Joshua Groen PhD Proposal Review

Name:
Joshua Groen

Title:
Optimizing and Securing Open RAN with Experimental System Validation

Date:
8/5/2024

Time:
2:00:00 PM

Location:
ISEC232;

Committee Members:
Prof. Kaushik Chowdhury (Advisor)
Prof. Stratis Ioannidis
Prof Engin Kirda
Dr. Christopher Morrell

Abstract:
5G and beyond cellular networks promise remarkable advancements in bandwidth, latency, and connectivity, with the emergence of Open Radio Access Network (Open RAN) representing a pivotal direction. O-RAN inherently supports machine learning (ML) for network operation control, with RAN Intelligence Controllers (RICs) utilizing ML models developed by third-party vendors based on key performance indicators (KPIs) from geographically dispersed base stations or user equipment (UE). Realistic and robust datasets are crucial for developing these ML models. We collect a comprehensive 5G dataset using real-world cell phones across diverse scenarios and replicate this traffic within a full-stack srsRAN-based O-RAN framework on Colosseum, the world’s largest radio frequency (RF) emulator. This process produces a robust, O-RAN compliant KPI dataset reflecting real-world conditions, enabling the training of ML models for traffic slice classification with high accuracy.

The O-RAN paradigm introduces cloud-based, multi-vendor, open, and intelligent architectures, enhancing network observability and reconfigurability. However, this also expands the threat surface, exposing components and ML infrastructure to cyberattacks. We examine O-RAN security, focusing on specifications, architectures, and intelligence proposed by the O-RAN Alliance. We identify threats, propose solutions, and experimentally demonstrate their effectiveness in defending O-RAN systems against cyberattacks, offering a holistic and practical perspective on O-RAN security.

We investigate the impact of encryption on two key O-RAN interfaces: the E2 interface and the Open Fronthaul, using a full-stack O-RAN ALLIANCE compliant implementation within the Colosseum network emulator and a production-ready Open RAN and 5G-compliant private cellular network. Our findings provide quantitative insights into the latency and throughput impacts of encryption protocols, and we propose four fundamental principles for security by design within Open RAN systems.

Finally, we address the security of Time-Sensitive Networking (TSN) in O-RAN. The O-RAN framework encourages multi-vendor solutions but increases the exposure of the open fronthaul (FH) to security risks, especially when deployed over third-party networks. Synchronization is crucial for reliable 5G links, with attacks on synchronization mechanisms posing significant threats. We demonstrate the impact of spoofing and replay attacks on Precision Time Protocol (PTP) synchronization, causing catastrophic failures in a production-ready O-RAN and 5G-compliant private cellular network. To counter these threats, we design an ML-based monitoring solution detecting various malicious attacks with over 97.5% accuracy, and outline additional security measures for the O-RAN environment.