O-RAN Security Test Solution

Open RAN: Open Disaggregation, Open Cloudification, Open Intelligence

Open Radio Access Network (Open RAN) has created a big shift in the wireless ecosystem, by leading the industry towards a diversified and more competitive telecom supplier chain and enabling unprecedented innovation, flexibility and agility in network deployments.

Open RAN evolves around the three main pillars of open disaggregation (where traditional RAN functions are split and connected using standard, open interfaces), open cloudification (with virtualization and cloudification of network functions), and open intelligence (big data enabled RAN intelligence). This approach brings multiple benefits in deploying and managing wireless networks, moving away from the monolithic and closed RAN components to new adaptable and scalable designs and promising enhanced interoperability and cost-efficiency.

While these benefits are compelling, additional testing considerations are necessary before deploying an Open RAN network. These include rigorous interoperability testing, more robust protocol conformance evaluation, and security validation of both the open/standard interfaces and the end-to-end system, which could be accessed from the outside due to its cloudified architecture.

Security Validation Challenges for Open RAN

Security validation is especially critical, as various types of attacks can be launched and targeted toward RAN components. These attacks can range from simple port scanning and exploiting known vulnerabilities, to attempting to gain access to a specific network function. More significant disruption can be caused by a Distributed Denial of Service (DDoS) attack, which can reduce the performance of the targeted component or even render it out of service. A targeted attack such as fuzzing can affect a specific node or protocol.

5G and Cloud Deployments

Cloudification of the cellular network, which gained widespread adoption starting with the 5G era, is another important aspect that affects security. Cloud deployments offer benefits such as lower cost, greater flexibility, and higher scalability. Network software components can be deployed in the cloud using Virtual Machines or Containers, based on a pay-per-usage, traffic, or instance type. As a result, network customers no longer need to invest in expensive hardware or create data centers and other infrastructure.

Cloud deployments necessitate the validation of cloud robustness, availability, and security. Network operators need to ensure they have the resources to properly run the network function (NF) at peak performance or to deploy additional instances of the NF in case higher capacity or high availability is required. As the cloud can be accessed from anywhere, the NF instances need to be properly secured.

Addressing 5G Open RAN security challenges involves conducting thorough threat modeling and risk assessments to identify potential vulnerabilities and assess their impact. It also requires implementing robust security protocols (such as TLS, IPSec, SSH) and conducting regular security audits and tests to identify and mitigate vulnerabilities.

Keysight O-RAN Security Test Solution: Highlights

• Alignment to standardized test cases: 3GPP and O-RAN ALLIANCE

The solution implements standardized test cases aligned with 3GPP and O-RAN ALLIANCE specifications. Test cases are pre-defined and can be selected and executed as needed. Maximum flexibility is offered by enabling parameter adjustments and the creation of new test cases. Users can tailor the testing process to suit specific and customized requirements and objectives. Additionally, test cases come with different licensing options, which allows users enhanced flexibility in their configuration selection.

• Integration with automation platform

The O-RAN Security Test Solution is based on the Atlas Test Management Center (Atlas-TMC). Atlas-TMC is Keysight’s automation, analytics, and reporting platform that optimizes the entire testing workflow. It integrates all the necessary features to cover various automation use cases within an intuitive interface designed for all Keysight wireless solutions. This platform streamlines various aspects of the testing process, improving efficiency, accuracy, and resource utilization. Atlas seamlessly interfaces with a range of Keysight solutions, selected on the specific requirements of test cases. These solutions include a range of security test tools as well as UE emulation and node emulation solutions. Atlas is designed to be the single pane of glass for creating and executing test cases or test campaigns, managing DUT profiles and analyzing test results. It serves as the central hub for loading and executing test cases, and for taking Pass/Fail decisions. For customers who already own automation platforms, our solution is designed to seamlessly integrate into these frameworks, ensuring full compatibility and a swift ramp-up.

• Comprehensive reporting and analytics

Atlas offers multiple ways to analyze and visualize results data from the test campaigns. The intuitive and easy to use interface provides rich filtering capabilities to select criteria for viewing the test results. Users can quickly filter for results, test cases, custom date ranges and many more dimensions. Upon completion of tests, users receive detailed reports that provide insights into the outcomes of each test case. These reports offer a comprehensive understanding of why certain tests may have failed or the specific errors encountered. For advanced analysis requirements, the solution also facilitates the collection of additional logs from the test tool. These logs can be invaluable for conducting thorough investigations, troubleshooting, and addressing any issues that may arise during testing.