Daniel Dik – Sep 14, 2022. 

In this webinar, we will take a look at MACsec as a persuasive security solution for the O-RAN Fronthaul. We will understand the very sensitive data that the fronthaul transports, its strict high-performance requirements, and the urgent need to secure it against several threats and attacks. We will learn the features that MACsec has to protect the fronthaul together with its implementation challenges. Finally, we will see how the Comcores’ MACsec solution can be integrated and customized for Open-RAN projects accelerating developments and reducing risks and costs.

5G provides a range of improvements compared to existing 4G LTE mobile networks in regards to capacity, speed, latency and security. One of the main improvements is in the 5G RAN; it is based on a virtualized architecture where functions can be centralized close to the 5G core for economy or distributed as close to the edge as possible for lower latency performance.

The functional split options for the baseband station processing chain results in a separation between Radio Units (RUs) located at cell sites implementing lower layer functions, and Distributed Units (DUs) implementing higher layer functions.

This offers centralized processing and resource sharing between RUs, simple RU implementation requirements, easy function extendibility, and easy multivendor interoperability. The fronthaul is defined as the connectivity in the RAN infrastructure between the RU and the DU.

The O-RAN Alliance, established in February 2018, is an initiative to standardize the RAN with open interoperable interfaces between the radio and signal processing elements to facilitate innovation and reduce costs by enabling multi-vendors interoperable products and solutions while consistently meeting operators’ requirements.

The O-RAN Alliance defines that the fronthaul has to support Low Level Split 7-2x between the O-RAN Radio Unit (O-RU) and the O-RAN Distributed Unit (O-DU). The O-RAN Fronthaul is divided into data planes over different encapsulation protocols: Control Plane (C-Plane), User Plane (U-Plane), Synchronization Plane (S-Plane), and Management Plane (M-Plane). These planes carry very sensitive data and are constrained by strict performance requirements.

For its ability to mix different traffic types and ubiquitous application Ethernet is the preferable packet-based transport technology for the next generation fronthaul. An insecure ethernet transport network can expose the fronthaul to different types of threats that can compromise the operation of the network.

For example, data can be eavesdropped due to the packets’ clear-text nature, and the lack of authentication can allow an attacker to impersonate a network component. This can result in the manipulation of the data planes that can be used maliciously to cause a complete network Denial-of-Service, making security solution for the O-RAN Fronthaul critical.

Watch our webinar on demand to learn more…