Attacking O-RAN Interfaces: Threat Modeling, Analysis and Practical Experimentation

IF 6.3 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC

IEEE Open Journal of the Communications Society Pub Date : 2024-07-22 DOI:10.1109/OJCOMS.2024.3431681

Pau Baguer;Girma M. Yilma;Esteban Municio;Gines Garcia-Aviles;Andres Garcia-Saavedra;Marco Liebsch;Xavier Costa-Pérez

{"title":"Attacking O-RAN Interfaces: Threat Modeling, Analysis and Practical Experimentation","authors":"Pau Baguer;Girma M. Yilma;Esteban Municio;Gines Garcia-Aviles;Andres Garcia-Saavedra;Marco Liebsch;Xavier Costa-Pérez","doi":"10.1109/OJCOMS.2024.3431681","DOIUrl":null,"url":null,"abstract":"A new generation of open and disaggregated Radio Access Networks (RANs) enabling multi-vendor, flexible, and cost-effective deployments is being promoted by the Open Radio Access Network (O-RAN) Alliance. However, this new level of disaggregation in the RAN also entails new security risks that must be carefully addressed. The O-RAN Alliance has established Working Group 11 (WG11) to ensure that the new specifications are secure by design. Acknowledging the new security challenges arising from the expanded threat surface, O-RAN WG11 provides procedures to identify threats and assess and mitigate risks. Reportedly, as of 2024, 60% of found risks are related to Denial of Service (DoS) and performance degradation. Therefore, in this work, we analyse a vanilla O-RAN deployment and evaluate the endurance of different O-RAN interfaces under attacks in scenarios involving DoS and performance degradation. To do so, we use a reference O-RAN open source deployment to report, risks found, weak points, and counter-intuitive recommended design choices for both control plane (A1, E2, and F1-c) and user plane (F1-u) interfaces. Consequently, we map O-RAN WG11’s threat model and risk assessment methodology to our considered DoS and performance degradation scenarios, and dissect existing threats and potential attacks over O-RAN interfaces that may compromise the security of O-RAN architectural deployments. Finally, we identify mechanisms to mitigate risks and discuss approaches aimed at improving the robustness of future O-RAN networks.","PeriodicalId":33803,"journal":{"name":"IEEE Open Journal of the Communications Society","volume":null,"pages":null},"PeriodicalIF":6.3000,"publicationDate":"2024-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10606000","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Open Journal of the Communications Society","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10606000/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

A new generation of open and disaggregated Radio Access Networks (RANs) enabling multi-vendor, flexible, and cost-effective deployments is being promoted by the Open Radio Access Network (O-RAN) Alliance. However, this new level of disaggregation in the RAN also entails new security risks that must be carefully addressed. The O-RAN Alliance has established Working Group 11 (WG11) to ensure that the new specifications are secure by design. Acknowledging the new security challenges arising from the expanded threat surface, O-RAN WG11 provides procedures to identify threats and assess and mitigate risks. Reportedly, as of 2024, 60% of found risks are related to Denial of Service (DoS) and performance degradation. Therefore, in this work, we analyse a vanilla O-RAN deployment and evaluate the endurance of different O-RAN interfaces under attacks in scenarios involving DoS and performance degradation. To do so, we use a reference O-RAN open source deployment to report, risks found, weak points, and counter-intuitive recommended design choices for both control plane (A1, E2, and F1-c) and user plane (F1-u) interfaces. Consequently, we map O-RAN WG11’s threat model and risk assessment methodology to our considered DoS and performance degradation scenarios, and dissect existing threats and potential attacks over O-RAN interfaces that may compromise the security of O-RAN architectural deployments. Finally, we identify mechanisms to mitigate risks and discuss approaches aimed at improving the robustness of future O-RAN networks.

查看原文本刊更多论文

攻击 O-RAN 接口：威胁建模、分析和实际实验

开放无线接入网（O-RAN）联盟正在推动新一代开放和分解的无线接入网（RAN），以实现多厂商、灵活和经济高效的部署。然而，RAN 这种新的分解方式也带来了新的安全风险，必须认真应对。O-RAN 联盟成立了第 11 工作组 (WG11)，以确保新规范在设计上的安全性。O-RAN WG11 认识到威胁面扩大带来的新安全挑战，提供了识别威胁、评估和降低风险的程序。据报道，截至 2024 年，60% 的已发现风险与拒绝服务（DoS）和性能下降有关。因此，在这项工作中，我们分析了一个虚构的 O-RAN 部署，并评估了不同 O-RAN 接口在涉及 DoS 和性能下降的攻击情况下的耐用性。为此，我们使用参考 O-RAN 开源部署来报告发现的风险、薄弱点，以及针对控制平面（A1、E2 和 F1-c）和用户平面（F1-u）接口的反直觉建议设计选择。因此，我们将 O-RAN WG11 的威胁模型和风险评估方法映射到我们考虑的 DoS 和性能降低场景中，并剖析了 O-RAN 接口上可能危及 O-RAN 架构部署安全性的现有威胁和潜在攻击。最后，我们确定了降低风险的机制，并讨论了旨在提高未来 O-RAN 网络稳健性的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Open Journal of the Communications Society Multiple-

CiteScore

13.70

自引率

3.80%

发文量

审稿时长

10 weeks

期刊介绍： The IEEE Open Journal of the Communications Society (OJ-COMS) is an open access, all-electronic journal that publishes original high-quality manuscripts on advances in the state of the art of telecommunications systems and networks. The papers in IEEE OJ-COMS are included in Scopus. Submissions reporting new theoretical findings (including novel methods, concepts, and studies) and practical contributions (including experiments and development of prototypes) are welcome. Additionally, survey and tutorial articles are considered. The IEEE OJCOMS received its debut impact factor of 7.9 according to the Journal Citation Reports (JCR) 2023. The IEEE Open Journal of the Communications Society covers science, technology, applications and standards for information organization, collection and transfer using electronic, optical and wireless channels and networks. Some specific areas covered include: Systems and network architecture, control and management Protocols, software, and middleware Quality of service, reliability, and security Modulation, detection, coding, and signaling Switching and routing Mobile and portable communications Terminals and other end-user devices Networks for content distribution and distributed computing Communications-based distributed resources control.

文献相关原料

公司名称	产品信息	采购帮参考价格