Litcius/Paper detail

Attacking O-RAN Interfaces: Threat Modeling, Analysis and Practical Experimentation

Pau Baguer, Girma M. Yilma, Esteban Municio, Ginés García-Avilés, Andrés García‐Saavedra, Marco Liebsch, Xavier Costa‐Pérez

2024IEEE Open Journal of the Communications Society20 citationsDOIOpen Access PDF

Abstract

A new generation of open and disaggregated Radio Access Networks (RANs) enabling multi-vendor, flexible, and cost-effective deployments is being promoted by the Open Radio Access Network (O-RAN) Alliance. However, this new level of disaggregation in the RAN also entails new security risks that must be carefully addressed. The O-RAN Alliance has established Working Group 11 (WG11) to ensure that the new specifications are secure by design. Acknowledging the new security challenges arising from the expanded threat surface, O-RAN WG11 provides procedures to identify threats and assess and mitigate risks. Reportedly, as of 2024, 60% of found risks are related to Denial of Service (DoS) and performance degradation. Therefore, in this work, we analyse a vanilla O-RAN deployment and evaluate the endurance of different O-RAN interfaces under attacks in scenarios involving DoS and performance degradation. To do so, we use a reference O-RAN open source deployment to report, risks found, weak points, and counter-intuitive recommended design choices for both control plane (A1, E2, and F1-c) and user plane (F1-u) interfaces. Consequently, we map O-RAN WG11’s threat model and risk assessment methodology to our considered DoS and performance degradation scenarios, and dissect existing threats and potential attacks over O-RAN interfaces that may compromise the security of O-RAN architectural deployments. Finally, we identify mechanisms to mitigate risks and discuss approaches aimed at improving the robustness of future O-RAN networks.

Topics & Concepts

RanSoftware deploymentComputer scienceDenial-of-service attackComputer securityRobustness (evolution)C-RANRadio access networkThreat modelSpoofing attackCellular networkBase stationComputer networkWorld Wide WebBiochemistryMobile stationGeneOperating systemChemistryThe InternetSoftware-Defined Networks and 5GNetwork Security and Intrusion DetectionInternet Traffic Analysis and Secure E-voting
Attacking O-RAN Interfaces: Threat Modeling, Analysis and Practical Experimentation | Litcius