Length: 2 Days
Print Friendly, PDF & Email

Open RAN Security Fundamentals | O-RAN Security Training

Open Ran security is a hot topic.

The cloud introduces security advantages for 5G Open RAN (radio access networks) deployments, but it also expands the attack surface.

Needless to say, the communications industry, the vendor community, and government agencies are paying attention to Open RAN security.

When attacks happen, they typically start with compromised credentials, vulnerable web servers, or compromised software. Once a network is breached, the hacker will move to escaping the container into the Kubernetes cluster and then moving from there to discover more services.

Most analysts agree that Open RAN is an exciting concept, one that opens up several doors to innovation, improved network performance, and a more diverse and competitive cyber ecosystem.

Proponents of open-RAN tout its potential to help telcos avoid vendor lock-in and allow an operator or system integrator to assemble “best of breed” network components from a multi-vendor ecosystem. For open-RAN sceptics, including some network equipment vendors (NEPs), the downsides are clear: using open-source code without established safeguards and standardization practices may expose the network to security vulnerabilities.

Currently, many feel the best Open Ran security protection is Service Management & Orchestrator (SMO), the component that oversees all the orchestration aspects, management and automation of RAN elements.

Open RAN Security Fundamentals | O-RAN Security Training by Tonex

Open RAN Security Fundamentals, O-RAN Security Training is a 2-day course that provides a solid introduction to Radio Access Network (RAN), Open RAN 101, O-RAN architecture, virtualization, O-RAN security features, O-RAN vulnerabilities and operation and deployment security options.

Open RAN Security Fundamentals covers the security of disaggregated and open RAN architectures: all aspects of interoperability of open hardware, software, and interfaces for cellular wireless networks.

Security principles of Open RAN implementation are discussed: disaggregation of software from hardware which allows Radio Access Network (RAN) software to run on any common hardware platform such as those based on Intel x86 and ARM architectures. Security features of  Application Specific Integrated Circuits (ASICs) and Digital Signal Processors (DSPs) are covered. ASICs, DSPs and FPGA provide the nodal specifications and open, interoperable modules.

Learn security considerations for several key technical aspects of Open RAN (O-RAN):

  • Multi-vendor management
  • Open Fronthaul connecting radios to base station equipment
  • RAN application framework comprising rApps and xApps
  • Artificial Intelligence/Machine Learning (AI/ML) for RAN optimization
  • Other general network considerations including open-source software, virtualization, and a cloud based 5G core network.

Learning Objectives

After completing this course, the participants will be able to:

  • Learn about the fundamental concepts of Open RAN (O-RAN) systems
  • Sketch the O-RAN network architecture and O-RAN components
  • Discuss security architecture and procedures for O-RAN
  • Explain O-RAN security issues, attacks and mitigation
  • Learn about O-RAN pentesting and ethical hacking method using GNU Radio, hackRF one, PortoPack HackrRF One and other mechanisms (Demos and Hands-on activities)
  • How to implement security on O-RAN
  • Overview of O-RAN confidentiality, integrity, authentication, intrusion detection and prevention
  • List  O-RAN attack vectors and security key hierarchy

Course Modules

Introduction to Open RAN (O-RAN)

  • O-RAN Alliance Network Architecture
  • CP (Control Plane)
  • O-CU (Open CU)
  • O-DU (Open DU)
  • O-RU (O-RAN Radio, Open RAN Remote Unit)
  • M-Plane (Open Fronthaul Management Plane)
  • UP ( User Plane)
  • O-RAN Alliance rApps and xApps
  • RAN Intelligent Controller (RIC)
  • Open Source software benefits and software risks
  • Legacy System vs. O-RAN Security
  • O-RAN Risk Management Tasks

O-RAN Security Considerations

  • O-RAN Security Threat Modeling and Remediation Analysis
  • Threat Models
  • Threat Surfaces
  • Threat Agents
  • Potential Vulnerabilities

Threats against O-RAN system

  • Threats against O-CLOUD
  • Threats to open-source code
  • Physical Threats
  • Threats against 5G radio networks
  • Threats against ML system
  • Protocol Stack Threats
  • Coverage matrix of threats
  • Network Functions and Applications
  • Service Management and Orchestration (SMO)
  • Non-RT RIC and rApps
  • Near-RT RIC and xApps
  • Cloud computing platform
  • O-Cloud comprising a collection of physical infrastructure nodes that meet O-RAN requirements to  host the relevant O-RAN functions (such as Near-RT RIC, O-CU-CP, O-CU-UP, and O-DU), the  supporting software components (such as Operating System, Virtual Machine Monitor, Container  Runtime, etc.) and the appropriate management and orchestration functions
  • O-RAN Security Requirements Specifications
  • O-RAN Security Protocols Specifications
  • O-RAN Security Tests Specifications

Security Issues with Multi-Vendor Management

  • Issues with Supply-Chain Security
  • Software and Hardware Components
  • Component Lifecycle
  • Open Fronthaul Security
  • Open Fronthaul Security Objectives
  • Confidentiality and integrity of mobile subscriber data
  • Open Fronthaul to transport 5G air interface messages
  • Authenticity for Open Fronthaul
  • rApps / xApps Security Considerations
  • Open Source Software (OSS) Security
  • Virtualization and Cloudification Security
  • Distributed Denial-of-Service (DDoS)
  • Applications of AI and ML in O-RAN Security
  • Published Attacks on AI/ML in RAN
  • Cloud Shared Responsibility Matrix
  •  Virtualization, Cloud and DDoS References
  • Cloud Shared Responsibility Matrix

Analysis of Multi-vendor Security Roles and Responsibilities

  • Mobile Network Operator (MNO)
  • HW/ Network vendor
  • HW/ Network administrator
  • NF vendor
  • NF administrator
  • Virtualization/Containerization hardware infrastructure provider
  • Virtualization/Containerization hardware infrastructure administrator
  • Virtualization/Containerization software infrastructure provider
  • Virtualization/Containerization software infrastructure administrator
  • System tester

Analysis of O-RAN Security Principles

  • SP-AUTH Mutual Authentication
  • SP-ACC Access Control
  • SP-CRYPTO Secure cryptographic, key management and PKI
  • SP-TCOMM Trusted Communication
  • SP-SS Secure storage
  • SP-SB Secure boot and self-configuration
  • SP-UPDT Secure Update
  • SP-RECO Recoverability & Backup
  • SP-OPNS Security management of risks in open-source components
  • SP-ASSU Security Assurance
  • SP-PRV Privacy
  • SP-SLC Continuous security development, testing, logging, monitoring and vulnerability handling
  • SP-ISO Robust Isolation
  • SP-PHY Physical security
  • SP-CLD Secure cloud computing and virtualization
  • SP-ROB Robustness

O-CLOUD Architecture Security

  • The SMO components managing and orchestrating the O-Cloud software
  • Federated O-Cloud Orchestration and Management (FOCOM)
  • Network Function Orchestrator (NFO)
  • Infrastructure Management Services (IMS)

Analysis of Attack Surfaces

  • AAL (Accelerator Abstraction Layer)
  • CNF (Containerized Network Function)
  • IMS (O-Cloud Infrastructure Management Services)
  • RIC (RAN Intelligent Controller)
  • SMO (Service Management and Orchestration)
  • VNF (Virtualized Network Function)
  • VNFs/CNFs: O-DU, O-CU, O-RU, Near RT-RIC/xApps
  • Images repository with its interface to O-Cloud
  • Virtualization layer: Hypervisor and/or Container Engine, Host OS
  • Hardware resources including compute, storage, network, and hardware accelerator manager
  • O-Cloud API
  • O2dms and O2ims interfaces
  • NFO and Federated O-Cloud O&M (FOCOM) within the SMO

Analysis of O-RAN AI/ML Use Cases

  • Traffic Steering
  • QoE and QoS Optimization
  • Massive MIMO Optimization
  • RAN Slice SLA Assurance
  • Context Based Dynamic Handover Management for V2X
  • Flight Path Based Dynamic Unmanned Aerial Vehicle (UAV) Resource Allocation

Workshop 1: Analysis of O-RAN Security Vulnerabilities 

  • Security vulnerabilities exploited through attacks against Confidentiality, Integrity, and Availability:
  • O-RAN specific vulnerabilities
  • Unauthorized access to O-DU, O-CU-CP, O-CU-UP and RU to degrade RAN performance or execute broader network attack (Availability)
  • Unprotected synchronization and control plane traffic on Open Fronthaul Interface (Integrity and Availability)
  • Disable over-the-air ciphers for eavesdropping (Confidentiality)
  • Near-RT RIC conflicts with O-gNB (Availability)
  • x/rApps conflicts (Availability)
  • x/rApps access to network and subscriber data (Confidentiality)
  • Unprotected management interface (Confidentiality, Integrity, Availability)
  • CP UL or DL messages can be injected for attack on UP (Availability)

Workshop 2: Overview of Security protocols specifications for O-RAN compliant implementation

  • SSH (Secure Shell)
  • TLS (Transport Layer Security)
  • Support NETCONF (Network Configuration Protocol) over secure Transport
  • DTLS (Datagram Transport Layer Security)
  • IPsec

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.