Join the Open RAN Summit @Taipei, 17-18 June 2024

The O-RAN ALLIANCE Security Work Group Continues Defining O-RAN Security Solutions

The O-RAN ALLIANCE Security Work Group, or WG11, continues developing O-RAN specifications that enable mobile network operators to operate an open RAN that meets and exceeds industry expectations for an open, interoperable, and secure system. 2022 saw the promotion of the Security Focus Group (SFG) to a Work Group, further emphasizing the O-RAN ALLIANCE’s focus on security by design.

WG11 provides public updates, through announcements, on the O-RAN security specification process. The first, dated Oct 24, 2020, introduced WG11 activities and its roadmap. The Dec 29, 2021 announcement described the focus areas, potential security controls and target timelines to complete security specifications. This third announcement highlights the new security features, requirements, and security roadmap for the next 12 months.

Figure 1 shows the O-RAN architecture, which is the scope of O-RAN security, including the O-RAN defined interfaces (A1, O1, O2, E1 and Open Fronthaul), and the O-RAN components (Service Management and Orchestration (SMO), Non-Real Time RIC, Near-Real Time RIC, O-CU-CP, O-CU-UP, O-DU, O-RU, O-Cloud and O-eNB).

Figure 1 O-RAN Architecture

WG11’s work is captured in four security specifications that form the pillars of O-RAN security. The July 2022 WG11 updates to the specifications are publicly accessible on the O-RAN ALLIANCE web site.

  • O-RAN Security Threat Modeling and Remediation Analysis 4.0 – a risk-based threat modeling and remediation analysis used for managing risks and for building an effective O-RAN security architecture.
  • O-RAN Security Requirements Specifications 4.0 – security requirements for each O-RAN interface and component. Requirements address confidentiality, integrity, and availability protection by considering key controls such as authentication, authorization, replay protection, least privilege access control, and zero-trust.
  • O-RAN Security Protocols Specifications 4.0 – defines implementation requirements for security protocols used by O-RAN including SSH, IPSec, DTLS, TLS 1.2, and TLS 1.3.
  • O-RAN Security Tests Specifications 3.0 – documents the security tests that validate O-RAN implementations of security functions, configurations and security protocols requirements and is the first step toward verifiability of O-RAN security requirements.

This post outlines the mandatory and optional controls on interfaces, the universal requirements on all components, and the areas of active study.

Interface Security Controls

Table 1 is a snapshot of the mandatory interface security controls enforcing authenticity, confidentiality, integrity, authorization, data origination, and replay prevention. Details can be found in O-RAN Security Requirements Specifications 4.0, O-RAN Security Protocols Specifications 4.0, and O-RAN Management Plane Specification 9.0.

Table 1 Mandatory O-RAN interface security controls

Authorization for the E2 interface is being developed in collaboration with the Near-Real Time RIC and E2 interface work group. PDCP requirements are specified by the 3GPP in TS 33.501.  

Table 2 lists the optional security controls on the open fronthaul interfaces with details in O-RAN Security Requirements Specifications 4.0. WG11 is currently working with other O-RAN work groups to mandate support of IEEE 802.1X.

Table 2 Optional Open Fronthaul interface security controls

Universal Requirement

Universal requirements apply to all O-RAN elements and in some cases will make certain aspects O-RAN more secure than traditional RAN deployments. Table 3 lists the mandatory O-RAN requirements for each category of universal requirements with details in O-RAN Security Requirements Specifications 4.0.

Table 3 Mandatory O-RAN security requirements

Requirements under Development

The O-RAN ALLIANCE web site also has WG11 studies on the Near Real Time RIC and xApps, the Non-RT-RIC, and the O-Cloud that are driving the development of security standards in these areas. Table 4 provides a quick reference of the new security work underway and how it will improve O-RAN security.

Table 4 Active Specification Activities  

Security Testing

Built on the foundation of the O-RAN Security Tests Specifications 2.0, O-RAN Security Test Specification 3.0 provides test specifications for common network security test, e.g., network protocol fuzzing guideline; software composition analysis, e.g., Software Bill of Materials (SBOM) verification; Open Fronthaul Point-to-Point LAN Segment security verification based on 802.1x port-based network access control; and O1 interface Network Configuration Access Control (NACM) verification. Vendors and operators can use these tests to assess the security of their products and deployments. New security tests are added to the specification as new security requirements are developed.


The O-RAN ALLIANCE will continue to work towards the vision of a fully open and intelligent RAN through the definition of innovative use cases and a secure network architecture that can be deployed commercially with interoperable, verified multi-vendor solutions.