解决后量子控制平面瓶颈：开放无线接入网中的能量感知密码调度 (Solving the Post-Quantum Control Plane Bottleneck: Energy-Aware Cryptographic Scheduling in Open RAN)

The Open Radio Access Network (O-RAN) offers flexibility and innovation but introduces unique security vulnerabilities, particularly from cryptographically relevant quantum computers. While Post-Quantum Cryptography (PQC) is the primary scalable defence, its computationally intensive handshakes create a significant bottleneck for the RAN control plane, posing sustainability challenges. This paper proposes an energy-aware framework to solve this PQC bottleneck, ensuring quantum resilience without sacrificing operational energy efficiency. The system employs an O-RAN aligned split: a Crypto Policy rApp residing in the Non-Real-Time (Non-RT) RIC defines the strategic security envelope (including PQC suites), while a Security Operations Scheduling (SOS) xApp in the Near-RT RIC converts these into tactical timing and placement intents. Cryptographic enforcement remains at standards-compliant endpoints: the Open Fronthaul utilizes Media Access Control Security (MACsec) at the O-DU/O-RU, while the xhaul (midhaul and backhaul) utilizes IP Security (IPsec) at tunnel terminators. The SOS xApp reduces PQC overhead by batching non-urgent handshakes, prioritizing session resumption, and selecting parameters that meet slice SLAs while minimizing joules per secure connection. We evaluate the architecture via a Discrete-Event Simulation (DES) using 3GPP-aligned traffic profiles and verified hardware benchmarks from literature. Results show that intelligent scheduling can reduce per-handshake energy by approximately 60 percent without violating slice latency targets.

翻译：开放无线接入网络（O-RAN）在提供灵活性与创新性的同时，也引入了独特的安全漏洞，尤其是来自具备密码破解能力的量子计算机的威胁。虽然后量子密码学（PQC）是主要的可扩展防御手段，但其计算密集型的握手过程给RAN控制平面造成了显著的瓶颈，并带来了可持续性挑战。本文提出一种能量感知框架来解决这一PQC瓶颈，在确保量子安全韧性的同时不牺牲运行能效。该系统采用符合O-RAN架构的切分方案：部署于非实时无线智能控制器中的密码策略rApp负责定义战略安全框架（包括PQC套件），而部署于近实时无线智能控制器中的安全操作调度xApp则将这些策略转化为战术级的时序与部署意图。密码执行仍由符合标准的端点完成：开放前传在O-DU/O-RU处采用媒体访问控制安全协议，而跨传网络（中传与回传）在隧道终端采用IP安全协议。SOS xApp通过批量处理非紧急握手、优先会话恢复，以及选择满足切片服务水平协议同时最小化每安全连接能耗的参数，来降低PQC开销。我们采用符合3GPP标准的流量模型和经文献验证的硬件基准，通过离散事件仿真对该架构进行评估。结果表明，智能调度可在不违反切片时延目标的前提下，将每次握手的能耗降低约60%。