Transport Security in Next-Generation Radio Access Networks: Architecture and Implementation

Daniel Alberto Dik Rodriguez

Research output: Book/ReportPh.D. thesis

189 Downloads (Pure)

Abstract

The next generations of cellular networks move from services dedicated only for human consumers to a service mix that integrates communication services for things at a very high performance level. With 5G and 6G, long-time envisioned services and applications are becoming a reality. This includes autonomous vehicles, remote robot control for industrial environments, and remote health assistance. To achieve these services and performance requirements, several technological innovations are integrated in cellular networks. The Radio Access Network (RAN) is responsible for providing access, coverage, and capacity to mobile devices in cellular networks. It accounts for a considerable part of the investment in cellular network deployments and is where most of the innovation is centered. One of the main innovations in the RAN is the split of base station functionalities into a Radio Unit (RU) and a Distributed Unit (DU). This results in a disaggregated and open RAN (O-RAN) architecture where functions can be centralized close to the core for performance improvement and function extendibility. The interface between RUs and DUs is the open fronthaul interface. The O-RAN architecture adopts many technologies and architectural concepts. The increased disaggregation allows for more granular control systems that increase efficiency of execution and diversity of the vendor supply chain. However, it also increases the potential attack surface from a cyber-security perspective. Therefore, there is a need to take these potential risks into account. This Ph.D. thesis investigates transport network security in the O-RAN fronthaul. Firstly, it analyzes the threats and vulnerabilities that the fronthaul data are exposed to and their overall impact on the network, thereby, elucidating the urgent need for Layer 2 security mechanisms. Secondly, it analyzes Media Access Control Security (MACsec) as a potential solution to protect the fronthaul. It outlines MACsec’s capabilities and limitations for threat protection and its implementation challenges in the fronthaul network. Thirdly, it proposes multiple hardware architectures to fully secure the fronthaul data using MACsec and evaluates their feasibility in Field-Programmable Gate Array (FPGA) devices and their impact on the network performance. These architectures consider different fronthaul scenarios including time sensitive networking technologies, point-to-point and network of switches fronthaul, and dynamic large-scale fronthaul networks with channel aggregation and Security-as-a-Service. Fourthly, this thesis presents the integration of Quantum Key Distribution and the MACsec control plane to secure the fronthaul network against quantum-computer attacks. Finally, a risk assessment of the system hosting MACsec in RUs and DUs is conducted, where the isolation of its control plane using Trusted Execution Environments is proposed and analyzed. As a result, this Ph.D. thesis provides relevant research and system implementations for securing open architectures in current and next-generation RANs.
Original languageEnglish
PublisherTechnical University of Denmark
Number of pages172
Publication statusPublished - 2023

Fingerprint

Dive into the research topics of 'Transport Security in Next-Generation Radio Access Networks: Architecture and Implementation'. Together they form a unique fingerprint.

Cite this