The Open Radio Access Network (RAN) represents a significant advancement in the ongoing evolution of mobile networks, transitioning from proprietary physical hardware to virtualised network functions. Open RAN advocates for a disaggregated RAN utilising commercial off-the-shelf (COTS) hardware. The O-RAN Alliance is the preeminent organisation in the Open RAN initiative, guiding the industry towards a vendor-neutral radio access network characterised by open interfaces and protocols. The introduction of RAN Intelligent Controllers (RICs) and the ability to deploy third-party services on these RICs expedite the innovation within the RAN. The two RICs, non-real-time RIC and near-real-time RIC, enhance the operation of RAN by facilitating the deployment of third-party services, either as an rApp for non-real-time RIC or as an xApp for near-real-time RIC. However, this new disaggregated and open RAN expands the threat surface and introduces novel security and privacy challenges that were previously absent, and these issues remain unaddressed. The introduction of new stakeholders, such as third-party application providers and cloud service providers, into the RAN ecosystem presents potential vulnerabilities. This paper proposes a hierarchical management strategy to tackle security challenges in Open RAN, enabling authorisation, authentication, and monitoring for third-party applications. Experimental evaluations across multiple configurations demonstrate that the proposed framework is scalable and imposes minimal overhead, making it a practical solution for securing next-generation RAN deployments.
Fernando, P, Porambage, P, Liyanage, M, Steenhaut, K & Braeken, A 2025, Securing xApps in Open RAN: A Hierarchical Approach to Authentication and Authorisation. in 2025 IEEE Conference on Communications and Network Security (CNS). IEEE Conference on Communications and Network Security, IEEE, Avignon, France, IEEE Conference on Communications and Network Security, Avignon, France, 8/09/25. https://doi.org/10.1109/CNS66487.2025.11195058
Fernando, P., Porambage, P., Liyanage, M., Steenhaut, K., & Braeken, A. (2025). Securing xApps in Open RAN: A Hierarchical Approach to Authentication and Authorisation. In 2025 IEEE Conference on Communications and Network Security (CNS) (IEEE Conference on Communications and Network Security). IEEE. https://doi.org/10.1109/CNS66487.2025.11195058
@inproceedings{a95f19b6624c4928a7f8424b07276d71,
title = "Securing xApps in Open RAN: A Hierarchical Approach to Authentication and Authorisation",
abstract = "The Open Radio Access Network (RAN) represents a significant advancement in the ongoing evolution of mobile networks, transitioning from proprietary physical hardware to virtualised network functions. Open RAN advocates for a disaggregated RAN utilising commercial off-the-shelf (COTS) hardware. The O-RAN Alliance is the preeminent organisation in the Open RAN initiative, guiding the industry towards a vendor-neutral radio access network characterised by open interfaces and protocols. The introduction of RAN Intelligent Controllers (RICs) and the ability to deploy third-party services on these RICs expedite the innovation within the RAN. The two RICs, non-real-time RIC and near-real-time RIC, enhance the operation of RAN by facilitating the deployment of third-party services, either as an rApp for non-real-time RIC or as an xApp for near-real-time RIC. However, this new disaggregated and open RAN expands the threat surface and introduces novel security and privacy challenges that were previously absent, and these issues remain unaddressed. The introduction of new stakeholders, such as third-party application providers and cloud service providers, into the RAN ecosystem presents potential vulnerabilities. This paper proposes a hierarchical management strategy to tackle security challenges in Open RAN, enabling authorisation, authentication, and monitoring for third-party applications. Experimental evaluations across multiple configurations demonstrate that the proposed framework is scalable and imposes minimal overhead, making it a practical solution for securing next-generation RAN deployments.",
keywords = "5G, Open RAN, Security, xApp",
author = "Pramitha Fernando and Pawani Porambage and Madhusanka Liyanage and Kris Steenhaut and An Braeken",
note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; IEEE Conference on Communications and Network Security, IEEE CNS ; Conference date: 08-09-2025 Through 11-09-2025",
year = "2025",
month = oct,
day = "15",
doi = "10.1109/CNS66487.2025.11195058",
language = "English",
isbn = "979-8-3315-3857-6",
series = "IEEE Conference on Communications and Network Security",
publisher = "IEEE",
booktitle = "2025 IEEE Conference on Communications and Network Security (CNS)",
url = "https://cns2025.ieee-cns.org/",
}