Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ZTRAN: Prototyping Zero Trust Security xApps for Open Radio Access Network Deployments

Aly S. Abdalla, Joshua Moore, Nisha Adhikari, Vuk Marojevic

TL;DR

This work addresses security in open, disaggregated O-RAN by applying zero-trust principles through ZTRAN, a trio of xApps that provide authentication, intrusion detection, and secure slicing within the near-RT RIC. Implemented on the OAIC platform, ZTRAN demonstrates feasible legitimate user throughput and controlled latency while detecting and isolating anomalous activity to protect QoS. The study details the interactions between the PEP/PDP framework and O-RAN components, and shows how continuous diagnostics, threat intelligence, and slice isolation can mitigate threats in a containerized, multi-vendor environment. The results, along with identified R&D directions, illustrate a practical path toward robust, zero-trust security for future O-RAN deployments and xApp ecosystems.

Abstract

The open radio access network (O-RAN) offers new degrees of freedom for building and operating advanced cellular networks. Emphasizing on RAN disaggregation, open interfaces, multi-vendor support, and RAN intelligent controllers (RICs), O-RAN facilitates adaptation to new applications and technology trends. Yet, this architecture introduces new security challenges. This paper proposes leveraging zero trust principles for O-RAN security. We introduce zero trust RAN (ZTRAN), which embeds service authentication, intrusion detection, and secure slicing subsystems that are encapsulated as xApps. We implement ZTRAN on the open artificial intelligence cellular (OAIC) research platform and demonstrate its feasibility and effectiveness in terms of legitimate user throughput and latency figures. Our experimental analysis illustrates how ZTRAN's intrusion detection and secure slicing microservices operate effectively and in concert as part of O-RAN Alliance's containerized near-real time RIC. Research directions include exploring machine learning and additional threat intelligence feeds for improving the performance and extending the scope of ZTRAN.

ZTRAN: Prototyping Zero Trust Security xApps for Open Radio Access Network Deployments

TL;DR

This work addresses security in open, disaggregated O-RAN by applying zero-trust principles through ZTRAN, a trio of xApps that provide authentication, intrusion detection, and secure slicing within the near-RT RIC. Implemented on the OAIC platform, ZTRAN demonstrates feasible legitimate user throughput and controlled latency while detecting and isolating anomalous activity to protect QoS. The study details the interactions between the PEP/PDP framework and O-RAN components, and shows how continuous diagnostics, threat intelligence, and slice isolation can mitigate threats in a containerized, multi-vendor environment. The results, along with identified R&D directions, illustrate a practical path toward robust, zero-trust security for future O-RAN deployments and xApp ecosystems.

Abstract

The open radio access network (O-RAN) offers new degrees of freedom for building and operating advanced cellular networks. Emphasizing on RAN disaggregation, open interfaces, multi-vendor support, and RAN intelligent controllers (RICs), O-RAN facilitates adaptation to new applications and technology trends. Yet, this architecture introduces new security challenges. This paper proposes leveraging zero trust principles for O-RAN security. We introduce zero trust RAN (ZTRAN), which embeds service authentication, intrusion detection, and secure slicing subsystems that are encapsulated as xApps. We implement ZTRAN on the open artificial intelligence cellular (OAIC) research platform and demonstrate its feasibility and effectiveness in terms of legitimate user throughput and latency figures. Our experimental analysis illustrates how ZTRAN's intrusion detection and secure slicing microservices operate effectively and in concert as part of O-RAN Alliance's containerized near-real time RIC. Research directions include exploring machine learning and additional threat intelligence feeds for improving the performance and extending the scope of ZTRAN.
Paper Structure (17 sections, 4 figures, 2 tables)

This paper contains 17 sections, 4 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Zero Trust Security and the O-RAN Use Case
  3. PEP and PDP
  4. PDP Subsystems
  5. O-RAN Security Needs and Opportunities
  6. Zero Trust RAN
  7. ZTRAN--Authentication xApp
  8. ZTRAN--Intrusion Detection xApp
  9. ZTRAN--Secure Slicing xApp
  10. ZTRAN--xApp Procedures and Interplay
  11. Testbed Deployment and Analysis
  12. Open Issues and R&D Directions
  13. AI-Enabled ZTRAN
  14. Onboarding of xApps and Database Access Control
  15. xApp Conflict Resolution
  16. ...and 2 more sections

Figures (4)

  • Figure 1: Zero-trust security components.
  • Figure 2: ZTRAN xApp procedures: flow of actions and O-RAN component interactions.
  • Figure 3: The OAIC testbed implementing ZTRAN.
  • Figure 4: Illustration of the achieved data rate of legitimate and malicious UEs served by ZTRAN (a), network latency performance without and with ZTRAN (b), and false positive rate performance of the intrusion detection xApp (c).