Project Summary: The Open-RAN Fronthaul transports very sensitive data between Radio Units and Distributed Units over Ethernet. Control, User, Synchronization, and Management packets are exposed to different types of threats due to the lack of implemented security standards. There are four pillars of security that should be satisfied by any security standard chosen to protect the Open-RAN Fronthaul; these are Confidentiality, Integrity, Authenticity, and Availability.
In this project, we explore the usage of Fronthaul transport protocols such as the Common Public Radio Interface (CPRI). Typically, 5G communications were only secured over the air, between the user equipment and the base station; between the base stations and the core network, no security was implemented. This project seeks to explore options for securing transport over this fronthaul (ie: base station –> core network) while keeping the additional overhead introduced to a minimum, as well as to explore options/behavior for securing such in a post-quantum environment.
We are exploring protocols such as Transport Layer Security (TLS), IPSec, and IEEE 802.1AE (MACSEC), focusing on characteristics such as speed, efficiency, and delay as 5G services have strict timing & synchronization requirements. We mainly focus on MACSEC specifically because of its reduced overhead compared to the previous two. It is like IPSec, but it works at the data-link layer and is more lightweight.
People: Isabela Fernandez Pujol, Ricardo Harrilal-Parchment, Dr. Kemal Akkaya