Attacking O-RAN Interfaces: Threat Modeling, Analysis and Practical Experimentation

Attacking O-RAN Interfaces: Threat Modeling, Analysis and Practical Experimentation

A new generation of open and disaggregated Radio Access Networks (RANs) enabling multi-vendor, flexible, and cost-effective deployments is being promoted by the Open Radio Access Network (O-RAN) Alliance. However, this new level of disaggregation in the RAN also entails new security risks that must...

Full description

Saved in:
Bibliographic Details
Published in:IEEE open journal of the Communications Society Vol. 5; pp. 4559 - 4577
Main Authors: Baguer, Pau, Yilma, Girma M., Municio, Esteban, Garcia-Aviles, Gines, Garcia-Saavedra, Andres, Liebsch, Marco, Costa-Perez, Xavier
Format: Journal Article
Language:English
Published: IEEE 2024
Subjects:
3GPP
Cloud computing
Degradation
denial-of-service attacks
O-RAN
Open RAN
Protocols
Security
Threat modeling
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A new generation of open and disaggregated Radio Access Networks (RANs) enabling multi-vendor, flexible, and cost-effective deployments is being promoted by the Open Radio Access Network (O-RAN) Alliance. However, this new level of disaggregation in the RAN also entails new security risks that must be carefully addressed. The O-RAN Alliance has established Working Group 11 (WG11) to ensure that the new specifications are secure by design. Acknowledging the new security challenges arising from the expanded threat surface, O-RAN WG11 provides procedures to identify threats and assess and mitigate risks. Reportedly, as of 2024, 60% of found risks are related to Denial of Service (DoS) and performance degradation. Therefore, in this work, we analyse a vanilla O-RAN deployment and evaluate the endurance of different O-RAN interfaces under attacks in scenarios involving DoS and performance degradation. To do so, we use a reference O-RAN open source deployment to report, risks found, weak points, and counter-intuitive recommended design choices for both control plane (A1, E2, and F1-c) and user plane (F1-u) interfaces. Consequently, we map O-RAN WG11's threat model and risk assessment methodology to our considered DoS and performance degradation scenarios, and dissect existing threats and potential attacks over O-RAN interfaces that may compromise the security of O-RAN architectural deployments. Finally, we identify mechanisms to mitigate risks and discuss approaches aimed at improving the robustness of future O-RAN networks.
ISSN:2644-125X
2644-125X
DOI:10.1109/OJCOMS.2024.3431681