Open-RAN Fronthaul Transport Security Architecture and Implementation

Daniel Dik*, Michael Stübert Berger

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

7 Downloads (Pure)


The main innovations for next-generation cellular networks are in the Radio Access Network (RAN). Here, the base station functionalities are split between a Radio Unit (RU) and a Distributed Unit (DU), resulting in a virtualized architecture where functions can be centralized close to the core for performance improvement and function extendibility. The fronthaul is the interface between RUs and DUs. It transports very sensitive data and is constrained by strict performance requirements. The clear-text nature of the fronthaul protocols and its direct encapsulation over Ethernet exposes the fronthaul to Layer 2 threats and vulnerabilities that can significantly threaten the operation of the RAN. This paper presents a detailed analysis of the transport network security in the fronthaul. It describes the threats and vulnerabilities that the fronthaul is exposed to and their overall network impact, thereby, elucidating the urgent need for Layer 2 security mechanisms. This paper introduces MACsec as a potential solution to protect the fronthaul. It outlines MACsec's capabilities and limitations for threats protection, and its implementation challenges in the fronthaul network. Finally, this paper proposes three hardware architectures to fully secure the fronthaul using MACsec and evaluates their feasibility in Field-Programmable Gate Array (FPGA) devices and their impact on the network performance.

Original languageEnglish
JournalIEEE Access
Pages (from-to)46185-46203
Publication statusPublished - 2023


  • FPGA
  • Fronthaul
  • MACsec
  • open-RAN
  • security


Dive into the research topics of 'Open-RAN Fronthaul Transport Security Architecture and Implementation'. Together they form a unique fingerprint.

Cite this