The advancement of 5G and NextG networks through Open Radio Access Network (O-RAN) architecture enables a shift toward virtualized, modular, and disaggregated configurations. A core component of O-RAN is the RAN Intelligent Controller (RIC), which manages RAN using machine learning-driven xApps that access sensitive data from RAN and User Equipment (UE), stored in the near Real-Time RIC (Near-RT RIC) database. This shared, open environment increases the risk of unauthorized data exposure. To address these concerns, this paper proposes a zero-trust RIC (ZT-RIC) framework that preserves data privacy across the RIC platform, including the RIC database, xApps, and E2 interface. ZT-RIC employs Inner Product Functional Encryption (IPFE) to encrypt RAN/UE data at the base station, preventing leaks through the E2 interface and shared database. Additionally, ZT-RIC enables xApps to perform inference on encrypted data without exposing sensitive information. For evaluation, a state-of-the-art InterClass xApp, which detects jamming signals using RAN key performance metrics (KPMs), is implemented. Testing on an LTE/5G O-RAN testbed shows that ZT-RIC preserves data confidentiality while achieving 97.9% accuracy in jamming detection and meeting sub-second latency requirements, with a round-trip time (RTT) of 0.527 seconds.

翻译：通过开放无线接入网络（O-RAN）架构推动的5G及下一代网络发展，正促使网络向虚拟化、模块化与解耦式配置转型。O-RAN的核心组件是无线接入网智能控制器（RIC），其通过机器学习驱动的xApp管理无线接入网，这些xApp需访问来自无线接入网和用户设备（UE）并存储于近实时RIC（Near-RT RIC）数据库中的敏感数据。这种共享开放环境增加了数据非授权暴露的风险。为解决这一问题，本文提出一种零信任RIC（ZT-RIC）框架，该框架能在包括RIC数据库、xApp及E2接口在内的整个RIC平台上保障数据隐私。ZT-RIC采用内积功能加密（IPFE）技术在基站端对无线接入网/用户设备数据进行加密，从而防止数据通过E2接口和共享数据库泄露。此外，ZT-RIC支持xApp在加密数据上执行推理运算而无需暴露敏感信息。为进行评估，我们实现了一个先进的InterClass xApp，该应用利用无线接入网关键性能指标（KPM）检测干扰信号。在LTE/5G O-RAN测试平台上进行的实验表明，ZT-RIC在保障数据机密性的同时，实现了97.9%的干扰检测准确率，并满足亚秒级时延要求——其往返时间（RTT）仅为0.527秒。