EvORAN

Evaluation of Open RAN network equipment including underlying

Coach Name

Juan Juan, Ph.D.

EU Organization

Warsaw University of Technology, Poland

Members

  • Jordi Mongay Batalla (Ph.D., D.Sc., Prof.)
  • Constandinos X. Mavromoustakis (Ph.D., D.Sc., Prof.)
  • Piotr Krawiec (Ph.D)

US Organization

University of Maryland

Members

  • Houbing Song (Ph.D.)
  • Safayet Bin Hakim

Project Overview

The EvORAN project aims to establish a comprehensive security assurance framework for Open Radio Access Network (O-RAN) technology in the mobile telecommunications industry, particularly targeting smaller Mobile Network Operators (MNOs) who traditionally lack resources to conduct extensive security evaluations. O-RAN technology offers a flexible, cost-effective alternative for 5G network deployment, but its open architecture also presents unique security challenges. EvORAN empowers MNOs with independent evaluation tools and methodologies that comply with industry standards, enabling them to assess the security of their O-RAN networks without relying solely on vendor-provided assurances.

The project is aligned with security and performance guidelines set by the 3GPP’s Security Assurance Specifications (SCAS) and O-RAN Alliance recommendations. This compliance helps MNOs in ensuring that their network components meet essential security and resilience benchmarks. By offering an open-source, modular approach, EvORAN democratizes access to security evaluations, providing a baseline for secure, reliable, and scalable O-RAN deployments.

Methods and approaches

Security Assurance Framework for Modular O-RAN Testing

The framework developed by EvORAN addresses O-RAN’s unique modularity by adapting traditional security testing methods to each network layer. This includes:

Conformance Testing: Ensures that components align with O-RAN and NESAS standards.

Fuzz Testing: Identifies vulnerabilities by injecting malformed data inputs and observing component responses.

Port Scanning and Traffic Monitoring: Detects unauthorized access points and unexpected traffic patterns, which could indicate vulnerabilities.

Repeatable and Reliable Testing Mechanisms

EvORAN’s suite includes a non-repudiation module that securely links test outcomes with specific equipment identifiers, test configurations, and software versions. This capability enables MNOs to perform evaluations consistently over time, tracking changes in equipment or configurations to ensure security as networks evolve. Repeatability also supports ongoing compliance efforts without requiring third-party involvement, reducing costs and simplifying processes for small MNOs.

Structured Evaluation Timelines with the EN 17640:2022 FITCEM Standard

By implementing the FITCEM standard, EvORAN provides structured evaluation timelines that are predictable and manageable for MNOs. This standard-based approach allows evaluations to be completed within defined timeframes, ensuring that small MNOs can meet compliance requirements effectively without extensive delays.

Key Achievements

Development and Deployment of Security Testing Tools

EvORAN successfully launched three primary tools to evaluate the security of O-RAN equipment:

Fuzzers for Distributed Units: To simulate real-world attack vectors by exposing vulnerabilities in data processing.

Port Scanners for Radio Intelligent Controllers and Centralized Units: Ensures only authorized services are accessible on the network.

Traffic Monitoring Modules: To support anomaly detection in data flows, particularly between critical O-RAN components, facilitating real-time monitoring for potential security breaches.

Collaboration with Industry Stakeholders and Standardization Bodies

EvORAN engaged with prominent bodies such as ENISA (European Union Agency for Cybersecurity) and the O-RAN Alliance’s Security Working Group, aligning EvORAN tools with globally accepted security protocols. This collaboration promotes the adoption of EvORAN’s methodologies within the larger telecommunications industry, especially among stakeholders who manage O-RAN deployments.

Public Education, Community Engagement, and Standard Contributions

EvORAN’s findings and tools have been disseminated widely to support community awareness and engagement in secure O-RAN practices. The team presented results at major industry events such as the Mobile World Congress (MWC) and published relevant papers in academic and industry journals. These contributions reinforce EvORAN’s role as a pioneer in creating accessible security assurance frameworks for open telecommunications networks.

Impact & Results

Scientific Impact

Advanced security assurance methods for O-RAN technology, providing rigorous testing frameworks that enhance understanding and management of 5G network security.

Environmental Impact

Supported more energy-efficient network deployments through flexible, modular O-RAN designs, contributing to reduced energy consumption and a smaller environmental footprint.

Economic Impact

Lowered financial barriers for smaller MNOs to achieve security compliance, thereby fostering a more competitive and diverse telecommunications market.

Reduced operational costs through modular O-RAN deployments, supporting cost-effective, scalable network configurations.

Social Impact

Democratized access to security tools, enabling smaller network operators to provide secure, high-quality 5G services.

Expanded the ability of various stakeholders to participate in the 5G ecosystem, potentially improving connectivity and quality of life in more communities.

Publications and Open-Source Contributions

  • Grace Khayat, Constandinos X Mavromoustakis, Jordi Mongay Batalla, Andreas Pitsillides, “Multiple Redundant Weighted Clustered Scheme with Dynamic Weights Adjustment for Damaged S-UAV”. In Proceedings of the IEEE International Workshop on Computer Aided Modeling and Design of Communication Links and Networks, Athens, Greece, 21–23 October 2024
  • Andreas Andreou, Constandinos X. Mavromoustakis, Houbing Song, German Peinado Gomez4 and Jordi Mongay Batalla, “Transforming Aging in the Metaverse: Embracing Virtual Communities for Enhanced Well-being and Empowerment” Chapter 16 in IET “Advanced Metaverse Wireless Communication Systems” book.
  • Jordi Mongay Batalla, “Featured Papers on Network Security and Privacy”, published in the Journal of Sensor and Actuator Networks (2024).

Future directions

EvORAN aims to solidify its role in O-RAN security assurance by pursuing further development in several areas:

Expansion of Security Testing Capabilities:

EvORAN seeks to broaden its toolset to include additional functionalities, such as automated testing and machine learning-driven anomaly detection, which would further enhance O-RAN security capabilities for MNOs.

Strengthened Collaboration with Global Standards Organizations:

Continuing partnerships with bodies like the O-RAN Alliance, EvORAN will contribute to the development of globally unified security specifications, supporting interoperability and streamlined compliance across jurisdictions.

Increased Industry Engagement:

To ensure sustainability, EvORAN is exploring sponsorship opportunities with NEPs and MNOs to support the ongoing development and application of its tools. By building partnerships with commercial stakeholders, EvORAN aims to secure the resources necessary for long-term advancement and impact in O-RAN security.

By pursuing these avenues, EvORAN is positioned to make a lasting contribution to the telecommunications industry, fostering a secure and accessible O-RAN ecosystem that supports the equitable growth of 5G infrastructure worldwide.