IEEE Open Journal of the Communications Society (Jan 2024)

Attacking O-RAN Interfaces: Threat Modeling, Analysis and Practical Experimentation

  • Pau Baguer,
  • Girma M. Yilma,
  • Esteban Municio,
  • Gines Garcia-Aviles,
  • Andres Garcia-Saavedra,
  • Marco Liebsch,
  • Xavier Costa-Perez

DOI
https://doi.org/10.1109/OJCOMS.2024.3431681
Journal volume & issue
Vol. 5
pp. 4559 – 4577

Abstract

Read online

A new generation of open and disaggregated Radio Access Networks (RANs) enabling multi-vendor, flexible, and cost-effective deployments is being promoted by the Open Radio Access Network (O-RAN) Alliance. However, this new level of disaggregation in the RAN also entails new security risks that must be carefully addressed. The O-RAN Alliance has established Working Group 11 (WG11) to ensure that the new specifications are secure by design. Acknowledging the new security challenges arising from the expanded threat surface, O-RAN WG11 provides procedures to identify threats and assess and mitigate risks. Reportedly, as of 2024, 60% of found risks are related to Denial of Service (DoS) and performance degradation. Therefore, in this work, we analyse a vanilla O-RAN deployment and evaluate the endurance of different O-RAN interfaces under attacks in scenarios involving DoS and performance degradation. To do so, we use a reference O-RAN open source deployment to report, risks found, weak points, and counter-intuitive recommended design choices for both control plane (A1, E2, and F1-c) and user plane (F1-u) interfaces. Consequently, we map O-RAN WG11’s threat model and risk assessment methodology to our considered DoS and performance degradation scenarios, and dissect existing threats and potential attacks over O-RAN interfaces that may compromise the security of O-RAN architectural deployments. Finally, we identify mechanisms to mitigate risks and discuss approaches aimed at improving the robustness of future O-RAN networks.

Keywords