The Open Radio Access Network (RAN) is a networking paradigm that builds on top of cloud-based, multi-vendor, open and intelligent architectures to shape the next generation of cellular networks for 5G and beyond. While this new paradigm comes with many advantages in terms of observatibility and reconfigurability of the network, it inevitably expands the threat surface of cellular systems and can potentially expose its components to several cyber attacks, thus making securing O-RAN networks a necessity. In this paper, we explore the security aspects of O-RAN systems by focusing on the specifications and architectures proposed by the O-RAN Alliance. We address the problem of securing O-RAN systems with an holistic perspective, including considerations on the open interfaces used to interconnect the different O-RAN components, on the overall platform, and on the intelligence used to monitor and control the network. For each focus area we identify threats, discuss relevant solutions to address these issues, and demonstrate experimentally how such solutions can effectively defend O-RAN systems against selected cyber attacks. This article is the first work in approaching the security aspect of O-RAN holistically and with experimental evidence obtained on a state-of-the-art programmable O-RAN platform, thus providing unique guideline for researchers in the field.

翻译：开放无线接入网络（O-RAN）是一种基于云化、多供应商、开放与智能架构的网络范式，旨在塑造5G及未来蜂窝网络的新一代技术。尽管这一新范式在网络的可观测性与可重构性方面具有诸多优势，但它不可避免地扩展了蜂窝系统的攻击面，并可能使其组件暴露于多种网络攻击之下，因此保障O-RAN网络的安全性成为必要。本文聚焦于O-RAN联盟提出的规范与架构，探讨了O-RAN系统的安全层面。我们以整体视角解决O-RAN系统安全问题，涵盖用于互联不同O-RAN组件的开放接口、整体平台以及用于监控与管控网络的智能机制。针对每个重点领域，我们识别了安全威胁，讨论了应对这些问题的相关解决方案，并通过实验验证了所选方案如何有效防御特定网络攻击。本文是首篇从整体视角并基于先进可编程O-RAN平台获取实验证据来探讨O-RAN安全性的研究，从而为该领域的研究人员提供了独特指导。