ESA Updates ZETA-NTN Zero-Trust Architecture for Regenerative 5G NTN
The ESA has provided an update on its ZETA-NTN project, a full zero-trust security framework for next-generation 5G Non-Terrestrial Networks, with a focus on regenerative LEO payloads, store-and-forward architectures, O-RAN splits and edge computing.
Traditional NTN architectures are expanding rapidly, but they introduce new cybersecurity challenges including intermittent links, satellite-side processing and decentralised RAN functions. ZETA-NTN, led by Greek company Cogninn, aims to address these by embedding continuous authentication, onboard policy enforcement, UE-Sat-UE secure channels and DoS-resistant uplink filtering directly into the NTN architecture.
The project’s proposed system places critical 5G functions on the satellite itself, including:
gNB, AMF/AUSF, NWDAF, and OAM agent
O-RAN RU/DU/CU split options for regenerative payloads
Edge application servers in orbit with ground-based configuration
Policy engine & PDP on the ground for dynamic rule enforcement
This allows satellites to authenticate users even during link outages, run secure edge applications, and maintain real-time situational awareness across the network.
ZETA-NTN’s zero-trust model includes:
Delayed or cached authentication for intermittent NTN links
Continuous context-aware validation of devices and nodes
Onboard policy execution for low-latency decisions in orbit
DoS mitigation for unauthenticated traffic
Secure UE-Sat-UE communication paths
A reusable 5G NTN testbed for regenerative payloads and S&F
The project will run over 24 months, moving from specifications (M1–M3) to implementation (M4), verification (M5) and a complete technology development plan (M6).
The team has already completed the core zero-trust architectural specification for store-and-forward, O-RAN split, and edge-enabled NTN scenarios, paving the way for a full NTN-ready zero-trust security blueprint.
ZETA-NTN is positioned to become one of the first comprehensive security frameworks engineered specifically for 3GPP-aligned 5G NTN, addressing a critical gap as LEO-based connectivity moves toward direct-to-device, regenerative payloads and edge-heavy architectures.