a comparative analysis of studies focusing on Zero-Trust mechanisms. Furthermore, it highlighted what they looked at, what technologies they used, and what they wrote that is relevant to peers working for distributed edge and 6G networks. A Zero-Trust-based framework (ZTF-6G) for edge-to-fog distributed computing in a 6G network is proposed to meet the following requirements of securing the network, including real-time threat detection, adaptive access control, and enhancing the data integrity with low latency and scalability. ZTF-6G provides a novel integration of Zero-Trust principles specifically designed to address the unique challenges posed by 6G networks. Key innovations include the following:

Table 2. Comparison of studies on Zero-Trust mechanisms in distributed and 6G networks.

Study	Focus	Technology Used	Key Contribution	Limitation
Ali et al. [4]	Zero-Trust in Multi-Access Edge Computing	Fine-Grained Access Control and Continuous Authentication	Improves MEC security with real-time trust verification	Lacks blockchain-based identity verification
Kaur et al. [16]	Blockchain-Based Zero-Trust for Fog Computing in Healthcare	Blockchain and Smart Contracts	Ensures secure MIoT authentication and data exchange	Limited scalability beyond healthcare applications
Chen et al. [7]	AI-Powered Zero-Trust in 6G Networks	AI and Behavior-Based Anomaly Detection	Adaptive security policy enforcement using AI	High dependency on AI inference accuracy
Sedjelmaci et al. [34]	Decentralized Zero-Trust for 6G RAN	Hierarchical Trust Scoring and Lightweight Encryption	Eliminates central authentication bottlenecks in RANs	High computational overhead affects real-time processing
Ramezanpour et al. [26]	AI-Blockchain Integrated Zero-Trust	AI, Blockchain, and Biometric Authentication	Combines AI and blockchain for multi-layered authentication	Computationally intensive for edge deployments
Blika et al. [6]	Federated Learning-Driven Zero-Trust	Federated Learning and Adaptive Risk Assessment	Enhances privacy while enforcing real-time Zero-Trust policies	Communication overhead in large-scale networks
Partala & Agrawal [25]	Secure Edge Intelligence in 6G	AI-Driven Zero-Trust and Data Offloading	Optimizes security in edge computing environments	Less emphasis on advanced security enforcement
ZTF-6G (this paper)	Zero-Trust for 6G Edge-Fog	AI and Blockchain	Real-time anomaly detection and trust-based adaptive security	Energy cost due to blockchain verification

• AI-driven Anomaly Detection: The real-time detection of security threats through machine learning models enables continuous authentication and behavior analysis for dynamic trust scoring.
• Blockchain-Based Authentication: A decentralized approach to identity management ensures tamper-proof authentication and eliminates reliance on centralized trust authorities, thereby reducing the risk of insider threats and unauthorized access.
• Adaptive Access Control: The trust evaluation mechanism in ZTF-6G continuously adjusts security policies based on the current network environment, device behavior, and previous interactions, ensuring granular control over access rights.

3. Methodology

This section outlines the systematic methodology used to design, develop, and evaluate the proposed framework. It covers the collection of datasets, preprocessing, experimental setup, implementation, and performance evaluation.

3.1. Dataset Collection

To ensure the adequacy of the data collected for this study, data from publicly available datasets and custom-generated sources were used. The datasets included features such as latency, throughput, and network events under varying network conditions. To address specific research requirements, publicly available data were augmented with simulated data to fill gaps in the existing resources. This hybrid approach combined the strengths of scenario-based modeling and realist methodology, ensuring the dataset was representative of real-world conditions while maintaining diversity and scalability. The dataset used in this research is a hybrid of publicly available intrusion detection data (e.g., UNSW-NB15) and synthetic data generated using NS-(3) and OMNeT++ (6.0) simulators. These simulators model 6G-specific attack vectors such as AI-driven cyberattacks and insider threats, which are critical in the context of 6G network security.

3.2. Dataset Description

The dataset used in this study consists of 50,000 instances, combining both real-world network logs (30%) and synthetically generated data (70%) to ensure comprehensive coverage of 6G-specific security scenarios. The real-world data are sourced from open-source intrusion detection systems, capturing diverse network activity, authentication requests, access control logs, and previously recorded cyber threats. This ensures the dataset reflects actual network behavior and security challenges faced in distributed edge and fog computing environments. Synthetic data were generated using NS-3 and OMNeT++ simulators, modeling advanced 6G attack vectors such as AI-driven cyberattacks, adversarial machine learning intrusions, dynamic insider threats, and trust manipulation attacks—scenarios that are underrepresented in publicly available datasets. The dataset includes key performance metrics such as latency, throughput, trust scores, anomaly detection logs, authentication attempts, and attack instance details, ensuring a diverse and realistic representation of security conditions in 6G networks. By integrating real and synthetic data, this dataset effectively captures scalability challenges, Zero-Trust authentication complexities, and real-time threat detection requirements necessary for evaluating the ZTF-6G framework.

While the dataset contains 50,000 instances, the majority are synthetically generated. The risk of sample bias from this overrepresentation is acknowledged. To mitigate this, future work will involve real-world testing using a 6G test platform to ensure that the synthetic data accurately reflects real-world 6G scenarios. Algorithm 1 below outlines the ZTF-6G security enforcement and trust evaluation process.

Algorithm 1: ZTF-6G Security Enforcement and Trust Evaluation.

Input: $D$ → Data from edge devices $N$ → Number of network nodes $T_i$ → Initial trust score for each node $A_i$ → AI-detected anomalies $B$ → Blockchain verification module Output: Secure task execution with adaptive trust-based access control Steps: Initialize Security → Set network size, edge-fog nodes, and trust scores. Deploy AI-driven anomaly detection and blockchain authentication. Monitor Activity → Detect anomalies, unauthorized access, or threats. Update trust scores dynamically. Evaluate Trust$\to \mathrm{If} T_i\ge$ threshold, grant access; else, trigger re-authentication. Blockchain Verification → If re-authentication is needed, verify identity via blockchain and log records securely. Adaptive Access Control → Restrict or restore access based on trust score variations. Optimize Performance → Measure latency, throughput, and security overhead. Minimize processing delays. Simulate & Compare → Test attack models, trust variations, and security strategies. Log and compare results with baseline models. End Algorithm

3.3. Simulation Parameters and Dataset Details

The simulations were conducted using OMNeT++ and NS-3, incorporating a dataset of 50,000 instances to evaluate the performance of ZTF-6G. The dataset comprises 30% real-world network logs sourced from open-source intrusion detection systems and 70% synthetically generated attack scenarios designed using network simulation tools to replicate 6G-specific security threats. The simulated network environment includes 10,000 connected devices, ensuring scalability and real-world applicability. Performance evaluation was based on key simulation parameters, including a latency benchmark of 12.5 ms for traditional security models. In comparison, ZTF-6G achieved a significantly lower latency of 2.8 ms. The system processed 1000 authentication requests per second, demonstrating its ability to handle high-security verification loads efficiently. Blockchain transaction latency was measured at 0.7 ms, ensuring secure decentralized authentication without compromising performance. Additionally, an AI-based anomaly detection system with a 12-layer deep learning architecture was deployed to identify and mitigate threats in real time, further improving security enforcement. These parameters provide a realistic, scalable, and computationally efficient environment to validate ZTF-6G’s superiority over traditional Zero-Trust models in 6G networks. The dataset composition is summarized in Table 3 below.

Table 3. Dataset description.

Feature	Description
Latency	Time taken for data transmission, measured in milliseconds (ms).
Throughput	Network throughput recorded in gigabits per second (Gbps).
Resource Utilization	Metrics related to CPU, memory, and bandwidth usage across nodes.
Access Control Metrics	Includes success rates and delays in implementing dynamic access control policies.
Attack Scenarios	Data related to DDoS attacks, insider threats, and unauthorized access attempts.
Network Load	High and low network load scenarios to emulate real-world environments.
Instances	Approximately 50,000 instances for statistical reliability and scalability.
Preprocessing Techniques	Normalization and removal of outliers to ensure data quality and consistency.

3.4. Proposed Model: SecuEdgeFog-6G

To meet the stringent requirements of 6G networks, we propose SecuEdgeFog-6G—a model based on edge and fog computing paradigms—integrating Zero-Trust principles. The model employs a hierarchical architecture designed to achieve ultra-low latency, high scalability, robust security, and efficient resource utilization. In this section, we provide a detailed description of the architecture, the underlying mathematical model, and the implementation algorithm.

3.5. Model Architecture

The structured process of secure data handling—starting with an initial data validation—is illustrated in the flowchart shown in Figure 2. User authentication is carried out if the data are valid. Subsequent data processing occurs only after successful authentication and validation by the system. The next step is data encryption; upon success, the encrypted data are securely stored. Once the encrypted data are stored, system integrity is maintained by logging the event. If an error occurs at any stage—such as invalid data, unauthorized access, encryption failure, or logging failure—the process is terminated to ensure security and prevent inconsistencies. The UML flowchart below clearly outlines the decision points and possible outcomes, providing a comprehensive model for the secure and systematic handling of data.

Figure 2. System model architecture.

3.6. Edge Layer

The edge layer comprises IoT devices, mobile phones, and sensors that gather and preprocess data close to the source. This layer handles latency-sensitive tasks that require immediate responses. Lightweight Zero-Trust mechanisms are employed to perform authentication and prevent unauthorized access.

3.7. Fog Layer

The fog layer acts as an intermediate computational tier between edge devices and the core network, handling advanced processing tasks offloaded from the edge. Security and efficiency are maintained using AI-driven Zero-Trust mechanisms based on real-time anomaly detection. Decentralized authentication is guaranteed through blockchain-based identity management.

3.8. Core Network Layer

The core network handles centralized storage, global analytics, and deep learning model training. It serves as a storage and security monitoring platform with long-term storage of data and provides seamless communication with edge and fog layers.

3.9. Mathematical Model

The SecuEdgeFog-6G framework is mathematically formulated to ensure security and operational efficiency across all three architectural layers. This section defines the key components as follows:

3.9.1. Latency Minimization

Latency $L$ in the system can be modeled as follows:

$$L=\sum _{i=1}^N{\displaystyle \frac{D_i}{B_i}}$$

(10)

where

• $N$ is the total number of tasks;
• $D_i$ is the data size of task $i$;
• $B_i$ is the bandwidth allocated to task $i$.

To minimize latency, we optimize bandwidth allocation using the following:

$$\mathrm{m}\mathrm{i}\mathrm{n}\sum _{i=1}^N{\displaystyle \frac{D_i}{B_i}}, \mathrm{subject} \mathrm{to}\sum _{i=1}^N{B}_i\le B_{\mathrm{total}}$$

(11)

The optimal allocation of bandwidth $B_i$ can be expressed as follows:

$$B_i={\displaystyle \frac{D_i\cdot \sqrt{W}}{\sum _{j=1}^N\sqrt{D_j}}}$$

(12)

where $W$ is the total available bandwidth.

3.9.2. Resource Utilization

The total resource utilization $R$ is defined as follows:

$$R=\sum _{i=1}^N\left(C_i+P_i\right)$$

(13)

where

• $C_i$ is the computational resource consumed by task $i$;
• $P_i$ is the power consumption of task $i$.

The objective is to optimize resource utilization:

$$\mathrm{m}\mathrm{i}\mathrm{n}R, \mathrm{subject} \mathrm{to}\sum _{i=1}^N{R}_i\le R_{\mathrm{total}}$$

(14)

To balance computational load across nodes, the resource allocation for each task $i$ can be modeled as follows:

$$C_i={\displaystyle \frac{W_i\cdot D_i}{\sum _{j=1}^N{W}_j}}$$

(15)

where $W_i$ represents the weight assigned to task $i$ based on its priority.

3.9.3. Zero-Trust Mechanism

Zero-Trust security involves continuous verification of entities using trust scores $T_i$:

$$T_i=\alpha \cdot A_i+\beta \cdot H_i$$

(16)

where

• $A_i$ is the authentication score of entity $i$;
• $H_i$ is the historical behavior score of entity $i$;
• $\alpha$ and $\beta$ are weights such that $\alpha +\beta =1$.

Access is granted if

$$T_i\ge T_{\mathrm{threshold}}$$

(17)

To dynamically adjust $T_{\mathrm{threshold}}$ based on network conditions, we define the following:

$$T_{\mathrm{threshold}}=T_{\mathrm{base}}+\gamma \cdot {\displaystyle \frac{\sum _{i=1}^N{F}_i}{N}}$$

(18)

where $T_{\mathrm{base}}$ is the base trust score and $F_i$ represents the frequency of anomalies detected for entity $i$.

3.9.4. Energy Efficiency

The total energy consumption $E$ can be minimized as follows:

$$E_{total}=E_{network}+E_{blockchain}$$

(19)

where

• $E_{total}$ is the Total Energy Consumption;
• $E_{network}$ is the Energy Consumption of Network Operations;
• $E_{blockchain}$ is the Energy Consumption Due to Blockchain Operations.

The objective is to minimize $E$ while satisfying task constraints.

3.9.5. Explanation of ZTF-6G Workflow

• Trust Evaluation:
  • Each network entity undergoes dynamic trust score computation based on past authentication records, real-time anomaly detection, and AI-driven risk assessment.
• Adaptive Access Control:
  • If the computed trust score falls below a predefined threshold, the system denies access and triggers re-authentication or additional security verification.
• Anomaly Detection:
  • AI-based monitoring continuously analyzes network traffic, behavioral patterns, and security logs, flagging suspicious activity for manual review or automated response.
• Blockchain-Based Identity Verification:
  • Successfully authenticated entities are recorded in a tamper-proof blockchain ledger, ensuring immutable identity verification and decentralized trust management.
• Dynamic Policy Enforcement:
  • Security policies adapt dynamically based on context, adjusting access privileges, authentication frequency, and trust evaluation criteria in real time.

We show below Algorithm 2 for SecEdgeFog-6G workflow.

Algorithm 2: SecuEdgeFog-6G Workflow.

Input: Data from edge devices D, available resources R, trust scores $T_i$. Output: Processed results $R_{out}$. Initialize edge, fog, and core layers. For each task i in D, do If $Ti\ge Tthreshold$ (i.e., if $D_i$ is latency-sensitive), then Process $D_i$ at the edge layer. Else Offload $D_i$ to the fog layer. If resources at the fog layer are insufficient, then Forward $D_i$ to the core network. Else Reject task iii due to an insufficient trust score. Return processed results $R_{out}$.

The security enforcement and trust evaluation process begins by setting up the network size and initializing the trust scores for all the devices based on their previous trust history and device type. This initial configuration ensures that each device’s security posture is accounted for from the start. Once the network is initialized, the system uses AI models to continuously monitor real-time network activity and detect any anomalies. These anomalies may include unauthorized access attempts or unusual behaviors that deviate from normal network activity. If an anomaly is detected, the system flags the corresponding device for further verification to prevent potential security breaches. Next, the system evaluates each node’s trust score based on current interactions and historical behavior. If the calculated trust score is below a predefined threshold (total < T threshold), access is denied, or the system may request re-authentication to ensure that only trusted devices remain within the network. If re-authentication is required, the system utilizes blockchain consensus mechanisms to verify the identity of the device and securely log the transaction. This decentralized approach eliminates single points of failure, strengthening the authentication process. Finally, once the trust score is updated, the access control policy is dynamically adjusted. Based on the updated trust score, the access control mechanism either grants or revokes access to the network, ensuring that only devices with a verified and trustworthy status can interact with the system. This dynamic approach maintains high security while minimizing potential vulnerabilities.

This article proposes the SecuEdgeFog-6G model—based on a hierarchical edge–fog–core architecture and incorporating state-of-the-art Zero-Trust mechanisms. At the mathematical level, the model optimizes latency, resource utilization, and security. The proposed algorithm supports automatic task management through systematic workflows. The model is particularly well suited for 6G-enabled applications such as autonomous vehicles, smart cities, and industrial IoT, as it delivers robust, scalable, and secure performance.

3.10. Evaluation Matrix

Metrics shown in Table 4 are used to evaluate the performance of the SecuEdgeFog-6G model. These metrics provide a comprehensive insight into the system’s effectiveness, efficiency, and security.

Table 4. Evaluation matrix for SecuEdgeFog-6G.

Metric	Description
Latency	Measures the time required to process tasks at different layers (edge, fog, core).
Throughput	System’s data handling capacity, measured in Gbps.
Resource Utilization	Efficient use of resources such as CPU, memory, and bandwidth across the layers.
Trust Score Accuracy	Effectiveness of Zero-Trust mechanisms in granting/denying access to network entities.
Energy Efficiency	Energy consumed during task processing and overall network operations.
Threat Detection Rate	Percentage of security threats detected in real time by the Zero-Trust mechanisms.
Task Success Rate	Percentage of successfully completed tasks under varying network conditions.

4. Results and Discussion

The proposed SecuEdgeFog-6G model is evaluated using a set of metrics defined in the evaluation matrix. This section presents the performance analysis results and discusses the model’s effectiveness in meeting the requirements of 6G networks.

4.1. Latency

SecuEdgeFog-6G reduces latency to an average of 2.8 ms compared to 12.5 ms in traditional models. The edge and fog layers reduce the data transmission delay by allowing them to process latency-sensitive tasks locally, thus minimizing overall latency.

Figure 3 and Table 5 show that the proposed model achieves a 77.6% improvement in latency, supporting time-sensitive applications in a 6G environment.

Figure 3. Latency evaluation: comparison of average latency between traditional models and SecuEdgeFog-6G.

Table 5. Latency evaluation.

Model	Traditional Models [12] (ms)	SecuEdgeFog-6G (ms)
Average Latency	12.5	2.8
Improvement (%)	-	77.6

While 6G inherently provides improved computational speeds and network efficiency, our proposed ZTF-6G framework extends beyond these improvements by addressing security vulnerabilities. Unlike conventional models that rely on perimeter-based defenses, ZTF-6G integrates Zero-Trust principles, including continuous verification of entities, adaptive access control, and real-time anomaly detection. The integration of AI-driven security and blockchain-based identity management significantly enhances robustness without compromising latency. Therefore, the comparison with [12] is justified as it highlights how ZTF-6G supplements the high-speed capabilities of 6G with reinforced security measures, ensuring a more resilient distributed network environment.

4.2. Throughput

The proposed model achieved a 70% improvement in throughput, reaching 8.5 Gbps. The efficiency of the bandwidth allocation and the utilization of resources on the fog edge layer contribute to this improvement.

Figure 4 and Table 6 show that SecuEdgeFog-6G performs better than all the traditional models in terms of throughput and is thus appropriate for high bandwidth 6G applications.

Figure 4. Throughput evaluation: average throughput achieved by traditional models and SecuEdgeFog-6G.

Table 6. Throughput evaluation.

Model	Traditional Models [12] (Gbps)	SecuEdgeFog-6G (Gbps)
Average Throughput	5.0	8.5
Improvement (%)	-	70.0

4.3. Resource Utilization

Resource utilization increased from 65% in traditional models to 92% in SecuEdgeFog-6G. This enhancement stems from intelligent task scheduling and dynamic resource allocation mechanisms.

Figure 5 and Table 7 highlight the improved resource utilization achieved by SecuEdgeFog-6G, ensuring efficient system performance even under heavy workloads.

Figure 5. Resource utilization evaluation: comparison of resource utilization percentages between traditional models and SecuEdgeFog-6G.

Table 7. Resource utilization evaluation.

Model	Traditional Models [12] (%)	SecuEdgeFog-6G (%)
Resource Utilization	65	92
Improvement (%)	-	41.5

4.4. Trust Score Accuracy

The Zero-Trust mechanisms incorporated in SecuEdgeFog-6G increased trust score accuracy to 95%, ensuring robust authentication and access control.

As presented in Figure 6 and Table 8, the proposed model ensures accurate trust-based decisions, enhancing the overall system security.

Figure 6. Trust score accuracy evaluation: accuracy comparison between traditional models and SecuEdgeFog-6G.

Table 8. Trust score accuracy evaluation.

Model	Traditional Models [12] (%)	SecuEdgeFog-6G (%)
Trust Score Accuracy	78	95
Improvement (%)	-	21.8

4.5. Energy Efficiency

The energy consumption model used in this research incorporates the overhead caused by blockchain verification. We assume that each transaction requires 0.5 ms of computation and consumes 0.03 Joules of energy for each device involved in the verification process. This has been included in the total energy consumption equation. Energy consumption decreased, leading to an 88% energy efficiency rate. This improvement is due to efficient task offloading and processing, which reduce the computational burden on individual nodes.

Table 9 highlights energy efficiency improvements; however, previous models do not consider blockchain consensus overhead. The improved energy model integrates cryptographic workload analysis, showing that SecuEdgeFog-6G achieves 22.2% better efficiency despite the blockchain’s computational cost, ensuring sustainability for large-scale deployments.

Table 9. Energy efficiency evaluation.

Model	Traditional Models [12] (%)	SecuEdgeFog-6G (%)
Energy Efficiency	72	88
Improvement (%)	-	22.2

Figure 7 and Table 9 demonstrate the energy-saving advantages of SecuEdgeFog-6G, contributing to sustainable network operations.

Figure 7. Energy efficiency evaluation: comparison of energy efficiency percentages between traditional models and SecuEdgeFog-6G.

4.6. Threat Detection Rate

The model achieved a 98% threat detection rate, a 15.3% improvement over traditional systems. AI-driven anomaly detection and blockchain-based identity management played a significant role in this enhancement. The threat detection rate ($TDR$) is calculated using the following equation:

$$TDR={\displaystyle \frac{TP}{TP+FN}}\times 100$$

(20)

where $TP$ represents the number of true positive threats detected, and $FN$ denotes the number of false negatives. The improvement percentage over traditional systems is given by the following:

$$\mathrm{Improvement}={\displaystyle \frac{TD{R}_{\mathrm{proposed}}-TD{R}_{\mathrm{traditional}}}{TD{R}_{\mathrm{traditional}}}}\times 100$$

(21)

As illustrated in Figure 8 and Table 10, the SecuEdgeFog-6G model provides robust anomaly detection capabilities, ensuring system resilience against evolving threats.

Figure 8. Threat detection rate evaluation: comparison of threat detection rates between traditional models and SecuEdgeFog-6G.

Table 10. Threat detection rate evaluation.

Model	Traditional Models [12] (%)	SecuEdgeFog-6G (%)
Threat Detection Rate	85	98
Improvement (%)	-	15.3

4.7. Task Success Rate

The model showed an increased ability to achieve a task success rate of 97% under varying network conditions, indicating the reliability and robustness of the proposed model. The $TSR$ is defined as follows:

$$TSR={\displaystyle \frac{TS}{TS+TF}}\times 100$$

(22)

where $TS$ is the number of successfully completed tasks and $TF$ is the number of failed tasks. It is calculated as follows:

$$\mathrm{Improvement}={\displaystyle \frac{TS{R}_{\mathrm{proposed}}-TS{R}_{\mathrm{traditional}}}{TS{R}_{\mathrm{traditional}}}}\times 100$$

(23)

Figure 9 and Table 11 show the high reliability of the SecuEdgeFog-6G model to successfully complete tasks in dynamic scenarios.

Figure 9. Task success rate evaluation: success rate comparison between traditional models and SecuEdgeFog-6G.

Table 11. Task success rate evaluation.

Model	Traditional Models [12] (%)	SecuEdgeFog-6G (%)
Task Success Rate	80	97
Improvement (%)	-	21.3

The results demonstrate that SecuEdgeFog-6G offers significant advantages over traditional models across all the key performance metrics. By incorporating Zero-Trust principles, the model ensures robust security, while the hierarchical structure minimizes both latency and resource utilization. The improvements in the model make it suitable for 6G-enabled applications like autonomous vehicles, smart cities, and industrial IoT.

During testing, the SecuEdgeFog-6G model was validated for both scalability and adaptability. It performed within 3% of typical maximum throughput and latency levels across 10,000 connected devices. Overall, the proposed model offers a scalable, secure, and efficient framework for 6G networks to solve the edge and fog computing problems. Performance comparison is given in Table 12.

Table 12. Performance comparison of ZTF-6G vs. existing models.

Metric	ZTF-6G (Proposed)	AI-Powered Zero-Trust [7]	Blockchain-Integrated ZT [8]	Federated ZT for Edge [6]	Traditional Model [12]
Latency (ms)	2.8	5.6	6.3	7.1	12.5
Throughput (Gbps)	8.5	6.0	5.4	5.1	4.8
Resource Utilization (%)	92.1	86.7	81.3	78.2	65.0
Trust Score Accuracy (%)	98.2	93.4	91.0	89.1	78.6
Energy Efficiency (%)	88.0	81.0	75.5	73.8	72.0
Threat Detection Rate (%)	97.1	90.5	87.3	84.6	85.0
Task Success Rate (%)	95.0	89.2	85.6	82.3	80.0
Consensus Overhead (ms)	0.5	1.2	1.5	1.7	N/A

4.8. Zero-Trust for Securing Edge and Fog in 6G Networks

This subsection analyzes the application of Zero-Trust principles in securing edge and fog computing within 6G networks. Leveraging the system’s multi-layered architecture, Zero-Trust mechanisms—such as continuous verification, adaptive access control, and real-time anomaly detection—are integrated to provide robust security. As demonstrated in the following sections, Zero-Trust mechanisms effectively improve both security and performance metrics. The key evaluation metrics are illustrated through figures, with the corresponding quantitative results presented in tables.

4.8.1. Latency Reduction Metrics

Figure 10 and Table 13 present the latency metrics resulting from the integration of Zero-Trust principles into the SecuEdgeFog-6G framework. The traditional model exhibits significantly higher latency compared to the proposed SecuEdgeFog-6G model.

Figure 10. Latency reduction metrics: traditional model vs. SecuEdgeFog-6G.

Table 13. Latency reduction metrics.

Model	Traditional Model (ms)	SecuEdgeFog-6G (ms)
Average Latency	12.5	2.8
Improvement (%)	-	77.6

4.8.2. Threat Detection Efficiency

The effectiveness of threat detection mechanisms is visualized in Figure 11 and Table 14. The proposed model achieves a 98% intrusion detection rate with an average detection time of 0.2 s. The intrusion detection rate ($IDR$) is calculated using the following:

$$IDR={\displaystyle \frac{TP}{TP+FN}}\times 100$$

(24)

where $TP$ represents the number of true positive detections, and $FN$ is the number of false negatives. The improvement in detection efficiency over traditional models is computed as follows:

$$\mathrm{Improvement}={\displaystyle \frac{ID{R}_{\mathrm{proposed}}-ID{R}_{\mathrm{traditional}}}{ID{R}_{\mathrm{traditional}}}}\times 100$$

(25)

Figure 11. Threat detection efficiency metrics: intrusion detection rate and detection time.

Table 14. Threat detection efficiency metrics.

Metric	Value (%)	Average Detection Time (s)
Intrusion Detection Rate	98	0.2

The average detection time ($DT$) is given by the following:

$$DT={\displaystyle \frac{\sum _{i=1}^N{T}_i}{N}}$$

(26)

where $T_i$ is the detection time for each detected threat, and $N$ is the total number of threats detected.

4.8.3. Data Integrity Metrics

Figure 12 and Table 15 illustrate the critical metrics for data integrity. The integration of blockchain-based mechanisms ensures 100% critical data integrity and reduces tampering attempts by 90%. The data integrity rate ($DIR$) is computed as follows:

$$DIR={\displaystyle \frac{DI}{DI+DC}}\times 100$$

(27)

where $DI$ represents the number of correctly verified data instances, and $DC$ denotes the number of corrupted or altered data instances. The improvement in data integrity over traditional models is calculated as follows:

$$\mathrm{Improvement}={\displaystyle \frac{DI{R}_{\mathrm{proposed}}-DI{R}_{\mathrm{traditional}}}{DI{R}_{\mathrm{traditional}}}}\times 100$$

(28)

Figure 12. Data integrity metrics: critical data integrity and tampering reduction.

Table 15. Data integrity metrics.

Metric	Critical Data Integrity (%)	Tampering Reduction (%)
Proposed Model	100	90

The tampering reduction rate ($TRR$) achieved through blockchain-based mechanisms is given by the following:

$$TRR={\displaystyle \frac{T{A}_{\mathrm{traditional}}-T{A}_{\mathrm{proposed}}}{T{A}_{\mathrm{traditional}}}}\times 100$$

(29)

where $TA$ represents the total number of tampering attempts detected in both the traditional and proposed models.

4.8.4. Scalability Metrics

Scalability metrics, as shown in Figure 13 and Table 16, indicate that the SecuEdgeFog-6G model supports up to 10,000 nodes with less than 3% performance degradation. The system throughput ($ST$) is computed as follows:

$$ST={\displaystyle \frac{\sum _{i=1}^N{D}_i}{T}}$$

(30)

where $D_i$ is the data processed by node $i$, $N$ is the total number of nodes, and $T$ is the total processing time. The performance degradation ($PD$) is calculated as follows:

$$PD={\displaystyle \frac{S{T}_{\max }-S{T}_{\mathrm{current}}}{S{T}_{\max }}}\times 100$$

(31)

where $S{T}_{\max }$ is the maximum achievable system throughput, and $S{T}_{\mathrm{current}}$ represents the system throughput under the current load. The node scalability efficiency ($NSE$) is determined by the following:

$$NSE={\displaystyle \frac{N_{\max }-N_{\mathrm{current}}}{N_{\max }}}\times 100$$

(32)

where $N_{\max }$ is the highest supported node capacity, and $N_{\mathrm{current}}$ is the number of currently active nodes.

Figure 13. Scalability metrics: system throughput and performance degradation.

Table 16. Scalability metrics.

Metric	System Throughput (Gbps)	Performance Degradation (%)
Proposed Model	1.2	3.0

4.8.5. Resource Utilization Metrics

The proposed model demonstrates significant improvements in resource utilization, as depicted in Figure 14 and Table 17. Bandwidth usage is reduced by 30%, and energy consumption is reduced by 20%. The bandwidth utilization ($BU$) is calculated as follows:

$$BU={\displaystyle \frac{B_{\mathrm{used}}}{B_{\mathrm{total}}}}\times 100$$

(33)

where $B_{\mathrm{used}}$ represents the bandwidth consumed by active tasks, and $B_{\mathrm{total}}$ is the total available bandwidth. The energy efficiency ($EE$) is computed as follows:

$$EE={\displaystyle \frac{E_{\mathrm{total}}-E_{\mathrm{used}}}{E_{\mathrm{total}}}}\times 100$$

(34)

where $E_{\mathrm{total}}$ is the total available energy, and $E_{\mathrm{used}}$ is the energy consumed during task execution. The improvement in resource utilization ($R{U}_{\mathrm{imp}}$) over traditional models is determined by the following:

$$R{U}_{\mathrm{imp}}={\displaystyle \frac{R{U}_{\mathrm{proposed}}-R{U}_{\mathrm{traditional}}}{R{U}_{\mathrm{traditional}}}}\times 100$$

(35)

where $R{U}_{\mathrm{proposed}}$ and $R{U}_{\mathrm{traditional}}$ denote the resource utilization in the proposed and traditional models, respectively.

Figure 14. Resource utilization metrics: bandwidth and energy consumption.

Table 17. Resource utilization metrics.

Metric	Reduction (%)	Remaining (%)
Bandwidth Usage	30	70
Energy Consumption	20	80

4.8.6. User Satisfaction Metrics

User satisfaction metrics, depicted in Figure 15 and Table 18, show less than 0.5% user complaints and consistently low latency. The user satisfaction rate ($USR$) can be calculated as follows:

$$USR={\displaystyle \frac{U_{\mathrm{positive}}}{U_{\mathrm{total}}}}\times 100$$

(36)

where $U_{\mathrm{positive}}$ represents the number of positive user feedback instances, and $U_{\mathrm{total}}$ denotes the total number of user interactions. The complaint rate ($CR$) is determined by the following:

$$CR={\displaystyle \frac{U_{\mathrm{complaints}}}{U_{\mathrm{total}}}}\times 100$$

(37)

where $U_{\mathrm{complaints}}$ represents the total number of user complaints. The latency consistency ($LC$) is computed as follows:

$$LC={\displaystyle \frac{L_{\max }-L_{\min }}{L_{\mathrm{average}}}}\times 100$$

(38)

where $L_{\max }$ and $L_{\min }$ are the maximum and minimum recorded latency values, respectively, and $L_{\mathrm{average}}$ is the average latency over the evaluation period.

Figure 15. User satisfaction metrics: user complaints and latency.

Table 18. User satisfaction metrics.

Metric	User Complaints (%)	Latency (ms)
Proposed Model	0.35	1.19

Security, improved efficiency, and reduced latency are guaranteed by edge and fog computing in 6G networks integrated with Zero-Trust principles. This section demonstrates key performance metrics, such as policy enforcement time and its attack mitigation, through evaluations. This results in showing the effectiveness of SecuEdgeFog-6G in solving critical security and performance challenges.

4.8.7. Policy Enforcement Time

In 6G networks, dynamic security management needs to be performed at a fast speed; hence, policy enforcement time should be taken into account as a critical metric. The proposed model has an average of 1.8 ms policy enforcement time and 95 percent dynamic access control success and is presented in Figure 16 and Table 19. Thus, the policy enforcement time ($PET$) is computed as follows:

$$PET={\displaystyle \frac{\sum _{i=1}^N{T}_i}{N}}$$

(39)

where $T_i$ represents the enforcement time for policy $i$, and $N$ is the total number of policies enforced. The dynamic access control success rate ($DASR$) is given by the following:

$$DASR={\displaystyle \frac{P_{\mathrm{successful}}}{P_{\mathrm{total}}}}\times 100$$

(40)

where $P_{\mathrm{successful}}$ is the number of successfully enforced access control policies, and $P_{\mathrm{total}}$ is the total number of access control attempts. The improvement in policy enforcement efficiency ($PEE$) over traditional models is calculated as follows:

$$PEE={\displaystyle \frac{PE{T}_{\mathrm{traditional}}-PE{T}_{\mathrm{proposed}}}{PE{T}_{\mathrm{traditional}}}}\times 100$$

(41)

where $PE{T}_{\mathrm{traditional}}$ and $PE{T}_{\mathrm{proposed}}$ represent the policy enforcement times in the traditional and proposed models, respectively.

Figure 16. Policy enforcement time metrics.

Table 19. Policy enforcement metrics.

Metric	Traditional Models [12]	SecuEdgeFog-6G
Policy Enforcement Time (ms)	12.0	1.8
Dynamic Access Control Success Rate (%)	80.0	95.0

4.8.8. Attack Mitigation Metrics

Zero-Trust implementation is based on attack mitigation which is presented in Figure 17 and Table 20. The proposed model shows good experience in reducing data breaches, insider threats, and target compromises. Data breach, insider threat, and target reduction rates of 98%, 85%, and 90%, respectively, are the evaluations. The data breach reduction rate ($DBR$) is defined as follows:

$$DBR={\displaystyle \frac{D{B}_{\mathrm{traditional}}-D{B}_{\mathrm{proposed}}}{D{B}_{\mathrm{traditional}}}}\times 100$$

(42)

where $D{B}_{\mathrm{traditional}}$ represents the number of data breaches in traditional models, and $D{B}_{\mathrm{proposed}}$ denotes the number of breaches in the proposed model. The insider threat reduction rate ($ITR$) is calculated as follows:

$$ITR={\displaystyle \frac{I{T}_{\mathrm{traditional}}-I{T}_{\mathrm{proposed}}}{I{T}_{\mathrm{traditional}}}}\times 100$$

(43)

where $I{T}_{\mathrm{traditional}}$ and $I{T}_{\mathrm{proposed}}$ represent the number of insider threats detected in traditional and proposed models, respectively. The target compromise reduction rate ($TCR$) is determined using the following:

$$TCR={\displaystyle \frac{T{C}_{\mathrm{traditional}}-T{C}_{\mathrm{proposed}}}{T{C}_{\mathrm{traditional}}}}\times 100$$

(44)

where $T{C}_{\mathrm{traditional}}$ represents the number of target compromises in traditional models, and $T{C}_{\mathrm{proposed}}$ denotes those in the proposed model.

Figure 17. Attack mitigation metrics.

Table 20. Attack mitigation metrics.

Metric	ZTF-6G	Federated Learning-based Zero-Trust [20]	AI-Powered Zero-Trust for 6G [7]	Decentralized Zero-Trust for 6G RAN [34]	Traditional Security Models [12]
Latency (ms)	2.8	5.2	6.1	8.3	12.5
Throughput (Gbps)	8.5	5.2	6.1	5.0	4.8
Resource Utilization (%)	92	85	80	75	65
Trust Score Accuracy (%)	98.2	93.5	91.8	89.3	78
Energy Efficiency (%)	88	79	75	70	72
Threat Detection Rate (%)	97	89	85	78	85
Task Success Rate (%)	95	87	83	76	80

The results highlight the significance of integrating Zero-Trust mechanisms into 6G networks. The dynamic access control framework enables rapid policy enforcement with minimal delay. The robustness of its attack mitigation is demonstrated through consistent reductions for a variety of key threat vectors, all of which show that these systems are capable of securing the distributed edge and fog environments. The scalability, reliability, and adaptability of the proposed SecuEdgeFog-6G model are clearly demonstrated by these metrics and this is a foundation model for the future-generation networks.

Security in 6G networks is particularly challenging due to decentralization, ultra-low latency requirements, and evolving cyber threats. Yang et al. focused on Zero-Trust automation but lacked trust-based security enforcement [42]. Singh et al. introduced WIND, a federated learning-based security model, but faced computational overhead issues [43]. Hamroun et al. highlighted limitations in intrusion detection systems (IDSs) for dynamic 6G environments [44]. To address these gaps, ZTF-6G integrates AI-driven trust evaluation, blockchain-based authentication, and adaptive security policies—ensuring low-latency, scalable, and real-time Zero-Trust security. Future work should explore quantum-resistant cryptography and self-learning AI-driven trust models to enhance next-generation 6G security frameworks. A comparison of 6G is given in Table 21.

Table 21. Comparison of 6G’s built-in security vs. ZTF-6G’s improvements.

Security Aspect	6G Native Security Mechanisms	ZTF-6G Enhancements
Authentication	AI-based user authentication, biometric access	Blockchain-based decentralized identity verification with Zero-Trust enforcement
Trust Management	Federated learning and homomorphic encryption	AI-driven real-time trust scoring with anomaly detection
Attack Prevention	Physical layer security and quantum encryption	Adaptive Zero-Trust framework mitigating trust manipulation and collusion-based attacks
Anomaly Detection	AI-based IDS for network traffic monitoring	Multi-layer AI-driven security with intelligent threat response
Access Control	Role-based access and encryption policies	Dynamic, real-time policy adaptation with Zero-Trust principles
Scalability	Supports billions of devices but is vulnerable to security bottlenecks	Distributed security model with lightweight cryptographic enforcement
Interoperability	Limited integration with cross-domain networks	Blockchain-enabled decentralized trust for seamless interconnectivity

4.9. Computational Complexity and Overhead Costs

In addition to performance metrics, it is essential to evaluate the computational complexity and overhead costs of the proposed ZTF-6G framework. The integration of AI-driven anomaly detection, blockchain-based authentication, and dynamic access control introduces varying levels of computational complexity and resource overhead.

Computational Complexity: The computational burden of each mechanism is quantified in terms of time complexity, with AI-based anomaly detection and blockchain authentication being the most resource-intensive. The time complexity of these mechanisms is influenced by the number of network nodes, model complexity, and dataset size.

Overhead Costs: Most overhead originates from the blockchain verification process, which increases latency and energy consumption. Despite these costs, the proposed framework balances security and system performance, maintaining low latency while providing enhanced security. Resource consumption increases during peak security checks; however, it does not significantly degrade overall system efficiency. Table 22 summarizes the computational complexity and overhead costs.

Table 22. Computational complexity and overhead costs.

Mechanism	Computational Complexity	Overhead Cost	Impact
AI-driven Anomaly Detection	O(N⋅d⋅t)	O(N⋅t)	Increased processing time due to deep learning model and higher computational resources.
Blockchain-based Authentication	O(k⋅m)	O(k⋅m)	Increased latency due to consensus mechanism and higher computational cost.
Dynamic Access Control	O(N⋅M)	O(N⋅M)	Real-time evaluation of trust scores leads to moderate computational load.
Energy Consumption (Blockchain)	-	O(k⋅Energy per transaction)	High energy consumption due to decentralized identity verification.
Resource Utilization	-	O(N⋅Resource per task)	Efficient use of resources but might increase slightly during peak usage.

5. Conclusions and Future Works

This paper presents ZTF-6G, a Zero-Trust framework designed to secure distributed edge and fog computing in 6G networks. The model integrates AI-driven anomaly detection and blockchain-based authentication, achieving a 77.6% reduction in latency, a 70% improvement in throughput, and a 41.5% enhancement in resource utilization. It mitigates 85% of insider threats, reduces data breaches by 98%, and enforces security policies within 1.8 ms, demonstrating its scalability, reliability, and adaptability for next-generation networks.

Future work will enhance scalability to support billions of connected devices, integrate federated learning and decentralized AI techniques for privacy-preserving, real-time anomaly detection, and adopt quantum-resistant cryptographic methods to defend against quantum-era threats. Additionally, the framework will incorporate lightweight Zero-Trust authentication for resource-constrained edge and fog nodes while maintaining performance efficiency. Further optimizations will explore energy-aware Zero-Trust policies to enhance security in battery-powered IoT and edge devices. Large-scale simulations and real-world testbed implementations will validate the practical feasibility of ZTF-6G in complex 6G environments, ensuring its adaptability for applications such as autonomous vehicles, industrial IoT, and smart healthcare. Furthermore, the interoperability of ZTF-6G with emerging cross-domain 6G architectures, such as integrated satellite–terrestrial networks (STINs), will be explored to enhance end-to-end security across heterogeneous communication environments. Expanding the model for domain-specific applications, including mission-critical defense networks and ultra-reliable low-latency communications (URLLC), will further validate its robustness across diverse operational scenarios. Future optimizations will also focus on reducing blockchain transaction latency and improving decentralized identity management, ensuring that security enhancements do not compromise performance in real-world deployments. These advancements will solidify ZTF-6G as a practical, adaptive, and high-security solution for intelligent 6G edge and fog computing environments.