Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Solving the Post-Quantum Control Plane Bottleneck: Energy-Aware Cryptographic Scheduling in Open RAN

Neha Gupta, Hamed Alimohammadi, Mohammad Shojafar, De Mi, Muhammad N. M. Bhutta

TL;DR

This work tackles the energy and latency challenges of integrating post-quantum cryptography into Open RAN by proposing an energy-aware security orchestration framework. A Crypto Policy rApp in the Non-RT RIC sets strategic PQC choices, while a SOS xApp in the Near-RT RIC converts policies into timing and placement intents, keeping cryptographic enforcement at MACsec/IPsec endpoints to preserve O-RAN architecture. The approach employs a constrained reinforcement learning policy with an energy proxy to batch non-urgent PQC handshakes and maximize session resumption, achieving up to a 60 percent reduction in per-handshake energy and substantial p95 latency improvements while maintaining SLA targets. The results, validated via discrete-event simulation with realistic 3GPP mobility profiles, demonstrate a practical, hardware-agnostic path toward quantum-resilient security that minimizes energy use and preserves network timing discipline for URLLC and eMBB services alike.

Abstract

The Open Radio Access Network (O-RAN) offers flexibility and innovation but introduces unique security vulnerabilities, particularly from cryptographically relevant quantum computers. While Post-Quantum Cryptography (PQC) is the primary scalable defence, its computationally intensive handshakes create a significant bottleneck for the RAN control plane, posing sustainability challenges. This paper proposes an energy-aware framework to solve this PQC bottleneck, ensuring quantum resilience without sacrificing operational energy efficiency. The system employs an O-RAN aligned split: a Crypto Policy rApp residing in the Non-Real-Time (Non-RT) RIC defines the strategic security envelope (including PQC suites), while a Security Operations Scheduling (SOS) xApp in the Near-RT RIC converts these into tactical timing and placement intents. Cryptographic enforcement remains at standards-compliant endpoints: the Open Fronthaul utilizes Media Access Control Security (MACsec) at the O-DU/O-RU, while the xhaul (midhaul and backhaul) utilizes IP Security (IPsec) at tunnel terminators. The SOS xApp reduces PQC overhead by batching non-urgent handshakes, prioritizing session resumption, and selecting parameters that meet slice SLAs while minimizing joules per secure connection. We evaluate the architecture via a Discrete-Event Simulation (DES) using 3GPP-aligned traffic profiles and verified hardware benchmarks from literature. Results show that intelligent scheduling can reduce per-handshake energy by approximately 60 percent without violating slice latency targets.

Solving the Post-Quantum Control Plane Bottleneck: Energy-Aware Cryptographic Scheduling in Open RAN

TL;DR

This work tackles the energy and latency challenges of integrating post-quantum cryptography into Open RAN by proposing an energy-aware security orchestration framework. A Crypto Policy rApp in the Non-RT RIC sets strategic PQC choices, while a SOS xApp in the Near-RT RIC converts policies into timing and placement intents, keeping cryptographic enforcement at MACsec/IPsec endpoints to preserve O-RAN architecture. The approach employs a constrained reinforcement learning policy with an energy proxy to batch non-urgent PQC handshakes and maximize session resumption, achieving up to a 60 percent reduction in per-handshake energy and substantial p95 latency improvements while maintaining SLA targets. The results, validated via discrete-event simulation with realistic 3GPP mobility profiles, demonstrate a practical, hardware-agnostic path toward quantum-resilient security that minimizes energy use and preserves network timing discipline for URLLC and eMBB services alike.

Abstract

The Open Radio Access Network (O-RAN) offers flexibility and innovation but introduces unique security vulnerabilities, particularly from cryptographically relevant quantum computers. While Post-Quantum Cryptography (PQC) is the primary scalable defence, its computationally intensive handshakes create a significant bottleneck for the RAN control plane, posing sustainability challenges. This paper proposes an energy-aware framework to solve this PQC bottleneck, ensuring quantum resilience without sacrificing operational energy efficiency. The system employs an O-RAN aligned split: a Crypto Policy rApp residing in the Non-Real-Time (Non-RT) RIC defines the strategic security envelope (including PQC suites), while a Security Operations Scheduling (SOS) xApp in the Near-RT RIC converts these into tactical timing and placement intents. Cryptographic enforcement remains at standards-compliant endpoints: the Open Fronthaul utilizes Media Access Control Security (MACsec) at the O-DU/O-RU, while the xhaul (midhaul and backhaul) utilizes IP Security (IPsec) at tunnel terminators. The SOS xApp reduces PQC overhead by batching non-urgent handshakes, prioritizing session resumption, and selecting parameters that meet slice SLAs while minimizing joules per secure connection. We evaluate the architecture via a Discrete-Event Simulation (DES) using 3GPP-aligned traffic profiles and verified hardware benchmarks from literature. Results show that intelligent scheduling can reduce per-handshake energy by approximately 60 percent without violating slice latency targets.
Paper Structure (13 sections, 4 figures, 1 table)

This paper contains 13 sections, 4 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related Work
  3. Proposed Energy-Aware Security Orchestration
  4. Architecture and Interface Boundaries
  5. Core Scheduling Mechanisms
  6. Decision Logic and Runtime Constraints
  7. SLA-Sustainability Conflict Resolution
  8. Case Study: Energy-Aware Security Scheduling
  9. Simulation Methodology
  10. Results
  11. Sensitivity to Mobility
  12. Discussion
  13. System Implications and Future Directions

Figures (4)

  • Figure 1: Fronthaul security architecture. The SOS xApp issues timing and placement intents via standard O-RAN interfaces: A1 (policy), E2 (KPI telemetry), and O1 (configuration). Data-plane C/U/S traffic between O-DU and O-RU is secured with MACsec (IEEE 802.1AE); M-plane NETCONF is protected via TLS 1.3. The O-DU manages O-RU settings through hierarchical M-plane control per O-RAN WG4.MP.
  • Figure 2: Backhaul/midhaul enforcement architecture. The SOS xApp issues timing and placement intents via O-RAN interfaces: A1 (policy), E2 (KPI telemetry), and O1 (configuration). Control actions (/hint, /place, /suite, /offload) are translated to IKEv2/Encapsulating Security Payload (ESP) parameters at IPsec terminators. Midhaul (F1) secures O-DU$\leftrightarrow$O-CU; backhaul (NG) secures O-CU$\leftrightarrow$5GC. All cryptographic operations remain at the endpoints per 3GPP TS 33.210/33.501, preserving O-RAN architectural boundaries.
  • Figure 3: Handshake latency CDF. Baseline (blue solid): all full PQC handshakes with 98.48 ms service time. SOS (orange dashed): 63 percent session resumption with 4.92 ms resumed handshake time. The vertical dotted line indicates the 150 ms SLA threshold; horizontal dotted line marks the 95th percentile.
  • Figure 4: Energy-latency trade-off across session resumption scenarios. Bars (left axis, blue): relative energy consumption normalized to baseline. Line with markers (right axis, orange): absolute p95 latency in milliseconds. Dashed horizontal line indicates the 150 ms SLA threshold. As resumption rate increases from zero to 63 percent, energy decreases by 60 percent and p95 latency decreases by 48 percent, demonstrating that both metrics improve in parallel.