Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Evaluation of Security-Induced Latency on 5G RAN Interfaces and User Plane Communication

Sotiris Michaelides, Jakub Lapawa, Daniel Eguiguren Chavez, Martin Henze

TL;DR

This study assesses how optional security controls across internal 5G RAN interfaces and the user plane impact latency in disaggregated RAN deployments. It introduces the first open-source testbed enabling end-to-end evaluation with CP/UP separation and security over F1-C, F1-U, and E1 links, and demonstrates that IPsec generally adds only small overhead on UP paths while DTLS incurs higher costs. Across a full UP path, disaggregated RANs maintain a latency advantage over monolithic designs, but cryptographic processing pushes end-to-end RTT beyond $1\,\mathrm{ms}$ in practice. The work provides practical guidance for secure, low-latency 5G deployments and highlights that achieving sub-$1\,\mathrm{ms}$ RTT will require reducing or rearchitecting cryptographic operations and potentially adopting end-to-end security models.

Abstract

5G promises enhanced performance-not only in bandwidth and capacity, but also latency and security. Its ultra-reliable low-latency configuration targets round-trip times below 1 ms, while optional security controls extend protection across all interfaces, making 5G attractive for mission-critical applications. A key enabler of low latency is the disaggregation of network components, including the RAN, allowing user-plane functions to be deployed nearer to end users. However, this split introduces additional interfaces, whose protection increases latency overhead. In this paper, guided by discussions with a network operator and a 5G manufacturer, we evaluate the latency overhead of enabling optional 5G security controls across internal RAN interfaces and the 5G user plane. To this end, we deploy the first testbed implementing a disaggregated RAN with standardized optional security mechanisms. Our results show that disaggregated RAN deployments retain a latency advantage over monolithic designs, even with security enabled. However, achieving sub-1 ms round-trip times remains challenging, as cryptographic overhead alone can already exceed this target.

Evaluation of Security-Induced Latency on 5G RAN Interfaces and User Plane Communication

TL;DR

This study assesses how optional security controls across internal 5G RAN interfaces and the user plane impact latency in disaggregated RAN deployments. It introduces the first open-source testbed enabling end-to-end evaluation with CP/UP separation and security over F1-C, F1-U, and E1 links, and demonstrates that IPsec generally adds only small overhead on UP paths while DTLS incurs higher costs. Across a full UP path, disaggregated RANs maintain a latency advantage over monolithic designs, but cryptographic processing pushes end-to-end RTT beyond in practice. The work provides practical guidance for secure, low-latency 5G deployments and highlights that achieving sub- RTT will require reducing or rearchitecting cryptographic operations and potentially adopting end-to-end security models.

Abstract

5G promises enhanced performance-not only in bandwidth and capacity, but also latency and security. Its ultra-reliable low-latency configuration targets round-trip times below 1 ms, while optional security controls extend protection across all interfaces, making 5G attractive for mission-critical applications. A key enabler of low latency is the disaggregation of network components, including the RAN, allowing user-plane functions to be deployed nearer to end users. However, this split introduces additional interfaces, whose protection increases latency overhead. In this paper, guided by discussions with a network operator and a 5G manufacturer, we evaluate the latency overhead of enabling optional 5G security controls across internal RAN interfaces and the 5G user plane. To this end, we deploy the first testbed implementing a disaggregated RAN with standardized optional security mechanisms. Our results show that disaggregated RAN deployments retain a latency advantage over monolithic designs, even with security enabled. However, achieving sub-1 ms round-trip times remains challenging, as cryptographic overhead alone can already exceed this target.
Paper Structure (21 sections, 4 figures, 1 table)

This paper contains 21 sections, 4 figures, 1 table.

Table of Contents

  1. Introduction
  2. 5G Networks and Security Controls
  3. Architectural Components
  4. 5G Interfaces and Security
  5. Related Work
  6. Insights on Disaggregated RANs
  7. Practical Benefits of Disaggregated RANs
  8. Security in Real-World 5G Networks
  9. Deploying a Disaggregated-RAN 5G Testbed
  10. Identified Optional Security Controls
  11. Testbed and Experimental Setup
  12. Impact of Security on Internal-RAN Interfaces
  13. Methodology
  14. Results
  15. User Plane-Wide Evaluation
  16. ...and 6 more sections

Figures (4)

  • Figure 1: The modularity of 5G enables time-critical components to be placed closer to end devices on the edge cloud infrastructure to reduce latency. Control-plane components are hosted on a remote and centralized cloud to simplify network control. The ru is always deployed on-site
  • Figure 2: Securing internal-RAN interfaces using IPsec adds only minimal latency overhead regardless of the configuration, making it suitable to support low-latencies.
  • Figure 3: While the monolithic deployment benefits from lower security overhead due to fewer controls needing to be enabled, the disaggregated approach still outperforms it due to the independent and efficient handling of up data
  • Figure 4: Our benchmarking of IPsec configurations confirms the linear scalability of all schemes and highlights the superior performance of GMAC and GCM schemes.