Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Implementing and Evaluating Security in O-RAN: Interfaces, Intelligence, and Platforms

Joshua Groen, Salvatore DOro, Utku Demir, Leonardo Bonati, Michele Polese, Tommaso Melodia, Kaushik Chowdhury

TL;DR

The paper addresses securing O-RAN across open interfaces, AI/ML-driven intelligence, and cloud platforms, offering a holistic framework tested on a programmable platform. It demonstrates that IPsec on the E2 interface imposes small delay overhead but notable CPU load, and that AES-GCM provides best throughput among common modes. It also shows that threat-mitigation via autoencoder layers can reduce adversarial effects on scheduling and slicing decisions, and it outlines cloud-security principles and Zero Trust strategies tailored to multi-vendor O-RAN. The findings emphasize security-by-design, clear visibility, and governance as practical levers to secure future open cellular networks with realistic performance trade-offs.

Abstract

The Open Radio Access Network (RAN) is a networking paradigm that builds on top of cloud-based, multi-vendor, open and intelligent architectures to shape the next generation of cellular networks for 5G and beyond. While this new paradigm comes with many advantages in terms of observatibility and reconfigurability of the network, it inevitably expands the threat surface of cellular systems and can potentially expose its components to several cyber attacks, thus making securing O-RAN networks a necessity. In this paper, we explore the security aspects of O-RAN systems by focusing on the specifications and architectures proposed by the O-RAN Alliance. We address the problem of securing O-RAN systems with a holistic perspective, including considerations on the open interfaces used to interconnect the different O-RAN components, on the overall platform, and on the intelligence used to monitor and control the network. For each focus area we identify threats, discuss relevant solutions to address these issues, and demonstrate experimentally how such solutions can effectively defend O-RAN systems against selected cyber attacks. This article is the first work in approaching the security aspect of O-RAN holistically and with experimental evidence obtained on a state-of-the-art programmable O-RAN platform, thus providing unique guideline for researchers in the field.

Implementing and Evaluating Security in O-RAN: Interfaces, Intelligence, and Platforms

TL;DR

The paper addresses securing O-RAN across open interfaces, AI/ML-driven intelligence, and cloud platforms, offering a holistic framework tested on a programmable platform. It demonstrates that IPsec on the E2 interface imposes small delay overhead but notable CPU load, and that AES-GCM provides best throughput among common modes. It also shows that threat-mitigation via autoencoder layers can reduce adversarial effects on scheduling and slicing decisions, and it outlines cloud-security principles and Zero Trust strategies tailored to multi-vendor O-RAN. The findings emphasize security-by-design, clear visibility, and governance as practical levers to secure future open cellular networks with realistic performance trade-offs.

Abstract

The Open Radio Access Network (RAN) is a networking paradigm that builds on top of cloud-based, multi-vendor, open and intelligent architectures to shape the next generation of cellular networks for 5G and beyond. While this new paradigm comes with many advantages in terms of observatibility and reconfigurability of the network, it inevitably expands the threat surface of cellular systems and can potentially expose its components to several cyber attacks, thus making securing O-RAN networks a necessity. In this paper, we explore the security aspects of O-RAN systems by focusing on the specifications and architectures proposed by the O-RAN Alliance. We address the problem of securing O-RAN systems with a holistic perspective, including considerations on the open interfaces used to interconnect the different O-RAN components, on the overall platform, and on the intelligence used to monitor and control the network. For each focus area we identify threats, discuss relevant solutions to address these issues, and demonstrate experimentally how such solutions can effectively defend O-RAN systems against selected cyber attacks. This article is the first work in approaching the security aspect of O-RAN holistically and with experimental evidence obtained on a state-of-the-art programmable O-RAN platform, thus providing unique guideline for researchers in the field.
Paper Structure (17 sections, 5 figures, 1 table)

This paper contains 17 sections, 5 figures, 1 table.

Table of Contents

  1. Introduction
  2. O-RAN Primer
  3. Securing the Open Interfaces
  4. New Vulnerabilities
  5. Implementing IPsec on the E2 Interface
  6. Theoretical Analysis
  7. System Implementation Results
  8. Key to Securing Open Interfaces
  9. Securing the Intelligence
  10. Vulnerabilities of AI/ML O-RAN Applications
  11. Toward Reliable AI/ML O-RAN Applications
  12. Autoencoders for Threat Mitigation
  13. Securing the Platforms
  14. Cloud Security Risks
  15. O-RAN Specific Security Recommendations
  16. ...and 2 more sections

Figures (5)

  • Figure 1: Challenges and opportunities to secure different groups of components in the O-RAN architecture, which also reflects the paper outline.
  • Figure 2: Processing delay as a function of packet size for PT and CT traffic.
  • Figure 3: Measured throughput as a function of attempted transmission rate for PT and CT traffic. CPU utilization is the limiting factor for throughput with encryption.
  • Figure 4: Percentage of actions deviating from the expected outcome after the attack with and without the autoencoder.
  • Figure 5: Action distance comparison after attack with and without autoencoder. Scheduling policies are enumerated as $\{0,1,2\}$, while slicing actions consist of three integer numbers (one per slice) whose sum must be equal to 50 (i.e., the number of Physical Resource Blocks (PRBs) to assign to each slice).