Opening Critical Infrastructure: The Current State of Open RAN Security

Opening Critical Infrastructure: The Current State of Open RAN Security

December 1, 2023 at 03:15AM

Open Radio Access Network (O-RAN) offers standardized, flexible interfaces for previously proprietary RAN systems. While it facilitates innovation through multivendor xApps, these present vulnerabilities, exposing the entire RAN Intelligent Controller to potential security threats. Researchers identified crucial flaws in near-RT RIC’s messaging, including DoS vulnerabilities and spoofing risks, necessitating robust security protocols and deep packet inspections to mitigate attacks.

Meeting Takeaways:

1. Subject of Discussion:
– The Current State of Open RAN Security

2. Key Points:
– Open RAN architecture introduces standardized interfaces to Radio Access Network (RAN) systems for interoperability and flexibility.
– The possibility of malicious xApps threatens the security of the RAN Intelligent Controller (RIC) subsystem.
– Research conducted has indicated actual vulnerabilities in the Open RAN Software Community (SC) reference implementation, with a particular focus on the 5G network architecture.
– Potential security implications exist due to the open and multi-vendor nature of O-RAN systems, particularly around xApps sourced from multiple vendors.
– Identified vulnerabilities (CVE-2023-40998, CVE-2023-40997, CVE-2023-41627) showcase risks like DoS attacks, packet spoofing, and RMR hijacking, all of which can lead to service degradation or poor resource utilization.
– Mitigation strategies involve rigorous xApp verification and onboarding processes, the ability for O-RAN to handle traffic despite malfunctioning RIC components, and the implementation of a deep packet inspection (DPI) system.

3. Vulnerabilities Discussed:
– CVE-2023-40998: Malicious packet causing RIC’s E2term to crash.
– CVE-2023-40997: Improperly formatted message leading to E2term crash.
– CVE-2023-41627: RMR Table spoofing affecting E2Term communications.

4. Short-term Actions:
– Implement immediate fixes and patches for known vulnerabilities.
– Start developing DPI systems that understand O-RAN protocols.

5. Long-term Strategies:
– Improve xApp onboarding process with enhanced security checks.
– Ensure robustness and interoperability among components from different vendors.
– Strengthen RIC components against malfunction impacts.
– Potential adoption of secure coding practices to prevent future vulnerabilities.

6. Contributors:
– Research by Salim S.I. (Senior Staff Researcher) and Richard Y Lin (Researcher).
– Collaboration between National Taiwan University of Science and Technology and TrendMicro/CTOne.

7. Relevant Materials Available for Download:
– Figure illustrations of 5G network architecture and components.
– Detailed break-down of vulnerabilities and their consequences.

8. Recommendations:
– Close collaboration between operators, vendors, and researchers to ensure continuous improvement of Open RAN security standards.
– Sharing of knowledge and best practices within the O-RAN Alliance to prevent security breaches.

Full Article