The Open Radio Access Network (RAN) is a networking paradigm that builds on top of cloud-based, multi-vendor, open and intelligent architectures to shape the next generation of cellular networks for 5G and beyond. While this new paradigm comes with many advantages in terms of observatibility and reconfigurability of the network, it inevitably expands the threat surface of cellular systems and can potentially expose its components to several cyber attacks, thus making securing O-RAN networks a necessity. In this paper, we explore the security aspects of O-RAN systems by focusing on the specifications and architectures proposed by the O-RAN Alliance. We address the problem of securing O-RAN systems with an holistic perspective, including considerations on the open interfaces used to interconnect the different O-RAN components, on the overall platform, and on the intelligence used to monitor and control the network. For each focus area we identify threats, discuss relevant solutions to address these issues, and demonstrate experimentally how such solutions can effectively defend O-RAN systems against selected cyber attacks. This article is the first work in approaching the security aspect of O-RAN holistically and with experimental evidence obtained on a state-of-the-art programmable O-RAN platform, thus providing unique guideline for researchers in the field.
翻译:开放式无线电接入网络(O-RAN)是一种基于云平台、多供应商、开放式和智能化架构的网络范例,为 5G 及更高版本的蜂窝网络的下一代形式奠定了基础。虽然这种新范式具有许多优势,包括可观察性和网络的可重构性,但不可避免地扩大了蜂窝系统的威胁面,并可能将其组件暴露于多种网络攻击中,因此使得保护 O-RAN 网络成为必要。在本文中,我们通过关注 O-RAN 联盟提出的规范和架构,探讨了 O-RAN 系统的安全性方面。我们从整体的角度来解决 O-RAN 系统的安全问题,包括考虑用于连接不同 O-RAN 组件的开放接口、整体平台以及用于监控和控制网络的智能。对于每个重点领域,我们识别威胁,讨论有关解决这些问题的相关解决方案,并有实验性论证表明,这些解决方案可以有效地保护 O-RAN 系统免受所选的网络攻击。本文是第一篇 holistically 接近 O-RAN 安全方面问题,在最先进的可编程 O-RAN 平台上取得了实验证据,因此为该领域的研究人员提供了独特的指导。