The telecommunications industry is undergoing a transformative shift with the advent of open RAN, a concept that emphasizes interoperability and standardization of Radio Access Network (RAN) elements. As this evolution takes place, ensuring the security of open RAN becomes paramount. In the pursuit of this objective, we sat down with postdoctoral researcher Dr. Kashyap Thimmaraju to discuss the research that he and his colleague Christian Werling from the Security in Telecommunication chair at TU Berlin are leading through an i14y Lab supported project to evaluate and enhance the security aspects of open RAN.
Thimmaraju, working under the guidance of Prof. Dr. Jean-Pierre Seifert, outlines the core objectives of the project. Their primary focus is on evaluating the security of open RAN (architecture, software and hardware), designing and developing automated security testing tools, and integrating these tools into the broader open RAN ecosystem.
Exposing vulnerabilities in the Near-Real-Time RAN Intelligent Controller (nRT-RIC) components is an important part of this research. Thimmaraju used a two-pronged approach, involving the static analysis and run-time testing of open-source nRT-RIC implementations (OSC and micro ONOS). The latter led to the development of the O-RAN A1 Interface Testing Tool (OAITT). OAITT is the first open-source tool available to the O-RAN community for security and performance testing of the A1 interface and it revealed the following critical vulnerabilities:
As a consequence of these vulnerabilities, the following may occur:
Another issue detected was the potential of denial of service attacks on nRT-RIC via the A1 interface.
Thimmaraju emphasizes the commitment to open-source principles, stating that their security testing tools will be available to the public in various forms, including source code, data, vulnerability disclosures, technical reports, and academic publications. This commitment extends to the OAITT, empowering the O-RAN software community, vendors and operators with a tool for security testing.
The significance of their work lies in its proactive approach to improving open RAN design. Thimmaraju highlights the ongoing collaboration with consortium partners to integrate those partners’ tools into various environments. Additionally, Thimmaraju and Werling are extending their research to the network virtualization stack, particularly focusing on virtual switches, a crucial component in end-to-end network slicing promised by 5G and beyond.
Acknowledging the importance of security in various interfaces, systems, and code, Thimmaraju explains how their work contributes to building a more secure framework for open RAN. Their findings stress the necessity of authorization mechanisms, secure code development, and the relevance of Software Bill of Materials (SBOMs) in enhancing security.
Thimmaraju reveals that their research has caught the attention of the O-RAN Alliance, resulting in the identification and resolution of authorization issues in the A1 interface specification and the introduction of a new threat in the O-RAN Security Threat Modeling and Risk Assessment. Moreover, their OAITT tool, once open-sourced, is envisioned to be utilized by the i14y lab members, serving as a valuable resource for the open RAN community.
In conclusion, Thimmaraju and Werling's research not only uncovers vulnerabilities but actively contributes to fortifying the security of open RAN. Through open-source tools, responsible reporting, and collaborative engagements, they are playing a pivotal role in shaping a more secure future for telecommunications. Their commitment to transparency and collaboration sets a commendable precedent for the industry as it navigates the complexities of open RAN.
If you would like to stay updated as this research unfolds, make sure to sign up for our newsletter. We plan to offer more information through the newsletter about this topic as time goes on, and we are even planning to host an event to further inform the industry of this development in the security of Open RAN.
Subscribe to the i14y Lab newsletter to get your monthly update on what’s going on in the lab, upcoming events, and other network disaggregation news.