An official website of the United States government
The Open Radio Access Network (O-RAN) architecture is reshaping telecommunications by promoting openness, flexibility, and intelligent closed-loop optimization. By decoupling hardware and software and enabling multi-vendor deployments, O-RAN reduces costs, enhances performance, and allows rapid adaptation to new technologies. A key innovation is intelligent network slicing, which partitions networks into isolated slices tailored for specific use cases or quality of service requirements. The RAN Intelligent Controller further optimizes resource allocation, ensuring efficient utilization and improved service quality for user equipment (UEs). However, the modular and dynamic nature of O-RAN expands the threat surface, necessitating advanced security measures to maintain network integrity, confidentiality, and availability. Intrusion detection systems have become essential for identifying and mitigating attacks. This research explores using large language models (LLMs) to generate security recommendations based on the temporal traffic patterns of connected UEs. The paper introduces an LLM-driven intrusion detection framework and demonstrates its efficacy through experimental deployments, comparing non-fine-tuned and fine-tuned models for task-specific accuracy.
more »
« less
Toward Secure and Efficient O-RAN Deployments: Secure Slicing xApp Use Case
The open radio access network (O-RAN) is recognized for its modularity and adaptability, facilitating swift responses to emerging applications and technological advancements. However, this architecture's disaggregated nature, coupled with support from various vendors, introduces new security challenges. This paper proposes an innovative approach to bolster the security of future O-RAN deployments by leveraging RAN slicing principles. Central to this security enhancement is the concept of secure slicing. We introduce SliceX, an xApp designed to safeguard RAN resources while ensuring strict throughput and latency requirements are met for legitimate users. Leveraging the open artificial intelligence cellular re-search (OAIC) platform, we observed that the network latency averages around ten microseconds in a default configuration without SliceX. The latency escalates to over seven seconds in the presence of a malicious user equipment (UE) flooding the net-work with requests. SliceX intervenes, restoring network latency to normal levels, with a maximum latency of approximately 2.3 s. These and other numerical findings presented in this paper affirm the tangible advantages of SliceX in mitigating security threats and ensuring that 0- RAN deployments meet stringent performance requirements. Our research demonstrates the real-world effectiveness of secure slicing, making SliceX a valuable tool for military, government, and critical infrastructure opera-tors reliant on public wireless communication networks to fulfill their security, resiliency, and performance objectives.
more »
« less
- PAR ID:
- 10479582
- Publisher / Repository:
- IEEE
- Date Published:
- ISSN:
- 2770-7679
- ISBN:
- 979-8-3503-2458-7
- Subject(s) / Keyword(s):
- O-RAN security slicing throughput latency OAIC xApp
- Format(s):
- Medium: X
- Location:
- Baltimore, MD, USA
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The open radio access network (O-RAN) offers new degrees of freedom for building and operating advanced cellular networks. Emphasizing on RAN disaggregation, open interfaces, multi-vendor support, and RAN intelligent controllers (RICs), O-RAN facilitates adaptation to new applications and technology trends. Yet, this architecture introduces new security challenges. This article proposes leveraging zero trust principles for O-RAN security. We introduce zero trust RAN (ZTRAN), which embeds service authentication, intrusion detection, and secure slicing subsystems that are encapsulated as xApps. We implement ZTRAN on the open artificial intelligence cellular (OAIC) research platform and demonstrate its feasibility and effectiveness in terms of legitimate user throughput and latency figures. Our experimental analysis illustrates how ZTRAN's intrusion detection and secure slicing microservices operate effectively and in concert as part of O-RAN Alliance's containerized near-real time RIC. Research directions include exploring machine learning and additional threat intelligence feeds for improving the performance and extending the scope of ZTRAN.more » « less
-
This demonstration explores the security concerns in 5G and beyond networks within open radio access network (O-RAN) deployments, focusing on active attacks disrupting cellular communications. An xApp developed on the open artificial intelligence cellular (OAIC) platform enables on-the-fly creation and management of network slices to mitigate such attacks. The xApp is hosted in the near-real time RAN intelligent controller (RIC) and establishes secure slices for the software radio network it controls. This solution presents a practical approach for resilient and secure network management in dynamic environments.more » « less
-
End-to-End O-RAN Security Architecture, Threat Surface, Coverage, and the Case of the Open FronthaulO-RAN establishes an advanced radio access network (RAN) architecture that supports inter-operable, multi-vendor, and artificial intelligence (AI) controlled wireless access networks. The unique components, interfaces, and technologies of O-RAN differentiate it from the 3GPP RAN. Because O-RAN supports 3GPP protocols, currently 4G and 5G, while offering additional network interfaces and controllers, it has a larger attack surface. The O-RAN security requirements, vulnerabilities, threats, and countermeasures must be carefully assessed for it to become a platform for 5G Advanced and future 6G wireless. This article presents the ongoing standardization activities of the O-RAN Alliance for modeling the potential threats to the network and to the open fronthaul interface, in particular. We identify end-to-end security threats and discuss those on the open fronthaul in more detail. We then provide recommendations for countermeasures to tackle the identified security risks and encourage industry to establish standards and best practices for safe and secure implementations of the open fronthaul interface.more » « less
-
This position paper introduces a Dynamic Data Driven Open Radio Access Network System (3D-O-RAN). The key objective of 3D-O-RAN is to support congested, contested and contaminated tactical settings where multimedia sensors, application constraints and operating wireless conditions may frequently change over space, time and frequency. 3D-O-RAN is compliant with the O-RAN specification for beyond 5G cellular systems to reduce costs and guarantee interoperability among vendors. Moreover, 3D-O-RAN integrates computational, sensing, and cellular networking components in a highly-dynamic, feedback-based, data-driven control loop. Specifically, 3D-O-RAN is designed to incorporate heterogeneous data into the network control loop to achieve a system-wide optimal operating point. Moreover, 3D-O-RAN steers the multimedia sensor measurement process in real time according to the required application needs and current physical and/or environmental constraints. 3D-O-RAN uses (i) a semantic slicing engine, which takes into account the semantic of the application to optimally compress the multimedia stream without losing in classification accuracy; (ii) a dynamic data driven neural network certification system that translates mission-level constraints into technical-level constraints on neural network latency/accuracy, and occupation of hardware/software resources. Realistic use-case scenarios of 3D-O-RAN in a tactical context demonstrate system performance.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/FNWF58287.2023.10520548
