The next generation of cellular networks will be characterized by openness, intelligence, virtualization, and distributed computing. The Open Radio Access Network (Open RAN) framework represents a significant leap toward realizing these ideals, with prototype deployments taking place in both academic and industrial domains. While it holds the potential to disrupt the established vendor lock-ins, Open RAN's disaggregated nature raises critical security concerns. Safeguarding data and securing interfaces must be integral to Open RAN's design, demanding meticulous analysis of cost/benefit tradeoffs. In this paper, we embark on the first comprehensive investigation into the impact of encryption on two pivotal Open RAN interfaces: the E2 interface, connecting the base station with a near-real-time RAN Intelligent Controller, and the Open Fronthaul, connecting the Radio Unit to the Distributed Unit. Our study leverages a full-stack O-RAN ALLIANCE compliant implementation within the Colosseum network emulator and a production-ready Open RAN and 5G-compliant private cellular network. This research contributes quantitative insights into the latency introduced and throughput reduction stemming from using various encryption protocols. Furthermore, we present four fundamental principles for constructing security by design within Open RAN systems, offering a roadmap for navigating the intricate landscape of Open RAN security.

翻译：下一代蜂窝网络将以开放性、智能化、虚拟化与分布式计算为特征。开放式无线接入网络（Open RAN）框架是实现这些理想的重要飞跃，其原型部署已在学术和工业领域展开。尽管Open RAN有望打破现有厂商锁定格局，但其解耦特性引发了关键安全问题。保护数据与保障接口安全必须纳入Open RAN设计核心，要求对成本效益权衡进行细致分析。本文首次系统研究了加密技术对两大关键Open RAN接口的影响：连接基站与近实时RAN智能控制器的E2接口，以及连接射频单元与分布式单元的开放前传接口。我们在Colosseum网络模拟器上采用完整堆栈的O-RAN联盟合规实现，并结合生产级Open RAN与5G兼容私有蜂窝网络开展研究。该工作量化揭示了不同加密协议所引入的时延增加与吞吐量降低，并提出了在Open RAN系统中构建安全设计原则的四项基本准则，为应对Open RAN安全领域的复杂挑战提供了路线图。