Cybersecurity Evaluation for Open RAN Components of 5G System (D30a)
Open RAN technology (and in general multi-vendor mobile network) is a novel approach for the building of mobile networks that assumes the open definition of interfaces for the separation of functionalities of the network modules (called Network Functions). The presentation refers to our proposal of cybersecurity evaluation methodology for Open RAN products. From the cybersecurity perspective, the proposal comprises conventional security requirements for 5G components as specified by 3GPP (series TS 33.xxx), combined with security requirements for the new interfaces and functions defined in Open RAN architecture by O-RAN Alliance (O-RAN WG11) and other industrial trends to security controls such as the ones used by Mobile Network Operators. From the evaluation perspective, the approach used is based on EN 17640 “Fixed-time cybersecurity evaluation methodology”, with specific approach to penetration testing based on Common Criteria.
The presentation discusses preliminary evaluation results for O-DU module of Open RAN system.
Authors:
Elżbieta Andrukiewicz, National Institute of Telecommunications, Warsaw, Poland
Piotr Krawiec, National Institute of Telecommunications, Warsaw, Poland
Jordi Mongay Batalla, Warsaw University of Technology, Poland