This research report from the O-RAN Next Generation Research Group (nGRG) addresses the inherent data privacy challenges of the disaggregated O-RAN architecture, where sensitive non-personal data, such as network metrics and device performance, is shared across multi-vendor assets and third-party applications. The report highlights that the integration of AI/ML models in environments like the Non-RT and Near-RT RIC platforms creates significant risks, such as data leakage and vulnerabilities when data crosses trust boundaries via interfaces such as E2, Y1, and A1. To mitigate these risks, the authors advocate for a risk-based approach incorporating "Privacy by Design" principles, emphasizing that technical solutions must be complemented by robust legal assessments and contractual agreements to ensure compliance with global data protection regulations.
To address these concerns, the report evaluates five key privacy-preserving techniques: homomorphic encryption, federated learning, differential privacy, secure multi-party computation, and unified data representation for anonymization. These methods are analyzed for their impact on AI/ML model performance, computational overhead, and their ability to facilitate secure, collaborative data processing in multi-tenant environments. Looking forward, the report proposes the development of a generic O-RAN privacy service to act as a centralized framework, abstracting the complexities of these techniques and allowing network operators to dynamically deploy appropriate privacy measures based on specific use cases and performance requirements.
