O-RAN Fronthaul Security using MACsec

With 5G being deployed for time-sensitive applications, security is becoming an important consideration. At the same time, Open Radio Access Networks (RAN) are gaining more interest from mobile carriers and governments. Yet, Open RAN networks have serious security challenges, especially in the RAN fronthaul where there are strict timing requirements. This paper proposes MACsec as an efficient data link layer security solution that can assist in meeting these challenges.

5G needs security

5G is now in full deployment with numerous services available across the globe. 5G provides a range of improvements over existing 4G Long-Term Evolution (LTE) mobile networks with regard to capacity, speed and latency. It also provides better security. Nevertheless, security risks still remain and these need to be addressed quickly to ensure that 5G can address all of the target applications that drove original specifications.

While 5G provides faster mobile broadband services compared to 4G LTE, the driving applications for 5G specifications are non-consumer services. These include massive Machine-Type Communications (mMTC), such as support for billions of Internet of Things (IoT) devices, and Ultra-Reliable Low Latency Communications (URLLC) applications like industrial automation, autonomous vehicles and eHealth.

5G RAN architecture

Figure 1: 5G RAN architecture

There are already numerous examples of security breaches exploiting IoT devices. But now that 5G-connected IoT devices can be used to support critical infrastructure like electricity and water supply, security becomes a concern for governments and their national security plans. 

For URLLC applications, security is a pre-requisite as these are time-sensitive applications. Industrial automation applications, like Automated Guided Vehicles (AGVs) and industrial sensors, need to be secure at all times. It is also clear that applications like autonomous vehicles also need to be secure.

5G is poised to support the digital transformations happening across multiple industries, but in order to do so, security concerns must be addressed, including 5G RAN security challenges.

5G security enhancements

5G provides enhanced security measures compared to previous generation mobile networks, such as mutual authentication capabilities that confirm that the sender and receiver are trustworthy, enhanced subscriber identity protection and User Plane integrity checks between the Central Unit (CU) and User Equipment (UE).

Many of these security measures rely on upper layer security solutions, like Transport Layer Security (TLS). However, 5G networks are now based on Ethernet as the transport layer from device to 5G core. This means that attacks that target the Ethernet layer can also be used to compromise 5G networks, especially the 5G fronthaul network connecting 5G Radio Units (RUs) to Distributed Units (DUs) as shown in Figure 1 (above).

But this also provides an opportunity. Since Ethernet is now the data link layer for 5G networks, security solutions designed for Ethernet, such as MACsec, can be used to provide security. MACsec can defend against attacks specific to the data link layer, thereby protecting upper layers.

5G fronthaul and Open RANs

As seen in Figure 1, the 5G RAN is based on a virtualized architecture where functions can be centralized close the 5G core for economy or distributed as close to the edge as possible for lower latency performance. This provides a great deal of flexibility in addressing specific service requirements, but also results in a number of new, open Ethernet-based interfaces that can pose a security risk.

While many of the interfaces between logical entities in 5G have been standardized by 3GPP, there are others, such as the interface between RUs and DUs that have not been as well defined. This is because these interfaces have typically been proprietary to the 5G RAN vendor.

In 4G LTE, the equivalent Remote Radio Unit (RRU) to BaseBand Unit (BBU) interface was based on the Common Public Radio Interface (CPRI) specification, which provided enough options for vendors to provide proprietary solutions. In 5G, this has been replaced by the Ethernet-based enhanced CPRI (eCPRI) interface, as shown in Figure 2 (below).

O-RAN Fronthaul data planes encapsulation over ethernet

Figure 2: : O-RAN Fronthaul data planes encapsulation over ethernet

eCPRI is more open and makes it possible for multiple vendors to provide either an RU or DU solution. However, additional specifications are needed to ensure interoperability.  This has given rise to various Open RAN initiatives. The two most prominent Open RAN initiatives are the Telecom Infra Project (TIP) OpenRAN project and the Open-RAN (O-RAN) Alliance.

The TIP project was established to build open-source, cost-effective telecom equipment for deployment in less developed regions of the world and the TIP OpenRAN project is focused on building cost-effective RU, CU and DU solutions.

The O-RAN Alliance was established in 2018 to specify Open RAN solutions with specific emphasis on interfaces and implementation guidelines that are not detailed in 3GPP recommendations and are important for interoperability. The O-RAN Alliance specifies the Open Fronthaul interface between the RU and DU, which has enabled non-traditional telecom equipment vendors to deliver RU and DU solutions and increase competition. The Open Fronthaul Interface between the RU and DU is based on the 7.2x split in Figure 3 (below). As can be seen, the protocol stack can be split at various points enabling functionality to be deployed at various points in the network. This enables simpler, more compact and lower cost RU implementations as only the RF and lower PHY layer functions need to be supported. Since 5G will require an order of magnitude increase in the number of RUs to be deployed, this can lower deployment costs significantly.

5G RAN Functional Splits

Figure 3: 5G RAN Functional Splits