Networking Dreamstime Vittaya Sinlapasart 218393412

5G Fuels Shift to O-RAN Architectures—and Its Security Challenges

Sept. 14, 2022
As the telecom industry evolves from a proprietary hardware-driven world to 5G O-RAN architectures, addressing all possible security concerns has become the top priority for network equipment vendors and service providers.

What you’ll learn:

  • How the adoption of 5G is driving the telecommunications industry to disaggregate previously enclosed system designs.
  • The security challenges faced by network equipment vendors and service providers in an Open Radio Access Network (O-RAN) environment.
  • How FPGAs are well-suited to address security challenges related to O-RAN architectures.

Network evolution and the adoption of 5G is forcing telecommunication vendors to adapt at a rapid pace as more and more devices are expected to be connected to the network at any given time. In fact, 3.6 billion 5G connections are expected by 2025, and that number is expected to grow to 4.4 billion by 2027. In response, the telecom industry is beginning its transition to O-RAN (Open Radio Access Network)-type architectures to increase network flexibility and efficiency.

However, this shift doesn’t come without challenges. While moving to an O-RAN architecture opens all sorts of advanced network possibilities, it also dramatically increases the potential attack surface for a network. The attack surface is the totality of all vulnerabilities in connected hardware and software that are accessible to unauthorized users.

That risk of attack increases especially because O-RAN architectures enable system designers to mix and match hardware and software from different vendors. As a result, network architects and hardware designers must consider every possible connection and ensure that each is safe and secure—a multi-step process that’s easier said than done.

The Need for Platform Firmware Resiliency

As the attack surface of networks increases, it’s no longer a matter of whether a network will be attacked, but rather when it will happen. Therefore, hardware designers must move forward with platform firmware resiliency (PFR) in mind.

PFR is a cyber resiliency system that compute systems can count on to actively protect and keep themselves running and functional to a very high degree while under attack. The first step to achieving PFR is using a device that serves as a hardware root of trust (HRoT) to confirm a device’s firmware hasn’t been tampered with throughout its lifetime.

Because security threats begin at the hardware level, no matter how many connections there are across a network, designing with an HRoT device is critical to achieve PFR. Low-power FPGAs are particularly well-suited to serve as HRoTs because of their flexibility and small form factors. FPGAs with built-in cryptographic capabilities can encrypt and decrypt incoming and outgoing firmware data to ensure secure firmware updates.

Leveraging a Zero-Trust Security Model

Protecting the integrity of firmware is only the start to maintaining the security of hardware elements in O-RAN architectures. With O-RAN systems comprising different hardware from various vendors, any two endpoints that carry data pertaining to network functions or user data must be protected—a process also known as “securing the wire.” When leveraging a zero-trust security model like securing the wire, every system component must confirm its authenticity to the host system using encrypted messages.

This is where FPGAs with built-in RISC-powered CPU cores come into play (see figure). With the inherent flexibility of FPGAs, CPU cores can be programmed to implement cryptographic and secure messaging protocols. Because FPGAs are reprogrammable, they’re ideal for accelerated scalability and can help hardware designers keep pace with 5G innovation without sacrificing security and designs.

Securing Data-Synchronization Connections

While securing the hardware elements in an O-RAN architecture is critical, so is securing the timing controls of data sent across a network’s hardware elements. Older closed RANs typically contain a shared clock signal that coordinates the bonding of radio signals coming in at different frequencies into a single chunk of digital data.

In an O-RAN system, such bonding still needs to happen. However, with radio units and distributed units now disaggregated, the shared clock signal is no longer an option.

Using the IEEE 1588 precision time protocol standard, O-RAN systems must time-stamp data packets so that they’re synchronized across components. FPGAs have historically been used as a reliable timing resource in various applications, and this remains true in O-RAN architectures. Thanks to the concurrent and consistent way FPGAs operate, they’re a perfect fit to meet the synchronization demands for functional-split options where radio units and distributed units are separated.

Addressing 5G O-RAN Architecture Security Challenges with FPGAs

As 5G continues to fuel the shift to O-RAN architectures, FPGAs, though small and easily overlooked, offer the flexibility, reliability, and low power consumption required to meet evolving security challenges found across networks. While serving as HRoT devices, powering zero-trust security models, and keeping data-synchronization timing controls tight and secure, FPGAs are playing a critical role in accelerating 5G O-RAN deployments.