Open RAN Security Based on Zero Trust Architecture
Rooted in the principle of “never trust, always verify,” Zero Trust is designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and simplifying granular user-access control. A “zero trust” (ZT) approach to cybersecurity, as described in NIST’s Special Publication 800-207: Zero Trust Architecture, is primarily focused on data and service protection but can and should be expanded to include all enterprise assets (devices, infrastructure components, applications, virtual and cloud components) and subjects (end users, applications and other nonhuman entities that request information from resources).
O-RAN Alliance Guiding Principles
In this new paradigm, an enterprise must assume no implicit trust and continually analyze and evaluate the risks to its assets and business functions and then enact protections to mitigate these risks. In zero trust, these protections usually involve minimizing access to resources (such as data and compute resources and applications/services) to only those subjects and assets identified as needing access as well as continually authenticating and authorizing the identity and security posture of each access request. Support of a zero-trust architecture requires each O-RAN component to comply with established functionalities and protections. O-RAN Alliance has identified several guiding principles for its ongoing work, including:
- Support integration with an external identity, credential, and access management system (ICAM) using industry standard protocols.
- Require authentication and authorization on all access.
- Support role-based access control (RBAC)
- Implement confidentiality on connections between O-RAN and external components.
- Implement integrity checking on connections between O-RAN and external components.
- Support encryption of data at rest.
- Support replay prevention
- Implement security log generation and collection to an external security information and event management (SIEM)
Read more about a zero trust architecture and other key security differentiators of Open RAN in the whitepaper Security in Open RAN.
Read more about Mavenir Open RAN Solutions here.