The open radio access network (O-RAN) offers new degrees of freedom for building and operating advanced cellular networks. Emphasizing on RAN disaggregation, open interfaces, multi-vendor support, and RAN intelligent controllers (RICs), O-RAN facilitates adaptation to new applications and technology trends. Yet, this architecture introduces new security challenges. This article proposes leveraging zero trust principles for O-RAN security. We introduce zero trust RAN (ZTRAN), which embeds service authentication, intrusion detection, and secure slicing subsystems that are encapsulated as xApps. We implement ZTRAN on the open artificial intelligence cellular (OAIC) research platform and demonstrate its feasibility and effectiveness in terms of legitimate user throughput and latency figures. Our experimental analysis illustrates how ZTRAN's intrusion detection and secure slicing microservices operate effectively and in concert as part of O-RAN Alliance's containerized near-real time RIC. Research directions include exploring machine learning and additional threat intelligence feeds for improving the performance and extending the scope of ZTRAN.
more »
« less
Toward Secure and Efficient O-RAN Deployments: Secure Slicing xApp Use Case
The open radio access network (O-RAN) is recognized for its modularity and adaptability, facilitating swift responses to emerging applications and technological advancements. However, this architecture's disaggregated nature, coupled with support from various vendors, introduces new security challenges. This paper proposes an innovative approach to bolster the security of future O-RAN deployments by leveraging RAN slicing principles. Central to this security enhancement is the concept of secure slicing. We introduce SliceX, an xApp designed to safeguard RAN resources while ensuring strict throughput and latency requirements are met for legitimate users. Leveraging the open artificial intelligence cellular re-search (OAIC) platform, we observed that the network latency averages around ten microseconds in a default configuration without SliceX. The latency escalates to over seven seconds in the presence of a malicious user equipment (UE) flooding the net-work with requests. SliceX intervenes, restoring network latency to normal levels, with a maximum latency of approximately 2.3 s. These and other numerical findings presented in this paper affirm the tangible advantages of SliceX in mitigating security threats and ensuring that 0- RAN deployments meet stringent performance requirements. Our research demonstrates the real-world effectiveness of secure slicing, making SliceX a valuable tool for military, government, and critical infrastructure opera-tors reliant on public wireless communication networks to fulfill their security, resiliency, and performance objectives.
more »
« less
- PAR ID:
- 10479582
- Publisher / Repository:
- IEEE
- Date Published:
- ISSN:
- 2770-7679
- ISBN:
- 979-8-3503-2458-7
- Subject(s) / Keyword(s):
- O-RAN security slicing throughput latency OAIC xApp
- Format(s):
- Medium: X
- Location:
- Baltimore, MD, USA
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
This demonstration explores the security concerns in 5G and beyond networks within open radio access network (O-RAN) deployments, focusing on active attacks disrupting cellular communications. An xApp developed on the open artificial intelligence cellular (OAIC) platform enables on-the-fly creation and management of network slices to mitigate such attacks. The xApp is hosted in the near-real time RAN intelligent controller (RIC) and establishes secure slices for the software radio network it controls. This solution presents a practical approach for resilient and secure network management in dynamic environments.more » « less
-
End-to-End O-RAN Security Architecture, Threat Surface, Coverage, and the Case of the Open FronthaulO-RAN establishes an advanced radio access network (RAN) architecture that supports inter-operable, multi-vendor, and artificial intelligence (AI) controlled wireless access networks. The unique components, interfaces, and technologies of O-RAN differentiate it from the 3GPP RAN. Because O-RAN supports 3GPP protocols, currently 4G and 5G, while offering additional network interfaces and controllers, it has a larger attack surface. The O-RAN security requirements, vulnerabilities, threats, and countermeasures must be carefully assessed for it to become a platform for 5G Advanced and future 6G wireless. This article presents the ongoing standardization activities of the O-RAN Alliance for modeling the potential threats to the network and to the open fronthaul interface, in particular. We identify end-to-end security threats and discuss those on the open fronthaul in more detail. We then provide recommendations for countermeasures to tackle the identified security risks and encourage industry to establish standards and best practices for safe and secure implementations of the open fronthaul interface.more » « less
-
This position paper introduces a Dynamic Data Driven Open Radio Access Network System (3D-O-RAN). The key objective of 3D-O-RAN is to support congested, contested and contaminated tactical settings where multimedia sensors, application constraints and operating wireless conditions may frequently change over space, time and frequency. 3D-O-RAN is compliant with the O-RAN specification for beyond 5G cellular systems to reduce costs and guarantee interoperability among vendors. Moreover, 3D-O-RAN integrates computational, sensing, and cellular networking components in a highly-dynamic, feedback-based, data-driven control loop. Specifically, 3D-O-RAN is designed to incorporate heterogeneous data into the network control loop to achieve a system-wide optimal operating point. Moreover, 3D-O-RAN steers the multimedia sensor measurement process in real time according to the required application needs and current physical and/or environmental constraints. 3D-O-RAN uses (i) a semantic slicing engine, which takes into account the semantic of the application to optimally compress the multimedia stream without losing in classification accuracy; (ii) a dynamic data driven neural network certification system that translates mission-level constraints into technical-level constraints on neural network latency/accuracy, and occupation of hardware/software resources. Realistic use-case scenarios of 3D-O-RAN in a tactical context demonstrate system performance.more » « less
-
The open radio access network (O-RAN) describes an industry-driven open architecture and interfaces for building next generation RANs with artificial intelligence (AI) controllers. We circulated a survey among researchers, developers, and practitioners to gather their perspectives on O-RAN as a framework for 6G wireless research and development (R&D). The majority responded in favor of O-RAN and identified R&D of interest to them. Motivated by these responses, this paper identifies the limitations of the current O-RAN specifications and the technologies for overcoming them. We recognize end-to-end security, deterministic latency, physical layer real-time control, and testing of AI-based RAN control applications as the critical features to enable and discuss R&D opportunities for extending the architectural capabilities of O-RAN as a platform for 6G wireless.more » « less