Open RAN第二层保护扩展应用的集成：一种基于设计的安全方法

IF 4 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-06-20 DOI:10.1016/j.compeleceng.2025.110479

Jihye Kim, Jaehyoung Park, Jong-Hyouk Lee

{"title":"Open RAN第二层保护扩展应用的集成：一种基于设计的安全方法","authors":"Jihye Kim, Jaehyoung Park, Jong-Hyouk Lee","doi":"10.1016/j.compeleceng.2025.110479","DOIUrl":null,"url":null,"abstract":"<div><div>The Open Radio Access Network (Open RAN) paradigm is progressively evolving to deliver open, intelligent, and innovative solutions for next-generation networks, particularly in 5G-Advanced and 6G. Spearheading this effort, the O-RAN Alliance has established a comprehensive framework for Open RAN and continues to lead standardization efforts in this domain. However, an analysis of the O-RAN security standard specifications reveals a primary focus on layer 3 and above, with an emphasis on IPsec protocols, leaving layer 2 security inadequately addressed. This gap exposes the E2 interface – a critical component enabling the openness and intelligence of Open RAN – to potential Man-in-the-Middle attacks at the layer 2. To mitigate this vulnerability, we propose a novel E2 protection xApp designed to enhance the security of the E2 interface. The proposed xApp detects and prevents layer 2 attacks, such as Address Resolution Protocol spoofing, ensuring robust protection for Open RAN environments. Experimental evaluations demonstrate that the proposed solution significantly improves network resilience, outperforming existing methods in mitigating layer 2 security vulnerability.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"126 ","pages":"Article 110479"},"PeriodicalIF":4.0000,"publicationDate":"2025-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Integration of the layer 2 protection extended application for Open RAN: A security by design approach\",\"authors\":\"Jihye Kim, Jaehyoung Park, Jong-Hyouk Lee\",\"doi\":\"10.1016/j.compeleceng.2025.110479\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The Open Radio Access Network (Open RAN) paradigm is progressively evolving to deliver open, intelligent, and innovative solutions for next-generation networks, particularly in 5G-Advanced and 6G. Spearheading this effort, the O-RAN Alliance has established a comprehensive framework for Open RAN and continues to lead standardization efforts in this domain. However, an analysis of the O-RAN security standard specifications reveals a primary focus on layer 3 and above, with an emphasis on IPsec protocols, leaving layer 2 security inadequately addressed. This gap exposes the E2 interface – a critical component enabling the openness and intelligence of Open RAN – to potential Man-in-the-Middle attacks at the layer 2. To mitigate this vulnerability, we propose a novel E2 protection xApp designed to enhance the security of the E2 interface. The proposed xApp detects and prevents layer 2 attacks, such as Address Resolution Protocol spoofing, ensuring robust protection for Open RAN environments. Experimental evaluations demonstrate that the proposed solution significantly improves network resilience, outperforming existing methods in mitigating layer 2 security vulnerability.</div></div>\",\"PeriodicalId\":50630,\"journal\":{\"name\":\"Computers & Electrical Engineering\",\"volume\":\"126 \",\"pages\":\"Article 110479\"},\"PeriodicalIF\":4.0000,\"publicationDate\":\"2025-06-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Electrical Engineering\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0045790625004227\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625004227","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

开放无线接入网（Open RAN）模式正在逐步发展，为下一代网络，特别是5G-Advanced和6G网络提供开放、智能和创新的解决方案。作为这项工作的先锋，O-RAN联盟已经为Open RAN建立了一个全面的框架，并继续领导该领域的标准化工作。然而，对O-RAN安全标准规范的分析表明，主要关注第3层及以上，重点是IPsec协议，没有充分解决第2层的安全问题。这一漏洞暴露了E2接口（实现Open RAN的开放性和智能性的关键组件）在第2层受到潜在的中间人攻击。为了减轻这个漏洞，我们提出了一个新的E2保护xApp，旨在增强E2接口的安全性。提出的xApp检测和防止第2层攻击，如地址解析协议欺骗，确保对开放RAN环境的强大保护。实验评估表明，该解决方案显著提高了网络弹性，在缓解第二层安全漏洞方面优于现有方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Integration of the layer 2 protection extended application for Open RAN: A security by design approach

The Open Radio Access Network (Open RAN) paradigm is progressively evolving to deliver open, intelligent, and innovative solutions for next-generation networks, particularly in 5G-Advanced and 6G. Spearheading this effort, the O-RAN Alliance has established a comprehensive framework for Open RAN and continues to lead standardization efforts in this domain. However, an analysis of the O-RAN security standard specifications reveals a primary focus on layer 3 and above, with an emphasis on IPsec protocols, leaving layer 2 security inadequately addressed. This gap exposes the E2 interface – a critical component enabling the openness and intelligence of Open RAN – to potential Man-in-the-Middle attacks at the layer 2. To mitigate this vulnerability, we propose a novel E2 protection xApp designed to enhance the security of the E2 interface. The proposed xApp detects and prevents layer 2 attacks, such as Address Resolution Protocol spoofing, ensuring robust protection for Open RAN environments. Experimental evaluations demonstrate that the proposed solution significantly improves network resilience, outperforming existing methods in mitigating layer 2 security vulnerability.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.