IEEE Access (Jan 2023)

Open-RAN Fronthaul Transport Security Architecture and Implementation

  • Daniel Dik,
  • Michael Stubert Berger

DOI
https://doi.org/10.1109/ACCESS.2023.3274487
Journal volume & issue
Vol. 11
pp. 46185 – 46203

Abstract

Read online

The main innovations for next-generation cellular networks are in the Radio Access Network (RAN). Here, the base station functionalities are split between a Radio Unit (RU) and a Distributed Unit (DU), resulting in a virtualized architecture where functions can be centralized close to the core for performance improvement and function extendibility. The fronthaul is the interface between RUs and DUs. It transports very sensitive data and is constrained by strict performance requirements. The clear-text nature of the fronthaul protocols and its direct encapsulation over Ethernet exposes the fronthaul to Layer 2 threats and vulnerabilities that can significantly threaten the operation of the RAN. This paper presents a detailed analysis of the transport network security in the fronthaul. It describes the threats and vulnerabilities that the fronthaul is exposed to and their overall network impact, thereby, elucidating the urgent need for Layer 2 security mechanisms. This paper introduces MACsec as a potential solution to protect the fronthaul. It outlines MACsec’s capabilities and limitations for threats protection, and its implementation challenges in the fronthaul network. Finally, this paper proposes three hardware architectures to fully secure the fronthaul using MACsec and evaluates their feasibility in Field-Programmable Gate Array (FPGA) devices and their impact on the network performance.

Keywords