簡易檢索 / 詳目顯示

回結果列表
研究生: Ferlinda Feliana
Ferlinda Feliana
論文名稱: 開放基站前傳介面上的控制/使用者平面阻斷服務式攻擊評估
Evaluation of Control/User-Plane Denial-of-Service (DoS) Attack on O-RAN Fronthaul Interface
指導教授: 鄭瑞光
Ray-Guang Cheng
口試委員: 孫雅麗
呂政修
查士朝
許騰尹
學位類別: 碩士
Master
系所名稱: 電資學院 - 電子工程系
Department of Electronic and Computer Engineering
論文出版年: 2023
畢業學年度: 111
語文別: 英文
論文頁數: 68
外文關鍵詞: C/U-Plane
相關次數: 點閱:277下載:9
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • Open fronthaul is a new attack surface introduced by O-RAN architec- ture. Unauthorized access to open fronthaul can lead to potential loss of availability in different planes of open fronthaul, which includes C-Plane (control) and U-Plane (user). In this paper, we developed a C/U-Plane attacker tool to observe the impact of a DoS attack against C/U-Plane of O-DU and O-RU. Using our tool, we launched different attack scenarios in an end-to-end environment using different traffic types, rates, and source MAC addresses. We further evaluate its impact on the resulting throughput, block error rate (BLER), and resulting log of O-DU Low.

    RecommendationLetter........................ ii ApprovalLetter ............................ iii AbstractinChinese .......................... iii AbstractinEnglish .......................... iii Acknowledgements.......................... iv Contents................................ v ListofFigures............................. viii ListofTables ............................. x ListofAlgorithms........................... xi 1 Introduction ............................ 1 2 BackgroundandRelatedWork .................. 6 2.1 OpenRadioAccessNetwork(O-RAN) . . . . . . . . . . 6 2.2 OpenFronthaulInterface.................. 8 2.3 C/U-PlaneDataFlow.................... 9 2.4 C/U-PlaneFrameStructure................. 11 2.5 Threat Model and Security Specification of Open Fronthaul 15 2.6 RelatedWorks........................ 18 3 SystemArchitecture........................ 21 4 C/U-PlaneAttackerDevelopment................. 23 4.1 Preliminaries ........................ 23 4.2 PCAPFileGenerator .................... 24 4.3 O-RAN Fronthaul Packet Dissector/Editor . . . . . . . . . 24 4.4 DPDK-burst-replay based DoS Transmitter . . . . . . . . 25 5 ExperimentResults ........................ 27 5.1 Scenario1.......................... 32 5.1.1 DoSSourceMACaddresses............ 32 5.1.2 DoS Volumetric tiers (10Mbps, 100Mbps, 1Gbps) 34 5.1.3 U-Planemessagesupport.............. 34 5.1.4 CPU usage reduction compared to previous approach 34 5.2 Scenario2:EmpiricalResult................ 35 5.2.1 TIFG-based attack on two different topology . . . 37 5.2.2 C/U-Plane DoS Attack towards O-DU . . . . . . 38 5.2.3 C/U-Plane DoS Attack towards O-RU . . . . . . 46 5.3 Scenario2:ExperimentalAnalysis . . . . . . . . . . . . . 53 5.3.1 O-DU........................ 53 5.3.2 O-RU........................ 56 5.4 LimitationandFutureDirection .............. 57 5.5 KeyTakeaways ....................... 59 6 Conclusions ............................ 62 6.1 FutureWorks ........................ 63 References............................... 64 LetterofAuthority .......................... 68

    [1] O-RAN Alliance, “O-ran white paper,” tech. rep., O-RAN Alliance, October 2018.
    [2] D. Wypiór, M. Klinkowski, and I. Michalski, “Open ranmdash;radio access network evolution, ben-
    efits and market trends,” Applied Sciences, vol. 12, no. 1, 2022.
    [3] F. Klement, S. Katzenbeisser, V. Ulitzsch, J. Krämer, S. Stanczak, Z. Utkovski, I. Bjelakovic, and G. Wunder, “Open or not open: Are conventional radio access networks more secure and trustworthy than open-ran?,” 2022.
    [4] O-RAN Alliance, “O-RAN Fronthaul Working Group Control, User and Synchronization Plane Spec- ification,” tech. rep., O-RAN Alliance, Mar. 2023. v.11.00.
    [5] O-RAN Alliance, “O-RAN Fronthaul Working Group Management Plane Specification,” tech. rep., O-RAN Alliance, Mar. 2023. v.11.00.
    [6] O-RAN Alliance, “O-RAN Security Work Group Threat Modeling and Remediation Analysis,” tech. rep., O-RAN Alliance, Mar. 2023. v.05.00.
    [7] O-RAN Alliance, “O-RAN ALLIANCE Test and Integration Focus Group End-to-end Test Specifi- cation,” tech. rep., O-RAN Alliance, Oct. 2022. v.04.00.
    [8] W. Bonasera, M. M. Chowdhury, and S. Latif, “Denial of service: A growing underrated threat,” in
    2021 International Conference on Electrical, Computer, Communications and Mechatronics Engi- neering (ICECCME), pp. 1–6, 2021.
    [9] O-RAN Alliance, “O-RAN ALLIANCE Test and Integration Focus Group End-to-end Test Specifi- cation,” tech. rep., O-RAN Alliance, Jul. 2020. v.02.00.
    [10] N. Instruments, “An introduction to o-ran.” https://www.ni.com/content/dam/web/pdfs/ white-paper/Introduction-to_ORAN-WP.pdf, 2020.
    [11] O-RAN ALLIANCE, “O-ran use cases and deployment scenarios,” tech. rep., O-RAN ALLIANCE, 2020.
    [12] O-RAN Alliance, “About O-RAN ALLIANCE.” https://www.o-ran.org/about.
    [13] O-RAN Working Group 1, O-RAN Architecture Description. O-RAN Alliance, Jul. 2022.
    [14] F. A. Bimo, F. Feliana, S.-H. Liao, C.-W. Lin, D. F. Kinsey, J. Li, R. Jana, R. Wright, and R.-G. Cheng, “Osc community lab: The integration test bed for o-ran software community,” in 2022 IEEE Future Networks World Forum (FNWF), pp. 513–518, 2022.
    [15] P. Lédl and et al., “O-RAN TOWN: Piloting a high-power multivendor open ran solution in a brown- field network,” tech. rep., Deutsche Telekom AG, 2023.
    [16] D. Wypiór, M. Klinkowski, and I. Michalski, “Open ran—radio access network evolution, benefits and market trends,” Applied Sciences, vol. 12, pp. 1–18, 01 2022.
    [17] 3GPP, “TR 38.801 V14.0.0: Study on new radio access technology - radio access architecture and interfaces,” Technical Report 38.801, 3GPP, March 2017.
    [18] Cisco, “Comparing lower layer splits for open fronthaul deployments,” 2021. [Online].
    [19] A. Umesh, T. Yajima, T. Uchino, and S. Okuyama, “Overview of o-ran fronthaul specification,” NTT
    DOCOMO Technical Journal, vol. 21, pp. 46–59, 2019.
    [20] Common Public Radio Interface (CPRI) Cooperation, “ecpri specification.” Online, 2020. Version
    2.0.
    [21] U. of Tennessee, “Unauthorized access.” [Online].
    [22] T. Grance and et al., “Nist sp 800-61 revision 2, computer security incident handling guide,” Special Publication 800-61 Revision 2, National Institute of Standards and Technology (NIST), August 2012. [Online].
    [23] M. Liyanage, A. Braeken, S. Shahabuddin, and P. Ranaweera, “Open ran security: Challenges and opportunities,” Journal of Network and Computer Applications, vol. 214, p. 103621, 2023.
    [24] A. S. Abdalla and V. Marojevic, “End-to-end o-ran security architecture, threat surface, coverage, and the case of the open fronthaul,” 2023.
    [25] J. Y. Cho and A. Sergeev, “Secure open fronthaul interface for 5g networks,” in Proceedings of the 16th International Conference on Availability, Reliability and Security, ARES 21, (New York, NY, USA), Association for Computing Machinery, 2021.
    [26] J. Y. Cho, A. Sergeev, and J. Zou, “Securing ethernet-based optical fronthaul for 5g network,” in Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES ’19, (New York, NY, USA), Association for Computing Machinery, 2019.
    [27] D. Dik and M. S. Berger, “Transport security considerations for the open-ran fronthaul,” in 2021 IEEE 4th 5G World Forum (5GWF), pp. 253–258, 2021.
    [28] S.-H. Liao, C.-W. Lin, F. A. Bimo, and R.-G. Cheng, “Development of c-plane dos attacker for o- ran fhi,” in Proceedings of the 28th Annual International Conference on Mobile Computing And Net- working, MobiCom ’22, (New York, NY, USA), p. 850–852, Association for Computing Machinery, 2022.
    [29] S.-H. Liao, “Performance evaluation of o-ran fronthaul interface under c-plane dos attack,” m.s. thesis, National Taiwan University of Science and Technology, Taiwan, 2022.
    [30] O-RAN Software Community, “OSC DU-Low Gerrit.”
    [31] P. Bressler, C. Leres, and P. Haddad, “Scapy.” https://scapy.net/, 2003–.
    [32] FraudBuster, “dpdk-burst-replay.” https://github.com/FraudBuster/dpdk-burst-replay.
    [33] M. Polese, L. Bonati, S. D’Oro, S. Basagni, and T. Melodia, “Understanding o-ran: Architecture, interfaces, algorithms, security, and research challenges,” IEEE Communications Surveys Tutorials, vol. 25, no. 2, pp. 1376–1411, 2023.
    [34] DPDK contributors, “DPDK 19.11.” https://doc.dpdk.org/guides-19.11/, 2019. Online doc- umentation.
    [35] “TCPdump.” https://www.tcpdump.org.
    [36] Wireshark.org, “Wireshark.”
    [37] The Linux man-pages project, “top - linux man page.” https://man7.org/linux/man-pages/ man1/top.1.html, <year>.
    [38] W. McKinney, Pandas: Powerful data analysis toolkit. Pandas Development Team, 2021. Online documentation.
    [39] M. Waskom and S. contributors, Seaborn: Statistical data visualization. Seaborn Development Team, 2021. Online documentation.
    [40] J. D. Team, Jupyter Notebook. Jupyter Development Team, 2021. Online documentation.
    [41] H. P. Enterprise, “Layer 2 lan configuration guide for arubaos-switch 16.10.” [Online]. Available:
    https://techhub.hpe.com/eginfolib/networking/docs/switches/5940/5200-1018b_ l2-lan_cg/content/491966096.htm, Accessed 2023.
    [42] J. Networks, “Mac learning.” [Online]. Available: https://www.juniper.net/documentation/ us/en/software/junos/multicast-l2/topics/topic-map/mac-learning.html.
    [43] O-RAN Software Community (O-RAN SC) - O-DU PHY, “O-ran library design.” [On- line]. Available: https://docs.o-ran-sc.org/projects/o-ran-sc-o-du-phy/en/latest/ xRAN-Library-Design_fh.html, 2023.
    [44] O-RAN Software Community (O-RAN SC), “O-DU PHY Repository.” [Online]. Available: https: //github.com/o-ran-sc/o-du-phy, 2023.
    [45] IEEE, “Ieee 802.1x security,” 2023. [Online].
    [46] Fortinet, “Understanding nac,” white paper, Fortinet White Papers, 2023. [Online].
    [47] Cybersecurity and Infrastructure Security Agency (CISA), “Open Radio Access Network Security Considerations,” technical report, CISA Publications, 2023. [Online].
    [48] O-RAN Alliance WG11, “Security Test Specification 4.0 (O-RAN.WG11.SecTestSpecs-v04.00),” Working Group Document O-RAN.WG11.SecTestSpecs-v04.00, O-RAN Alliance, June 2023.
    [49] O-RAN Alliance WG11, “Security Requirements Specifications 4.0 (O-RAN.WG11.SecTestSpecs- v04.00),” Working Group Document O-RAN.WG11.SecTestSpecs-v04.00, O-RAN Alliance, June 2023.
    [50] D. Dik and M. S. Berger, “Open-ran fronthaul transport security architecture and implementation,” IEEE Access, vol. 11, pp. 46185–46203, 2023.
    [51] National Telecommunications and Information Administration (NTIA), “Open RAN Security Re- port,” technical report, NTIA Publications, 2023. [Online].
    [52] IEEE, “Ieee 802.1ae security,” 2023. [Online].
    [53] srsRAN, “Github discussion: Title of the discussion.” [Online]. Available: https://github.com/
    srsran/srsRAN_Project/discussions/90.

    QR CODE