ZTRAN: Prototyping Zero Trust Security xApps for Open Radio Access Network Deployments
Abstract: The open radio access network (O-RAN) offers new degrees of freedom for building and operating advanced cellular networks. Emphasizing on RAN disaggregation, open interfaces, multi-vendor support, and RAN intelligent controllers (RICs), O-RAN facilitates adaptation to new applications and technology trends. Yet, this architecture introduces new security challenges. This paper proposes leveraging zero trust principles for O-RAN security. We introduce zero trust RAN (ZTRAN), which embeds service authentication, intrusion detection, and secure slicing subsystems that are encapsulated as xApps. We implement ZTRAN on the open artificial intelligence cellular (OAIC) research platform and demonstrate its feasibility and effectiveness in terms of legitimate user throughput and latency figures. Our experimental analysis illustrates how ZTRAN's intrusion detection and secure slicing microservices operate effectively and in concert as part of O-RAN Alliance's containerized near-real time RIC. Research directions include exploring machine learning and additional threat intelligence feeds for improving the performance and extending the scope of ZTRAN.
- A. S. Abdalla, P. S. Upadhyaya, V. K. Shah, and V. Marojevic, “Toward Next Generation Open Radio Access Networks–What O-RAN Can and Cannot Do!” IEEE Network, pp. 1–8, 2022.
- A. S. Abdalla and V. Marojevic, “End-to-End O-RAN Security Architecture, Threat Surface, Coverage, and the Case of the Open Fronthaul,” arXiv preprint arXiv:2304.05513, 2023.
- E. Bertino and K. Brancik, “Services for Zero Trust Architectures - A Research Roadmap,” in 2021 IEEE International Conference on Web Services (ICWS), 2021, pp. 14–20.
- M. Shore, S. Zeadally, and A. Keshariya, “Zero Trust: The What, How, Why, and When,” Computer, vol. 54, no. 11, pp. 26–35, 2021.
- S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero trust architecture,” NIST special publication, vol. 800, p. 207, 2020.
- S. Ibrokhimov, K. L. Hui, A. Abdulhakim Al-Absi, h. j. lee, and M. Sain, “Multi-Factor Authentication in Cyber Physical System: A State of Art Survey,” in 2019 21st International Conference on Advanced Communication Technology (ICACT), 2019, pp. 279–284.
- J. Peng, K.-K. R. Choo, and H. Ashman, “User profiling in intrusion detection: A review,” Journal of Network and Computer Applications, vol. 72, pp. 14–27, 2016.
- V. A. Cunha, E. da Silva, M. B. de Carvalho, D. Corujo, J. P. Barraca, D. Gomes, L. Z. Granville, and R. L. Aguiar, “Network slicing security: Challenges and directions,” Internet Technology Letters, vol. 2, no. 5, p. e125, 2019.
- D. Johnson, D. Maas, and J. Van Der Merwe, “Nexran: Closed-loop ran slicing in powder -a top-to-bottom open-source open-ran use case,” in Proceedings of the 15th ACM Workshop on Wireless Network Testbeds, Experimental Evaluation & CHaracterization, ser. WiNTECH ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 17–23.
- W. Shi, J. Li, P. Yang, Q. Ye, W. Zhuang, X. Shen, and X. Li, “Two-Level Soft RAN Slicing for Customized Services in 5G-and-Beyond Wireless Communications,” IEEE Transactions on Industrial Informatics, vol. 18, no. 6, pp. 4169–4179, 2022.
- D. Sattar and A. Matrawy, “Towards Secure Slicing: Using Slice Isolation to Mitigate DDoS Attacks on 5G Core Network Slices,” in 2019 IEEE Conference on Communications and Network Security (CNS), 2019, pp. 82–90.
- J. Moore, A. S. Abdalla, M. Zhang, and V. Marojevic, “Demo: Ssxapp: Secure slicing for o-ran deployments,” in MILCOM 2023 - 2023 IEEE Military Communications Conference (MILCOM), 2023, pp. 251–252.
- P. S. Upadhyaya, A. S. Abdalla, V. Marojevic, J. H. Reed, and V. K. Shah, “Prototyping next-generation O-RAN research testbeds with SDRs,” arXiv preprint arXiv:2205.13178, 2022.
Paper Prompts
Sign up for free to create and run prompts on this paper using GPT-5.
Top Community Prompts
Collections
Sign up for free to add this paper to one or more collections.