The open radio access network (O-RAN) is recognized for its modularity and adaptability, facilitating swift responses to emerging applications and technological advancements. However, this architecture's disaggregated nature, coupled with support from various vendors, introduces new security challenges. This paper proposes an innovative approach to bolster the security of future O-RAN deployments by leveraging RAN slicing principles. Central to this security enhancement is the concept of secure slicing. We introduce SliceX, an xApp designed to safeguard RAN resources while ensuring strict throughput and latency requirements are met for legitimate users. Leveraging the open artificial intelligence cellular re-search (OAIC) platform, we observed that the network latency averages around ten microseconds in a default configuration without SliceX. The latency escalates to over seven seconds in the presence of a malicious user equipment (UE) flooding the net-work with requests. SliceX intervenes, restoring network latency to normal levels, with a maximum latency of approximately 2.3 s. These and other numerical findings presented in this paper affirm the tangible advantages of SliceX in mitigating security threats and ensuring that 0- RAN deployments meet stringent performance requirements. Our research demonstrates the real-world effectiveness of secure slicing, making SliceX a valuable tool for military, government, and critical infrastructure opera-tors reliant on public wireless communication networks to fulfill their security, resiliency, and performance objectives.
more »
« less
Demo: SSxApp: Secure Slicing for O-RAN Deployments
This demonstration explores the security concerns in 5G and beyond networks within open radio access network (O-RAN) deployments, focusing on active attacks disrupting cellular communications. An xApp developed on the open artificial intelligence cellular (OAIC) platform enables on-the-fly creation and management of network slices to mitigate such attacks. The xApp is hosted in the near-real time RAN
intelligent controller (RIC) and establishes secure slices for the software radio network it controls. This solution presents a practical approach for resilient and secure network management in dynamic environments.
more »
« less
- PAR ID:
- 10479470
- Publisher / Repository:
- IEEE/ieeeXplore
- Date Published:
- Journal Name:
- MILCOM IEEE Military Communications Conference
- ISSN:
- 2155-7586
- ISBN:
- 979-8-3503-2181-4
- Subject(s) / Keyword(s):
- 6G, network intelligence, O-RAN, security, slicing, srsRAN, testbed, xApp
- Format(s):
- Medium: X
- Location:
- Boston, MA
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Open Radio Access Network (O-RAN) has introduced an emerging RAN architecture that enables openness, intelligence, and automated control. The RAN Intelligent Controller (RIC) provides the platform to design and deploy network controllers. xApps are the applications that can leverage machine learning (ML) algorithms for near-real time control. Despite the opportunities provided by this new architecture, the progress of practical artificial intelligence (AI)-based solutions for network control and automation has been slow. There is a lack of end-to-end solutions for designing, deploying, and testing AI-based xApps in production-like network settings. This paper introduces an end-to-end O-RAN design and evaluation procedure using the latest O-RAN architecture and interface releases. We provide details on the development of a reinforcement learning (RL)-based xApp, considering two RL approaches and present numerical results to validate the xApp.more » « less
-
The advancement of 5G and NextG networks through Open Radio Access Network (O-RAN) architecture marks a transformative shift towards more virtualized, modular, and disaggregated configurations. A critical component within this O-RAN architecture is the RAN Intelligent Controller (RIC), which facilitates the management and control of the RAN through sophisticated machine learning-driven software microservices known as xApps. These xApps rely on accessing a diverse range of sensitive data from RAN and User Equipment (UE), stored in the near Real-Time RIC (Near-RT RIC) database. The inherent nature of this shared, multi-vendor, and open environment significantly raises the risk of unauthorized sensitive RAN/UE data exposure. In response to these privacy concerns, this paper proposes a privacy-preserving zero-trust RIC (dubbed as, ZT-RIC) framework that preserves RAN/UE data privacy within the RIC platform (i.e., shared RIC database, xApp, and E2 interface). The underlying idea is to employ a computationally efficient cryptographic technique called Inner Product Functional Encryption (IPFE) to encrypt the RAN/UE data at the base station, thus, preventing data leaks over the E2 interface and shared RIC database. Furthermore, ZT-RIC customizes the xApp’s inference model by leveraging the inner product operations on encrypted data supported by IPFE to enable xApp to make accurate inferences without data exposure. For evaluation purposes, we leverage a state-of-the-art InterClass xApp, which utilizes RAN key performance metrics (KPMs) to identify jamming signals within the wireless network. Prototyping on an LTE/5G O-RAN testbed demonstrates that ZT-RIC not only ensures data privacy/confidentiality but also guarantees a desired model accuracy, evidenced by a 97.9% accuracy in detecting jamming signals as well as meeting stringent sub-second timing requirement with a round-trip time (RTT) of 0.527more » « less
-
The open radio access network (O-RAN) offers new degrees of freedom for building and operating advanced cellular networks. Emphasizing on RAN disaggregation, open interfaces, multi-vendor support, and RAN intelligent controllers (RICs), O-RAN facilitates adaptation to new applications and technology trends. Yet, this architecture introduces new security challenges. This article proposes leveraging zero trust principles for O-RAN security. We introduce zero trust RAN (ZTRAN), which embeds service authentication, intrusion detection, and secure slicing subsystems that are encapsulated as xApps. We implement ZTRAN on the open artificial intelligence cellular (OAIC) research platform and demonstrate its feasibility and effectiveness in terms of legitimate user throughput and latency figures. Our experimental analysis illustrates how ZTRAN's intrusion detection and secure slicing microservices operate effectively and in concert as part of O-RAN Alliance's containerized near-real time RIC. Research directions include exploring machine learning and additional threat intelligence feeds for improving the performance and extending the scope of ZTRAN.more » « less
-
End-to-End O-RAN Security Architecture, Threat Surface, Coverage, and the Case of the Open FronthaulO-RAN establishes an advanced radio access network (RAN) architecture that supports inter-operable, multi-vendor, and artificial intelligence (AI) controlled wireless access networks. The unique components, interfaces, and technologies of O-RAN differentiate it from the 3GPP RAN. Because O-RAN supports 3GPP protocols, currently 4G and 5G, while offering additional network interfaces and controllers, it has a larger attack surface. The O-RAN security requirements, vulnerabilities, threats, and countermeasures must be carefully assessed for it to become a platform for 5G Advanced and future 6G wireless. This article presents the ongoing standardization activities of the O-RAN Alliance for modeling the potential threats to the network and to the open fronthaul interface, in particular. We identify end-to-end security threats and discuss those on the open fronthaul in more detail. We then provide recommendations for countermeasures to tackle the identified security risks and encourage industry to establish standards and best practices for safe and secure implementations of the open fronthaul interface.more » « less