5G and beyond cellular systems embrace the disaggregation of Radio Access Network (RAN) components, exemplified by the evolution of the fronthual (FH) connection between cellular baseband and radio unit equipment. Crucially, synchronization over the FH is pivotal for reliable 5G services. In recent years, there has been a push to move these links to an Ethernet-based packet network topology, leveraging existing standards and ongoing research for Time-Sensitive Networking (TSN). However, TSN standards, such as Precision Time Protocol (PTP), focus on performance with little to no concern for security. This increases the exposure of the open FH to security risks. Attacks targeting synchronization mechanisms pose significant threats, potentially disrupting 5G networks and impairing connectivity. In this paper, we demonstrate the impact of successful spoofing and replay attacks against PTP synchronization. We show how a spoofing attack is able to cause a production-ready O-RAN and 5G-compliant private cellular base station to catastrophically fail within 2 seconds of the attack, necessitating manual intervention to restore full network operations. To counter this, we design a Machine Learning (ML)-based monitoring solution capable of detecting various malicious attacks with over 97.5% accuracy.

翻译：5G及未来蜂窝系统正采用无线接入网（RAN）组件的解耦架构，其典型体现是蜂窝基带与射频单元设备间前传（FH）连接的演进。至关重要的是，前传上的同步对于可靠的5G服务至关重要。近年来，业界正推动将这些链路迁移至基于以太网的分组网络拓扑，利用现有标准及面向时间敏感网络（TSN）的持续研究成果。然而，TSN标准（如精确时间协议（PTP））主要关注性能，几乎未考虑安全性。这增加了开放前传面临安全风险的可能性。针对同步机制的攻击构成重大威胁，可能破坏5G网络并损害连接性。本文中，我们展示了针对PTP同步的成功欺骗与重放攻击所产生的影响。我们证明欺骗攻击能够在攻击发起后2秒内导致一个生产就绪的O-RAN与5G合规私有蜂窝基站发生灾难性故障，需要人工干预才能恢复完整的网络运行。为应对此问题，我们设计了一种基于机器学习（ML）的监测方案，能够以超过97.5%的准确率检测多种恶意攻击。