Developing xApps for Rogue Base Station Detection in SDR-Enabled O-RAN

Abstract

In order to support the diverse requirements of 5G communications, a multitude of RAN components are required. To enable multiple vendor support for 5G, each of whom can independently choose components, Open-RAN (O-RAN) defined a set of standards to which the components must adhere. In addition, O-RAN defines the management elements used to manage each component to secure the 5G networks. While the proposed architecture can manage both 4G and 5G environments, including 5G NSA (Non-Standalone), it inherently suffers from the same vulnerabilities found in 4G LTE. Consequently, an attacker can use unprotected signaling and a low-cost Software Defined Radio (SDR) to launch rogue base station (RBS) attacks on the user equipment (UE), even in O-RAN architectures. In this paper, we consider the stability of signals collected from high-quality operational BSs versus cheap RBSs. Using signal stability features, we develop a machine learning (ML) based RBS detector located on the UE. With the aid of an O-RAN xAPP, ML models can be retrained using the data collected from multiple UEs, and the updated model can be delivered to UEs to enable higher detection accuracy. We conduct extensive experiments by implementing an RBS using a USRP B210, enabling O-RAN using E- Release, and data collected from operational BSs. Moreover, the detector is implemented as an Android APP, which realizes the connection to the O-RAN xAPP. The experimental results show that our detector can achieve more than 99% accuracy, precision “recall” and F1 score.