An official website of the United States government
This demonstration explores the security concerns in 5G and beyond networks within open radio access network (O-RAN) deployments, focusing on active attacks disrupting cellular communications. An xApp developed on the open artificial intelligence cellular (OAIC) platform enables on-the-fly creation and management of network slices to mitigate such attacks. The xApp is hosted in the near-real time RAN intelligent controller (RIC) and establishes secure slices for the software radio network it controls. This solution presents a practical approach for resilient and secure network management in dynamic environments.
more »
« less
Security Opportunities and Challenges for Disaggregated Architectures (Invited)
Not AvailableDisaggregated computer architectures are an interesting paradigm according to which the components of a traditional monolithic server, such as CPU, memory, storage, and networking, are separated into distinct, often independently managed units that communicate over a network. Disaggregation not only offers benefits such as greater flexibility, scalability, and resource optimization but can also improve security. For example, in the context of enterprise routing, it can offer fine-grained control over the network that allows one to deploy security policies, access control rules, and threat detection mechanisms more precisely, ensuring that only authorized traffic flows through the enterprise environment. It makes patch management easier because its modularity allows different components to be patched independently. The same benefits also apply to cellular networks. Disaggregation is a key feature of the Open Radio Access Network (O-RAN) paradigm, whose goal is to make the radio access network intelligent, virtualized, and fully interoperable. However, disaggregation also introduces several unique security risks, such as increased attack surfaces, increased exposure of sensitive data, increased difficulty in tracing data provenance, insecure isolation among different components, and insecure APIs. In addition, well-known security technologies, such as trusted execution environments, may have to be redesigned in the context of disaggregated architectures. In this paper, after an overview of these benefits and concerns, we focus on the research approaches proposed to address some of these concerns for network fabric, O-RAN, and trusted execution environments.
more »
« less
- Award ID(s):
- 2229876
- PAR ID:
- 10662546
- Publisher / Repository:
- IEEE
- Date Published:
- Page Range / eLocation ID:
- 1 to 4
- Format(s):
- Medium: X
- Location:
- San Francisco, CA
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The open radio access network (O-RAN) represents a paradigm shift in RAN architecture, integrating intelligence into communication networks via xApps -- control applications for managing RAN resources. This integration facilitates the adoption of AI for network optimization and resource management. However, there is a notable gap in practical network performance analyzers capable of assessing the functionality and efficiency of xApps in near real-time within operational networks. Addressing this gap, this article introduces a comprehensive network performance analyzer, tailored for the near-real time RAN intelligent controller. We present the design, development, and application scenarios for this testing framework, including its components, software, and tools, providing an end-to-end solution for evaluating the performance of xApps in O-RAN environments.more » « less
-
The open radio access network (O-RAN) offers new degrees of freedom for building and operating advanced cellular networks. Emphasizing on RAN disaggregation, open interfaces, multi-vendor support, and RAN intelligent controllers (RICs), O-RAN facilitates adaptation to new applications and technology trends. Yet, this architecture introduces new security challenges. This article proposes leveraging zero trust principles for O-RAN security. We introduce zero trust RAN (ZTRAN), which embeds service authentication, intrusion detection, and secure slicing subsystems that are encapsulated as xApps. We implement ZTRAN on the open artificial intelligence cellular (OAIC) research platform and demonstrate its feasibility and effectiveness in terms of legitimate user throughput and latency figures. Our experimental analysis illustrates how ZTRAN's intrusion detection and secure slicing microservices operate effectively and in concert as part of O-RAN Alliance's containerized near-real time RIC. Research directions include exploring machine learning and additional threat intelligence feeds for improving the performance and extending the scope of ZTRAN.more » « less
-
End-to-End O-RAN Security Architecture, Threat Surface, Coverage, and the Case of the Open FronthaulO-RAN establishes an advanced radio access network (RAN) architecture that supports inter-operable, multi-vendor, and artificial intelligence (AI) controlled wireless access networks. The unique components, interfaces, and technologies of O-RAN differentiate it from the 3GPP RAN. Because O-RAN supports 3GPP protocols, currently 4G and 5G, while offering additional network interfaces and controllers, it has a larger attack surface. The O-RAN security requirements, vulnerabilities, threats, and countermeasures must be carefully assessed for it to become a platform for 5G Advanced and future 6G wireless. This article presents the ongoing standardization activities of the O-RAN Alliance for modeling the potential threats to the network and to the open fronthaul interface, in particular. We identify end-to-end security threats and discuss those on the open fronthaul in more detail. We then provide recommendations for countermeasures to tackle the identified security risks and encourage industry to establish standards and best practices for safe and secure implementations of the open fronthaul interface.more » « less
-
The Open Radio Access Network (RAN) and its embodiment through the O-RAN Alliance specifications are poised to revolutionize the telecom ecosystem. O-RAN promotes virtualized RANs where disaggregated components are connected via open interfaces and optimized by intelligent controllers. The result is a new paradigm for the RAN design, deployment, and operations: O-RAN networks can be built with multi-vendor, interoperable components, and can be programmatically optimized through a centralized abstraction layer and data-driven closed-loop control. Therefore, understanding O-RAN, its architecture, its interfaces, and workflows is key for researchers and practitioners in the wireless community. In this article, we present the first detailed tutorial on O-RAN. We also discuss the main research challenges and review early research results. We provide a deep dive of the O-RAN specifications, describing its architecture, design principles, and the O-RAN interfaces. We then describe how the O-RAN RAN Intelligent Controllers (RICs) can be used to effectively control and manage 3GPP-defined RANs. Based on this, we discuss innovations and challenges of O-RAN networks, including the Artificial Intelligence (AI) and Machine Learning (ML) workflows that the architecture and interfaces enable, security, and standardization issues. Finally, we review experimental research platforms that can be used to design and test O-RAN networks, along with recent research results, and we outline future directions for O-RAN development.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript
- Conference Paper:
- https://doi.org/10.1109/DAC63849.2025.11132793
