Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments

Felix Klement, Alessandro Brighente, Michele Polese, Mauro Conti, Stefan Katzenbeisser

TL;DR

The paper addresses the security of virtualized Open RAN infrastructure, focusing on O-RAN ALLIANCE and OSC-based O-Cloud deployments. It employs static scanning, deployment auditing against MITRE ATT&CK, NSA CISA, and CIS benchmarks, and broader threat modeling to quantify the risk surface. The study uncovers a large number of vulnerabilities (e.g., 792 total; 16 critical) and pervasive misconfigurations driven by outdated components, illustrating significant security gaps in Kubernetes-based RIC deployments. It proposes integrating security evaluation into the deployment process, hardening measures, and policy-based controls to harden Open RAN environments, highlighting the practical need for standardized assessment methods to enable reliable, secure, programmable networks.

Abstract

In this paper, we investigate the security implications of virtualized and software-based Open Radio Access Network (RAN) systems, specifically focusing on the architecture proposed by the O-RAN ALLIANCE and O-Cloud deployments based on the O-RAN Software Community (OSC) stack and infrastructure. Our key findings are based on a thorough security assessment and static scanning of the OSC Near Real-Time RAN Intelligent Controller (RIC) cluster. We highlight the presence of potential vulnerabilities and misconfigurations in the Kubernetes infrastructure supporting the RIC, also due to the usage of outdated versions of software packages, and provide an estimation of their criticality using various deployment auditing frameworks (e.g., MITRE ATT&CK and the NSA CISA). In addition, we propose methodologies to minimize these issues and harden the Open RAN virtualization infrastructure. These encompass the integration of security evaluation methods into the deployment process, implementing deployment hardening measures, and employing policy-based control for RAN components. We emphasize the need to address the problems found in order to improve the overall security of virtualized Open RAN systems.

Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments

TL;DR

The paper addresses the security of virtualized Open RAN infrastructure, focusing on O-RAN ALLIANCE and OSC-based O-Cloud deployments. It employs static scanning, deployment auditing against MITRE ATT&CK, NSA CISA, and CIS benchmarks, and broader threat modeling to quantify the risk surface. The study uncovers a large number of vulnerabilities (e.g., 792 total; 16 critical) and pervasive misconfigurations driven by outdated components, illustrating significant security gaps in Kubernetes-based RIC deployments. It proposes integrating security evaluation into the deployment process, hardening measures, and policy-based controls to harden Open RAN environments, highlighting the practical need for standardized assessment methods to enable reliable, secure, programmable networks.

Abstract

In this paper, we investigate the security implications of virtualized and software-based Open Radio Access Network (RAN) systems, specifically focusing on the architecture proposed by the O-RAN ALLIANCE and O-Cloud deployments based on the O-RAN Software Community (OSC) stack and infrastructure. Our key findings are based on a thorough security assessment and static scanning of the OSC Near Real-Time RAN Intelligent Controller (RIC) cluster. We highlight the presence of potential vulnerabilities and misconfigurations in the Kubernetes infrastructure supporting the RIC, also due to the usage of outdated versions of software packages, and provide an estimation of their criticality using various deployment auditing frameworks (e.g., MITRE ATT&CK and the NSA CISA). In addition, we propose methodologies to minimize these issues and harden the Open RAN virtualization infrastructure. These encompass the integration of security evaluation methods into the deployment process, implementing deployment hardening measures, and employing policy-based control for RAN components. We emphasize the need to address the problems found in order to improve the overall security of virtualized Open RAN systems.
Paper Structure (19 sections, 1 figure, 1 table)

This paper contains 19 sections, 1 figure, 1 table.

Table of Contents

  1. Introduction
  2. O-RAN Architecture and Deployment Methodologies
  3. O-RAN architecture
  4. Docker as a container, Kubernetes for orchestration
  5. Threat Model
  6. Attacker Model
  7. Threat Vectors
  8. Assessment methods
  9. Static Scanning
  10. Deployment Auditing
  11. Penetration Testing
  12. Runtime Security
  13. Security Concerns
  14. Outdated Versions
  15. Scanning Results
  16. ...and 4 more sections

Figures (1)

  • Figure 1: Disaggregated O-RAN architecture with open interfaces and a typical deployment across different data centers implementing the O-RAN O-Cloud and a proprietary cell site.