Open radio access network (O-RAN) is the latest buzzword in the telecom sector. By enabling automated and accelerated provisioning of network capacity and services, greater control over the development of enhanced network services, the opportunity to work with best-in-class suppliers, and reduced network equipment and operating expenses, these networks offer telcos greater flexibility. Further, the technology is cost efficient as it reduces the operators’ reliance on exclusive vendors and decreases the expenditure incurred on infrastructure. Moreover, open networks can help diversify and reinvigorate the supply chain by promoting competition and innovation. For instance, operators can focus on building and operating a RAN based on mix-and-match components from different vendors.
Owing to the various advantages of the technology, operators across the globe as well as in India are warming up to the idea of building O-RAN architectures.
While O-RAN has several benefits, there are also certain risks in its deployment. Owing to the interoperability feature of O-RAN, testing of these networks is also riddled with challenges. Thus, as the industry evolves towards O-RAN networks, it is important that a risk-based approach is adopted along with efficient testing strategies in order to adequately address the security concerns regarding this new technology.
A look at the security and testing challenges faced while working with open networks…
O-RAN testing and measurement – A key challenge
The creation of seamless and flexible interoperability in a multivendor, open ecosystem introduces new test, management and integration challenges that require diligence and cooperation. The key challenges that operators need to address while considering O-RAN are interoperability, ownership accountability, troubleshooting and isolation of problems, and managing and orchestrating all multivendor virtual network functions and physical network functions on a common cloud infrastructure, which may also be multivendor.
Further, the number of test cases operators and network equipment manufacturers need to go through and the amount of testing required is much greater with O-RAN as compared to traditional RAN. This is because of a larger combination of vendors under the O-RAN system, which dramatically increases the cycle time for testing every software release, every regression and implementing testing automation.
To address these challenges, an open test and integration centre (OTIC) has been established in Berlin, Germany, as a collaborative hub for commercial O-RAN development and interoperability testing. The operator-led OTIC initiative benefits from the support of global telecom organisations with a shared commitment to verification, integration, testing and validation of disaggregated RAN components.
The OTIC lab provides a structured environment with common test platforms and practices that enable software developers, equipment manufacturers and system integrators to verify functional compliance with O-RAN Alliance specifications. The lab enables interoperability of disaggregated 5G access infrastructure elements to be fully validated prior to network deployment. However, operators must take responsibility for multivendor, disaggregated elements and make sure they undertake collaborative efforts to maintain quality of experience standards for O-RAN. Further, telcos need to integrate robust multivendor testing processes from the lab to the field and beyond, to fully realise and reap open network architecture benefits.
Security is an essential aspect for any technology, and the threat surface area increases as more vendors are brought into a RAN, especially through their interfaces. Virtualisation and the use of cloud platforms help better utilise hardware resources between different applications. However, it can also introduce security risks. In fact, recently discovered vulnerabilities such as Meltdown and Spectre reveal that there could be increased security risks when sharing hardware resources.
Industry analysts have highlighted that since O-RAN can be implemented as a multivendor network, each one of the app0lications can come from a different vendor. This sourcing of applications from multiple places gives rise to a situation where each application exposes an application programming interface (API) to the services it provides and this opens up avenues for potential security risks.
Further, since O-RAN network deployment would be heterogeneous, some apps would reside on cell sites, others in an operator’s private cloud and some outside of the operator’s private cloud, such as on an HCPcloud. Analysts note that this deployment strategy breaks the prevailing security model, in which the operator RAN is secured via a security perimeter. Such a deployment strategy assumes a zero-trust network.
According to Ericsson, in the case of virtualisation and cloud environments, there are many layers that need to be considered to ensure that the trust chain is maintained between applications and the underlying hardware. The authentication process is the base for establishing a secure communication channel, but it must trust the layers underneath to attest that the node, layer or data set has not been compromised. Further, as there are different layers between the hardware and its security functions and the application, one needs standardised interfaces and APIs to use the hardware security functions and allow them to attest to and validate the layers above.
Mitigating security risks
In order to tide through the security challenges posed by O-RAN, it is imperative to adopt industry best practices. Industry experts have expressed that operators should adopt an end-to-end strategy to address API security, including the authentication of APIs and segregation of duties, and the use of hardware-secured asset tags and other methodologies. Further, data protection should be enabled in real time using modern vulnerability assessment and threat management technologies such as advanced infrastructure security protection and threat analysis. Network participants need protocols for proper authentication and authorisation, including user identity verification for roaming and cloud services, security identification for themselves, and identification of network usage behaviour and mobility patterns via machine learning technology. Moreover, security policies and procedures should be standardised at the global level.
Participants also need standardised polices for data storage, management and fraud detection and response. Another important concern is ensuring the safety of the physical supply chain, which can be accomplished by holding vendors responsible for the security of the products and services delivered. Essentially, communication service providers and other key participants need shared playbooks outlining categories of risks, mitigation actions and teams responsible for carrying out remediation. Time is a critical factor in responding to attacks, and the playbook reduces uncertainty and response time.
The way forward
With O-RAN, telecom networks will utilise solutions from multiple vendors. Thus, it will become challenging for both operators and equipment manufacturers to ensure interoperability, manageability, optimisation and end-to-end performance of disparate components. Ensuring that the components sourced from different vendors work together seamlessly has become a top priority. Interoperability testing can be challenging, especially for distributed units (DUs), due to high flexibility in protocol implementations and the need for tight synchronisation with radio units (RUs). Testing solutions that provide broad capabilities to cover RUs from different vendors are critical to succeed at O-DU interoperability testing. Moreover, there is a possibility of encountering incompatible configurations from multiple possible combinations of software and hardware.
Besides increasing operators’ expenses on testing in a multivendor environment, troubleshooting is likely to become difficult as operators will require vendor-independent validation and troubleshooting to resolve network performance issues, which might not be the case in traditional single-vendor networks. The industry has taken several initiatives such as forming alliances of vendors and operators to test and validate interoperability in a controlled and managed environment.