Litcius/Paper detail

Security Threats to xApps Access Control and E2 Interface in O-RAN

Cheng-Feng Hung, You-Run Chen, Chi-heng Tseng, Shin‐Ming Cheng

2024IEEE Open Journal of the Communications Society33 citationsDOIOpen Access PDF

Abstract

Open Radio Access Networks (O-RANs) represent a novel wireless access network architecture that decomposes traditional RAN functions and makes them openly accessible. O-RANs enable real-time coordination, RAN performance optimization, and management through RAN Intelligent Controllers (RICs) and their related xApps. Due to the openness of O-RAN, developers have the flexibility to download various pre-developed xApps from the internet for deployment. They can even develop their xApps to enhance the flexibility and innovation of the RAN. The current O-RAN official WG11 has defined numerous specifications for secure implementations. However, not only is accurately detecting malicious xApps a significant challenge, but the existing H-Release also does not fully adhere to the specifications in its implementation. This could potentially introduce security risks and threats. In this paper, we implement an experimental O-RAN H-Release environment and discover significant threats from the absence of specified access control permissions for xApps. Malicious attackers can illegally access APIs to utilize other services or launch attacks on legitimate xApps and E2 nodes through the E2 interface, potentially causing a complete RAN disruption. We used the identified vulnerabilities to design three attacks, providing detailed explanations and a comprehensive analysis of their impact on the system. Finally, we also submit the discovered threats to CVEs (CVE-2023-42358 and CVE-2023-41628), providing a reference for O-RAN officials to improve security in the future.

Topics & Concepts

RanFlexibility (engineering)Computer scienceInterface (matter)Computer securitySoftware deploymentAccess controlRadio access networkDownloadThe InternetComputer networkWorld Wide WebOperating systemBase stationMobile stationStatisticsMathematicsMaximum bubble pressure methodBubbleSoftware-Defined Networks and 5GNetwork Security and Intrusion DetectionInternet Traffic Analysis and Secure E-voting
Security Threats to xApps Access Control and E2 Interface in O-RAN | Litcius