The Advanced Security Architectures for Next Generation Wireless (ASA-NGW) seeks to enhance emerging security standards and guidance efforts for 5G/6G Open RAN and Core technologies, advance the application of Zero Trust networking principles to 5G networks, and evaluate the status of leading open-source software platforms for 5G.
O-RAN technologies seek to transform radio access networks from single vendor solutions based upon proprietary appliances to a disaggregated network architecture of components and functions, with standardized open interfaces, and designed to be deployed in virtualized and cloud native environments. If successful, O-RAN technologies will create an open market for RAN products and services, reduce barriers to entry and spur innovation by evolving to software-based components operating on commodity hardware, and enable wireless network infrastructure to become distributed and dynamic systems that exploit centralized and edge computing infrastructure dynamically optimize performance, reduce operating expenses, and increase resilience.
While the desire for O-RAN technologies from the USG and the mobile service operator’s community is clear, there are many challenges to developing the consensus standards and testing programs necessary to ensure that multi-vendor O-RAN networks are interoperable, secure, and resilient.
The primary goals of the project are to assess, improve and expedite emerging O-RAN security standards and testing process to a level suitable for USG use in mission critical networks. Near term objectives are to (1) evaluate the O-RAN alliance testing and certification processes, and the current state of O-RAN Test and Interoperability Centers (OTICs), (2) evaluate current O-RAN security requirements and test specifications, (3) develop gap analyses of the suitability of existing O-RAN security requirements and testing processes for use by the USG, and (4) develop contributions to O-RAN specifications to address identified gaps and supplemental USG centric guidance to augment industry standards where necessary.
We will augment our standards research and participation with laboratory experimentation using a 5G Open Testbed developed in FY23. We will evaluate multiple 5G RAN and Core open source implementations against emerging security specifications and evaluate the implementation of O-RAN test methods against these implementations.
We will work primarily with the O-RAN Alliance, OTIC labs, and ATIS as necessary. We also collaborate within Government in interagency working groups (IWGs) focused on issues of 5G security and resilience for Federal systems.
Our initial focus is enhancing the security of virtualized, cloud native, O-RAN functions. We see this area as having both the greatest potential to increase overall network security and the greatest potential risk to the eventual commercial viability of O-RAN technologies. NIST staff will actively engage in the O-RAN alliance working groups on security (WG11), cloud infrastructure (WG11), near-real-time radio intelligent controller (WG3) and testing and integration working groups.
 O-RAN Alliance O-Cloud Security Analysis Report - https://oranalliance.atlassian.net/wiki/download/attachments/2221408283/O-RAN.WG11.O-CLOUD-Security-Analysis-TR.O-R004-v05.00.03.docx
See Additional Technical Details (below) for a complete listing of our contributions.
Rose S., et_al., Zero Trust Architecture (ZTA) for O-RAN, WG11-2023-08 Work Item Description, January 2024.
Rose S., Borchert O., Zero Trust Archtecture, ATIS TOPS Enhanced Zero Trust and 5G Meeting Series, February 2023.
Montgomery D., et. al. members of CSRIC 8 Working Group 3, Report on How Virtualization Technology Can Be Used to Promote 5G Security and Reliability, Communications Security, Reliability, and Interoperability Council VIII, December 2022.
Collaborators = ANDRO Computational Solutions, AT&T, Altiostar Networks, CTIA, Cisco, Comtech Telecommunications Corp., Cox Communications, Cybersecurity and Infrastructure Security Agency (CISA ECD), Dell, Dell Technologies, Deutsche Telekom, Ericsson, FCC, FirstNet, Hewlett Packard Enterprise, Intel Corporation, LLC, MITRE, Mavenir, Microsoft Corporation, Motorola Solutions, NTIA, National Security Agency (NSA), Nokia, Palo Alto Networks, Qualcomm Incorporated, Rakuten, Rural Wireless Association, T-Mobile USA, Verizon