Security for Open RAN

As service providers implement 5G networks, security in all aspects of the network is critical. Open RAN is now being adopted for 4G and 5G networks and will play a big role in these emerging networks. In addition to lower cost and better scalability, Open RAN systems also have several security advantages over a proprietary/closed system due to virtualization/cloud-native security features, a transparent architecture, and a broad partner ecosystem.

The overarching architecture is important, but so are the detailed aspects of the built-in security mechanisms. That is why Altiostar recently jointly published two documents on Open RAN security that provide a comprehensive look into the overall security architecture and specific security mechanisms that are part of Open RAN systems. Both papers were published with other vendors/suppliers in the Open RAN ecosystem.

In a sponsored article published on Fierce Wireless, Altiostar and Red Hat look at the inherently secure nature of Open RAN. Open RAN is a disaggregated approach to building a RAN and utilizes published interface standards and virtualized / containerized software. Another distinguishing factor is the ecosystem of partners and the ability for a service provider to have a significant choice in solution providers in order to create a system customized for their subscribers. The article cites a report from 451 Research that sums up this advantage: “open RAN architectures offer improved security compared to single vendor systems, because they are more modular, more visible and are less interdependent.”

Digging down into the reason for this, the 451 Research report points to improved security and reduced risk due to the ability to build best-of-breed solutions, use of standardized interfaces and greater visibility into interfaces.  

A Granular Understanding of Network Security Details

More details on Open RAN security features can be found in a whitepaper titled “Security in Open RAN,” which was developed by Altiostar, Fujitsu, Mavenir and Red Hat. The paper discusses how Open RAN inherits all security features from 3GPP and industry-best practices from the cloud-native ecosystem that harden these systems and provide operators with full visibility and control of their end-to-end RAN security.

This starts with Open RAN being built on a zero-trust architecture that mandates that software design and coding decisions will result in software with a “never trust, always verify” stature toward user access control. Other key aspects of the zero-trust architecture include use of cloud security features such as network segmentation, preventing lateral movement and emphasizing Layer 7 threat prevention, among other features.

Other security discussions in the 26-page whitepaper focus on securing communications between key radio control functionality, use of cloud native security features for network elements, use of secure by design software coding procedures, and other differentiators.

Open RAN systems offer security that is enhanced with standards, as well as the use of virtualization and other enabling technologies that are proven in the data center environment.  It also benefits from an ecosystem of competitive companies always pushing each other to get better. This combination offers security and the tools that operators need to control their security.

About The Author
Nagendra Bykampadi Director for Product Management and Standards (Security), Altiostar Nagendra Bykampadi is the Director for Product Management and Standards (Security) at Altiostar. He has over 24 years of experience in the wireless industry. In his current role he is the product manager for Altiostar’s product security portfolio. He is actively engaged with operators on all matters related to Open RAN security. He has also been involved in 3GPP SA3 security standardization from 2014 and is also an active contributor to O-RAN Security Task Group standardization activities.