V-RAN: security challanges for Telco

Telecom operators are looking to extend the benefits of virtualization to radio access networks. VRAN can raise new security challanges and expose a MNO to new security threats.

Telecom operators are looking to extend the benefits of virtualization to radio access networks (RANs). The idea behind the use of virtualization in the radio access network is decoupling software from hardware, transforming the typical network architecture from hardware-based to software-based. This leads to at least two main theoretical advantages: 1) more flexible and agile network with the possibility to quickly deliver customizable services based on new features and algorithms for streamlining resource usage. 2) The reduction of the need for expensive proprietary hardware thanks to the usage of commodity hardware based on the principles of Network Functions Virtualization (cost-effectivness). In the vRAN model, each base station—e.g. evolved Node B (eNodeB) in LTE—comprises a baseband unit (BBU) and remote radio units (RRUs), which are also referred to as remote radio heads (RRHs). The BBUs are virtualized. The vBBUs are deployed on multiple NFV platforms on industry standard x86 hardware and consolidated in centralized data centers, while remote radio heads (RRHs) are left at the cell sites at the edge of the network. vRAN leverages standard server hardware that cost-effectively scales up or down processing, memory, and I/O resources with demand and infuses the RAN with capacity for application intelligence to significantly improve service quality and reliability. Depending on how the eNodeB functions are split, the architecture also allows for Ethernet and IP fronthaul transport, which gives services providers more cost-effective options for fronthaul transport. For this reason, VRAN architecture are strongly targeted by mobile operators to improve radio performance of LTE networks, as well as it represents the radio architecture that will be adopted by 5G mobile networks. In this proposed talk we highlight new security challenges that will be faced by operators on the Radio Access Network. Going forward, we discuss a critical aspect in V-RAN innovation which is network virtualization. Then, we discuss other important aspects of V-RAN like poorly hardened commodity servers used in the deployments (outdated OS, outdated software packages, default OS installation and so on, no network traffic segregation on BBU and RRHs), needs of IPSEC between BBU and RRHs, the implementation of proprietary protocols between VRAN components and poor protocol stack implementations.