Toward enabling secure 5G networks with O-RAN

5G is being defined to support a wide range of services across many different verticals. An open RAN architecture is important to fully realizing the benefits of 5G and allowing the network to evolve to the new capabilities required to enable these services.

O-RAN Alliance has developed an open RAN architecture building on the RAN architecture defined in 3GPP to add more flexibility to network deployment by operators, and scale to new types of businesses and industries. By further disaggregating the RAN beyond the 3GPP functions, O-RAN defines an architecture intended to:

• Support different deployment scenarios by simplifying orchestration and allowing intelligence, processing, and analytics to be placed where it is needed
• Utilize resources in a more scalable and efficient manner with resource pooling, and leverage cloud native architectures to scale
• Deploy new services efficiently by allowing functions to evolve and be upgraded separately
  Reduce network costs by broadening the ecosystem for competition across more vendors and create interface specifications between network elements
• Security for the new architecture is critical as new and essential services move to 5G. As part of this work, Qualcomm Technologies has been actively contributing to O-RAN toward defining the security requirements and best practices.

Security analysis for O-RAN architectures
Fundamentally, system design requires an in-depth security analysis and appropriate security measures in place to prevent or mitigate potential attacks. With the introduction of each new entity to a system, a comprehensive threat analysis and corresponding security design is required to account for new potential attacks attempting to exploit the new interfaces and functionality. However, an increased attack surface does not mean the system is less secure. Rather, open interfaces are more transparent than black-box implementations, facilitating the alignment with security standards and best practices.

O-RAN security focus group (SFG) was formed to conduct a deep threat analysis on every single O-RAN software/hardware component and interface and evaluate the impacts of identified threats to place appropriate security measures thereby making O-RAN secure.

O-RAN Security Focus Group (SFG)
The O-RAN SFG is responsible for security guidelines that span across the entire O-RAN architecture. The security analysis and specifications are being developed in close coordination with all O-RAN Working Groups (WGs), as well as GSMA, regulators, and standards development organizations.

The O-RAN SFG risk analysis and evaluation process is based on the standard methods (ISO 27005) and has included collaboration by domain security experts from operators, vendors, and regulators.

The O-RAN SFG has released four specifications defining the requirements, architectures, and protocols for security and privacy in O-RAN systems in support of the open interfaces defined by other O-RAN WGs. These specification documents include:

• O-RAN Security Threat Modeling and Remediation Analysis 2.01
• O-RAN Security Requirements Specifications v2.0
• O-RAN Security Protocols Specifications v3.0
• O-RAN Security Tests Specifications v1.0

Threat analysis and secure design is not a one-time process. Threats are continuously updated and re-evaluated, with the corresponding specifications updated as needed. As such, these documents are expected to continue to evolve over time, with the latest versions released in November 2021.

O-RAN architecture security benefits
The disaggregated RAN architecture defined in O-RAN brings many benefits from a security perspective. For example, disaggregation improves security agility, adaptability, and resiliency.

In addition, the transparency and openness of O-RAN paves the way to a more secure cellular system than those with proprietary implementations of a disaggregated or conventional monolithic RAN, which to some extent rely on “security through obscurity.”

The transparency provided by O-RAN, among other properties, will strengthen the cellular system security in various aspects including:

• Interface security: new interfaces introduced for RAN disaggregation are protected by standards-defined security mechanisms.
• Software security: alignment with security best practices such as the OpenSSF Best Practices Badge Program (formerly part of Core Infrastructure Initiative (CII)), which allows self-certification encompassing code testing, verification, and signing to produce high-quality secure software. Additionally, software supply-chain security and lifecycle management issues are addressed by including a Software Bill of Material (SBOM) requirements for O-RAN software components (e.g., based on DoC/NTIA).
• 
• Zero-trust model: adoption of the zero-trust principle whereby all users/entities are authenticated, authorized, and continuously validated to be granted or keep access to resources such as services and data implements the least privilege principle in O-RAN security architecture to reduce potential risks caused by misconfiguration and/or inside attacks in advance.
  Besides O-RAN transparency, O-RAN’s disaggregated architecture enhances the availability of the system when under attack as functional disaggregation can confine the effects of a compromised function/service or security breach, thereby minimizing collateral damages. In addition, system downtime due to system failure or attacks can be greatly reduced by leveraging the advantages of a cloud-native platform such as service replication, migration, and relocation.

Toward secure 5G RAN networks
With the wide range of 5G applications and verticals, security plays an even more critical role in future infrastructure. The O-RAN Alliance defines an open 5G network architecture to support various deployments with a rich set of security specifications. At Qualcomm Technologies, we contribute toward the development of these specifications, and leverage experience from having our technologies in billions of mobile devices to develop new platforms that support these security features. Our combination of secure hardware and software features provide a platform for secure RAN development and our Product Security team also allows us to track and respond swiftly as security issues arise.

CT Bureau