The O-RAN ALLIANCE Security Task Group Tackles Security Challenges on All O-RAN Interfaces and Components

By Amy Zwarico (AT&T), Sébastien Jeux (Orange) and Others.

Open RAN as architected by the O-RAN ALLIANCE is a major paradigm shift in Radio Access Network (RAN) architecture and deployment that leverages Software Defined Networking (SDN) and Network Function Virtualization (NFV) techniques by disaggregating the functions of a traditional RAN, implementing them in software, deploying them on independent cloud infrastructure, and connecting them using standardized interfaces.

This architecture will speed service introduction and innovation, lead to greater openness and flexibility, introduce intelligence into RAN control, enable interoperability among RAN components from different sources, improve supply chain security, and reduce network OPEX and CAPEX costs. From its inception O-RAN has been designed as a complementary architecture to 3GPP and other RAN initiatives. As of October 2020, the O-RAN community includes 230+ companies, all working to make the Open RAN meet and exceed industry expectations for an open, interoperable, and secure system. Figure 1 illustrates the logical architecture of O-RAN.

The openness and disaggregation of O-RAN has many positive effects on security. Open interfaces are more transparent than black-box implementations, facilitating the alignment with security standards and best practices. Disaggregation improves security agility, adaptability and resiliency. Security updates and the introduction of new security functions to the RAN can be implemented by modifying a single software component. Network functions such as the Near Real-Time RIC, O-CU-CP, O-CU-UP, and O-DU, implemented as containerized microservices can leverage cloud native security advances such as hardware resource isolation, automatic reconfiguration, and automated security testing, which can improve both open source vulnerability management and security configuration management.

The Open RAN faces the same security challenges as today’s RAN and other virtualized architectures. The disaggregation of functions increases the RAN threat surface. The strict latency requirements on the RAN need to be considered when implementing security controls, such as encryption, on the Open Fronthaul Interface. The increased reliance on open source software in modern telecom platforms increases the Open RAN dependence on secure development practices within open source communities. The use of AI in the RAN may lead to unanticipated consequences as it has in other domains (e.g. racially biased facial recognition). Finally, the dramatic growth in the number of IoT devices requires all RAN deployments to protect themselves against the increasing likelihood of attacks by compromised devices.  

Recognizing the possible security challenges and the criticality of a secure RAN, the O-RAN ALLIANCE is following the 3GPP security design practices of rigorous threat modeling and risk analysis to identify  security requirements and solutions that enable O-RAN to provide the level of security expected by the industry and 5G users. The O-RAN ALLIANCE Security Task Group (STG) engages with O-RAN ALLIANCE Working Groups (WGs) to tackle security challenges on all O-RAN interfaces and components, specifying and recommending modern, practical security solutions.

The STG has in its scope all security aspects of O-RAN. The members, drawn from both operators and vendors, are using threat modeling and risk analysis techniques to define security requirements and specify security solutions. The threat model is built using critical asset identification, data sensitivity analysis, and threat identification. The model drives the STG’s risk assessments which, along with their deep knowledge of security technology and practices, lead to robust security requirements and solutions. Several STG efforts illustrate how this approach is creating an open, interoperable, and secure system by design.

The STG recognizes that an unprotected management interface provides an easily exploitable vulnerability in the RAN. Thus, the O-RAN management interfaces, the O1 interface and the Open Fronthaul M-plane, must be protected using industry security best practices such as TLS and/or SSH with strong ciphers, mutual authentication using X.509 certificates, access controls that can be integrated with an operator’s identity lifecycle management platforms, robust logging that can be integrated with an operator’s centralized logging platform, and input validation. Similar analysis is being performed on the other O-RAN defined interfaces: A1, E2, O2 and Open Fronthaul CUS-plane.

The separation of the O-DU and O-RU introduces a potential new attack surface in the RAN: the open fronthaul interface operating the lower layer split (LLS) interface. The STG is currently studying the threats to this interface to gain a thorough understanding that will drive the specification of security controls on the interactions between O-DU and O-RU. Security is key to delivering the benefits of the separation Additionally, the STG is both leveraging existing O-RU security capabilities and investigating additional capabilities to secure the open fronthaul interface between the SMO and O-RU.

‍

‍

Securing the x/rApp microservices in the Near and Non Real-Time RAN Intelligent Controllers (RICs), joint work with WG2, WG3 and STG, requires a robust security architecture.  x/rApps can be developed by an equipment vendor, a software vendor, a network operator, or an open source community. They leverage real-time data about the RAN to assess its health and performance using analytics, ML and AI techniques. They use the results of that analysis to augment the security and management capabilities of O-RAN. WG2, WG3 and the STG will specify app authenticity controls built on 3GPP frameworks, software isolation techniques, secure standardized interfaces, testing methodologies, and access controls to ensure that x/rApps cannot introduce vulnerabilities into the RAN.

The STG will require the O-RAN Software Community (OSC) to adopt industry best practices in the OSC development pipeline. The OSC is adopting the Linux Foundation Core Infrastructure Initiative (CII) Badging security framework that defines the expected application security controls, change management practices, and security vulnerability tests that lead to more secure use and development of open source code. The underlying O-RAN software platform will be secured by following industry benchmarks such as Center for Internet Security (CIS) benchmarks for OS, Docker, and Kubernetes. Finally, it is expected that O-RAN implementations will leverage and build upon the 3GPP catalogue of security assurance requirements.

The integration of a functional security testing framework – addressed by O-RAN’s Test and Integration Focus Group (TIFG) – with standard end-to-end testing will guarantee secure interoperability and overall system security, simplifying the evaluation of the security of a RAN deployment.

O-RAN security is evolving to adopt modern security best practices. The following table provides a partial view of the existing security controls and community’s progress.

‍

‍

In conclusion, security is taken seriously within the O-RAN ALLIANCE. Following the example set by organizations such as 3GPP and IETF, the ALLIANCE has assembled a committed group of security experts to develop an O-RAN security architecture that enables 5G providers to deploy and operate an Open RAN with the same level of confidence as a 3GPP defined RAN.