Despite misconceptions, open interfaces defined in the O-RAN technical specifications provide increased independent visibility and the opportunity for an overall enhanced and more secure system. 5G and OpenRAN enable new capabilities and control points that allow suppliers, test equipment manufacturers, wireless carriers, and network operators to assess, mitigate, and manage security risks efficiently.
OpenRAN architectures also present clear differentiators over closed, proprietary RAN. Open, standardized interfaces remove vulnerabilities or risk that comes with proprietary and potentially untrusted implementations.
An OpenRAN Architecture Provides the Following Key Security Differentiators
Operator has full control of building a secure platform: OpenRAN’s disaggregated architecture allows network operators to build cloud-native platforms by selecting suppliers that meet all the required industry security standards and certifications. Operator has control of how the virtualized platform is assembled. It is fully vendor driven.
Security of open fronthaul is clear: Protection measures established to safeguard the critical CPRI interface are understood and tested across multiple vendors, which reduces vulnerabilities.
Better enforcement of security controls in cloud infrastructure: A cloud infrastructure supplier will be directly under an agreement with the operator and will be responsible for security of the cloud infrastructure.
Disaggregated platform allows for better visibility and automated monitoring of the network: A cloud-native architecture allows operators to deploy the latest security tools for monitoring vulnerabilities and automated remediation measures as required. The operator will no longer be fully dependent on the vendor to detect and remediate vulnerabilities in the network.
Adoption of industry best practices in development of containerized applications: Allows adoption of industry best practices such as “secure by design” DevSecOps, automated testing in development of containerized applications. Operator also has an option to work with the supplier to determine and influence CI/CD processes used by the supplier.
Protection of cryptographic key: NG-RAN cryptographic key (KgNB) is stored in CU, which is located in a centralized data center inside the network. Data stored at the cell site and can be potentially stolen especially when HSM is not implemented in gNBs.
In summary, open, standardized interfaces remove vulnerabilities or risk that comes with proprietary and potentially untrusted implementation and provides an operator full visibility and control over the cloud environment and network in general.
Download the white paper OpenRAN Architecture Provides Path To More Secure Networks.
Read more about Mavenir OpenRAN solutions.