ABSTRACT
The open fronthaul interface is a standard protocol for a link between the radio units and the distributed unit in RAN, enabling different vendors interoperable. We study the security requirements of the open fronthaul interface for 5G networks. The O-RAN management plane (M-plane) mandates an end-to-end security using SSHv2, whereas the O-RAN control and user plane (CU-plane) do not support any security measure yet. We investigate MACsec for the CU-plane security, which is recommended as one of security options in the eCPRI specification. Furthermore, we implemented quantum-safe crypto solutions using a hybrid mode key exchange and signature schemes, which can be applied for the post-quantum SSH and MACsec protocols.
- G. Alagic, J. Alperin-Sheriff, D. Apon, D. Cooper, Q. Dang, Y. Liu, C. Miller, D. Moody, R. Peralta, R. Perlner, A. Robinson, and D. Smith-Tone. 2020. Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process. (July 2020).Google Scholar
- Altiostar. 2021. Security in Open RAN, white paper. https://www.altiostar.com/white-paper-security-in-open-ran/.Google Scholar
- J. Cho and A. Sergeev. 2021. Post-quantum MACsec in Ethernet Networks. J. Cyber Secur. Mobil. 10, 1 (2021), 161–176.Google Scholar
- J. Cho, A. Sergeev, and J. Zou. 2019. Securing Ethernet-Based Optical Fronthaul for 5G Network(ARES ’19). 6 pages.Google Scholar
- D. Cooper, D. Apon, Q. Dang, M. Davidson, M. Dworkin, and C. Miller. 2019. Recommendation for Stateful Hash-Based Signature Schemes. Draft NIST Special Publication 800-208. NIST.SP.800-208-draft.pdf.Google Scholar
- CPRI. 2018. Common Public Radio Interface eCPRI Interface Specification. V1.2.Google Scholar
- L. Grover. 1996. A fast quantum mechanical algorithm for database search. In Proceedings of the Twenty-Eighth Annual Symposium on the Theory of Computin. 212–219.Google ScholarDigital Library
- T. Hansen, M. Campagna, and E. Crockett. 2018. PRE-DRAFT: Hybrid Key Exchange Integration in the Secure Shell Transport Layer. https://github.com/open-quantum-safe/openssh/blob/OQS-master/ietf_pre_draft_sike_bike_hybrid_kex.txt.Google Scholar
- A. Huelsing, D. Butin, S. Gazdag, J. Rijneveld, and A. Mohaisen. 2018. XMSS: Extended Hash-Based Signatures. Internet-Draftdraft-irtf-cfrg-xmss-hash-based-signatures-12. Internet Engineering Task Force. https://datatracker..org/doc/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 Work in Progress.Google Scholar
- IEEE. 2010. Local and metropolitan area networks–Port-Based Network Access Control. IEEE Std 802.1X-2010 (Revision of IE EE Std 802.1X-2004) (Feb 2010), 1–205.Google Scholar
- IEEE. 2018. IEEE Standard for Local and Metropolitan Area Network–Bridges and Bridged Networks. IEEE Std 802.1Q-2018 (Revision of IEEE Std 802.1Q-2014) (July 2018), 1–1993.Google Scholar
- IETF. 2006. RFC 4253, The Secure Shell (SSH) Transport Layer Protocol. https://datatracker.ietf.org/doc/html/rfc4253.Google Scholar
- IETF. 2009. RFC 5656, Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer. https://datatracker.ietf.org/doc/html/rfc5656.Google Scholar
- IETF. 2011. RFC 6242, Using the NETCONF Protocol over Secure Shell (SSH). https://datatracker.ietf.org/doc/html/rfc6242.Google Scholar
- Y. Liu and W. Li. 2015. VXLAN Security Option. https://tools.ietf.org/html/draft-liu-nvo3-vxlan-security-option-01.Google Scholar
- D. McGrew, M. Curcio, and S. Fluhrer. 2019. Leighton-Micali Hash-Based Signatures. RFC 8554. https://rfc-editor.org/rfc/rfc8554.txtGoogle Scholar
- ngmn. 2020. NGMN Liaison Statement on Security consideration of Low Layer Split in O-RAN.Google Scholar
- O-RAN. 2020. O-RAN.WG1.O-RAN-Architecture-Description-v03.00: O-RAN Fronthaul Working Group O-RAN Architecture Description, Release 03.00.Google Scholar
- O-RAN. 2020. O-RAN.WG4.CUS.0-v05.00: O-RAN Fronthaul Working Group Control, User and Synchronization Plane Specification, Release 05.00.Google Scholar
- O-RAN. 2020. O-RAN.WG4.MP.0-v05.00: O-RAN Fronthaul Working Group Management Plane Specification, Release 05.00.Google Scholar
- Open Quantum Safe project team. Accessed in May 2021. OQS-OpenSSH. https://github.com/open-quantum-safe/openssh.Google Scholar
- P. W. Shor. 1994. Algorithms for quantum computation: discrete logarithms and factoring. 35th annual IEEE symposium on the foundations of computer science.Google Scholar
Recommendations
Delegation of signing rights for emerging 5G networks
5G mobile networks are promising to offer mobile users unrivaled experiences with infinite networking capability at any period and from anywhere. However, it appears unnecessary and impractical for the customers and servers to be connected permanently ...
Strongly secure certificateless short signatures
Highlights We introduce a new efficient and secure short certificateless signature scheme. It is strongly unforgeable. The security is based on the CDH assumption. The proposed scheme is provably secure against a relatively stronger adversary. Short ...
Secure universal designated verifier signature without random oracles
In Asiacrypt 2003, the concept of universal designated verifier signature (UDVS) was introduced by Steinfeld, Bull, Wang and Pieprzyk. In the new paradigm, any signature holder (not necessarily the signer) can designate the publicly verifiable signature ...
Comments