An official website of the United States government
The advancement of 5G and NextG networks through Open Radio Access Network (O-RAN) architecture marks a transformative shift towards more virtualized, modular, and disaggregated configurations. A critical component within this O-RAN architecture is the RAN Intelligent Controller (RIC), which facilitates the management and control of the RAN through sophisticated machine learning-driven software microservices known as xApps. These xApps rely on accessing a diverse range of sensitive data from RAN and User Equipment (UE), stored in the near Real-Time RIC (Near-RT RIC) database. The inherent nature of this shared, multi-vendor, and open environment significantly raises the risk of unauthorized sensitive RAN/UE data exposure. In response to these privacy concerns, this paper proposes a privacy-preserving zero-trust RIC (dubbed as, ZT-RIC) framework that preserves RAN/UE data privacy within the RIC platform (i.e., shared RIC database, xApp, and E2 interface). The underlying idea is to employ a computationally efficient cryptographic technique called Inner Product Functional Encryption (IPFE) to encrypt the RAN/UE data at the base station, thus, preventing data leaks over the E2 interface and shared RIC database. Furthermore, ZT-RIC customizes the xApp’s inference model by leveraging the inner product operations on encrypted data supported by IPFE to enable xApp to make accurate inferences without data exposure. For evaluation purposes, we leverage a state-of-the-art InterClass xApp, which utilizes RAN key performance metrics (KPMs) to identify jamming signals within the wireless network. Prototyping on an LTE/5G O-RAN testbed demonstrates that ZT-RIC not only ensures data privacy/confidentiality but also guarantees a desired model accuracy, evidenced by a 97.9% accuracy in detecting jamming signals as well as meeting stringent sub-second timing requirement with a round-trip time (RTT) of 0.527
more »
« less
This content will become publicly available on December 3, 2025
Zero Trust in 5G Networks: Principles, Challenges, and Opportunities
The deployment of fifth-generation (5G) networks across various industry verticals is poised to transform communication and data exchange, promising unparalleled speed and capacity. However, the security concerns related to the widespread adoption of 5G, particularly in mission-critical sectors, present significant challenges. This article investigates the potential of a Zero Trust (ZT) security philosophy as a viable countermeasure to these concerns. It delves into the practicalities of implementing ZT principles within 5G networks, with a specific focus on harnessing AI/ML technologies for proactive security measures, dynamic policy adaptations, and advanced risk assessments. Further, the article underscores the importance of developing a tailored ZT maturity model for 5G networks. Furthermore, the paper outlines key future research directions aimed at improving the ZT maturity of 5G deployments, contributing to the safe and secure integration of 5G technology in various sectors.
more »
« less
- Award ID(s):
- 2226232
- PAR ID:
- 10628436
- Publisher / Repository:
- IEEE
- Date Published:
- ISSN:
- 2766-4481
- ISBN:
- 979-8-3503-8898-5
- Page Range / eLocation ID:
- 1 to 8
- Format(s):
- Medium: X
- Location:
- Austin, TX, USA
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Industry is increasingly adopting private 5G networks to securely manage their wireless devices in retail, manufacturing, natural resources, and healthcare. As with most technology sectors, open- source software is well poised to form the foundation of deployments, whether it is deployed directly or as part of well-maintained proprietary offerings. This paper seeks to examine the use of cryptography and secure randomness in open-source cellular cores. We design a set of 13 CodeQL static program analysis rules for cores written in both C/C++ and Go and apply them to 7 open-source cellular cores implementing 4G and 5G functionality. We identify two significant security vulnerabilities, including predictable generation of TMSIs and improper verification of TLS certificates, with each vulnerability affecting multiple cores. In identifying these flaws, we hope to correct implementations to fix downstream deployments and derivative proprietary projects.more » « less
-
As 5G networks become part of the critical infrastructures whose dysfunctions can cause severe damages to society, their security has been increasingly scrutinized. Recent works have revealed multiple specification-level flaws in 5G core networks but there are no easy solutions to patch the vulnerabilities in practice. Against this backdrop, this work proposes a unified framework called PROV5GC to detect and attribute various attacks that exploit these vulnerabilities in real-world 5G networks. PROV5GC tackles three technical challenges faced when deploying existing intrusion detection system (IDS) frameworks to protect 5G core networks, namely, message encryption, partial observability, and identity ephemerality. The key idea of PROV5GC is to use provenance graphs, which are constructed from the communication messages logged by various 5G core network functions. Based on these graphs, PROV5GC infers the original call flows to identify those with malicious intentions. We demonstrate how PROV5GC can be used to detect three different kinds of attacks, which aim to compromise the confidentiality, integrity, and/or availability of 5G core networks. We build a prototype of PROV5GC and evaluate its execution performance on commodity cluster servers. We observe that due to stateless instrumentation, the logging overhead incurred to each network function is low. We also show that PROV5GC can be used to detect the three 5G-specific attacks with high accuracy.more » « less
-
End-to-End O-RAN Security Architecture, Threat Surface, Coverage, and the Case of the Open FronthaulO-RAN establishes an advanced radio access network (RAN) architecture that supports inter-operable, multi-vendor, and artificial intelligence (AI) controlled wireless access networks. The unique components, interfaces, and technologies of O-RAN differentiate it from the 3GPP RAN. Because O-RAN supports 3GPP protocols, currently 4G and 5G, while offering additional network interfaces and controllers, it has a larger attack surface. The O-RAN security requirements, vulnerabilities, threats, and countermeasures must be carefully assessed for it to become a platform for 5G Advanced and future 6G wireless. This article presents the ongoing standardization activities of the O-RAN Alliance for modeling the potential threats to the network and to the open fronthaul interface, in particular. We identify end-to-end security threats and discuss those on the open fronthaul in more detail. We then provide recommendations for countermeasures to tackle the identified security risks and encourage industry to establish standards and best practices for safe and secure implementations of the open fronthaul interface.more » « less
-
As 5G networks are gradually rolled out worldwide, it is important to ensure that their network infrastructures are resilient against malicious attacks. This work presents VET5G, a new virtual end-to-end testbed for 5G network security research experiments or training activities such as Capture-The-Flag competitions. The distinguishing features of VET5G include a home-grown 5G core network emulator written in Rust to ensure memory and thread safety, integration of OpenAirInterface’s Radio Access Network emulator and the official Android emulator to achieve full end-to-end 5G network emulation, inclusion of a reference P4 software switch to assist with prototyping of defense mechanisms for 5G data planes, implementation of Python APIs for easy 5G network experimentation, and adoption of JupyterHub to support multi-user experimentation. In our experiments we demonstrate how to use VET5G for two attack scenarios in 5G networks as well as its performance when it is used in a 5G hacking project for a Mobile Systems Security course.more » « less
