IEEE Open Journal of the Communications Society (Jan 2024)

Security Threats to xApps Access Control and E2 Interface in O-RAN

  • Cheng-Feng Hung,
  • You-Run Chen,
  • Chi-Heng Tseng,
  • Shin-Ming Cheng

DOI
https://doi.org/10.1109/OJCOMS.2024.3364840
Journal volume & issue
Vol. 5
pp. 1197 – 1203

Abstract

Read online

Open Radio Access Networks (O-RANs) represent a novel wireless access network architecture that decomposes traditional RAN functions and makes them openly accessible. O-RANs enable real-time coordination, RAN performance optimization, and management through RAN Intelligent Controllers (RICs) and their related xApps. Due to the openness of O-RAN, developers have the flexibility to download various pre-developed xApps from the Internet for deployment. They can even develop their xApps to enhance the flexibility and innovation of the RAN. The current O-RAN official WG11 has defined numerous specifications for secure implementations. However, not only is accurately detecting malicious xApps a significant challenge, but the existing H-Release also does not fully adhere to the specifications in its implementation. This could potentially introduce security risks and threats. In this paper, we implement an experimental O-RAN H-Release environment and discover significant threats from the absence of specified access control permissions for xApps. Malicious attackers can illegally access APIs to utilize other services or launch attacks on legitimate xApps and E2 nodes through the E2 interface, potentially causing a complete RAN disruption. We used the identified vulnerabilities to design three attacks, providing detailed explanations and a comprehensive analysis of their impact on the system. Finally, we also submit the discovered threats to CVEs (CVE-2023-42358 and CVE-2023-41628), providing a reference for O-RAN officials to improve security in the future.

Keywords