Security Threat Analysis and Treatment Strategy for ORAN
Chih-Ting Shen, Yue Xiao, Yi‐Wei Ma, J.L. Chen, Cheng-Mou Chiang, S.J. Chen, Y. C. Pan
Abstract
Owing to the rapid development of networks and their gradual evolution from a closed architecture to an open architecture, the open radio access network (O-RAN) has been developed and offers new possibilities. However, because the ORAN contains many new open interfaces, new information security issues may emerge. In this study, information security is discussed and a case analysis is performed based on vulnerability, exposed assets, threat models, security strategies, and test case modules. Missing authentication and authorization vulnerabilities are emphasized in this study. Affected assets such as O-RAN’s Service Management and Orchestration(SMO), Near-RT RIC, and the O1 interface are discussed, and the threat model and security solution strategy are analyzed. Test cases are implemented to verify the effectiveness of the solution strategy. It is envisioned that the case analysis and development of missing authentication and authorization performed in this study will aid future mobile communication operators in addressing information security issues.