Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments

Felix Klement,Alessandro Brighente,Michele Polese,Mauro Conti,Stefan Katzenbeisser
2024-05-03
Abstract:In this paper, we investigate the security implications of virtualized and software-based Open Radio Access Network (RAN) systems, specifically focusing on the architecture proposed by the O-RAN ALLIANCE and O-Cloud deployments based on the O-RAN Software Community (OSC) stack and infrastructure. Our key findings are based on a thorough security assessment and static scanning of the OSC Near Real-Time RAN Intelligent Controller (RIC) cluster. We highlight the presence of potential vulnerabilities and misconfigurations in the Kubernetes infrastructure supporting the RIC, also due to the usage of outdated versions of software packages, and provide an estimation of their criticality using various deployment auditing frameworks (e.g., MITRE ATT&CK and the NSA CISA). In addition, we propose methodologies to minimize these issues and harden the Open RAN virtualization infrastructure. These encompass the integration of security evaluation methods into the deployment process, implementing deployment hardening measures, and employing policy-based control for RAN components. We emphasize the need to address the problems found in order to improve the overall security of virtualized Open RAN systems.
Cryptography and Security
What problem does this paper attempt to address?
The problem that this paper attempts to solve is the security issues in virtualized and software - defined Open Radio Access Network (Open RAN) systems, especially the potential vulnerabilities and configuration errors in the Kubernetes platform based on the O - RAN ALLIANCE architecture and O - Cloud deployment. Specifically, the authors focus on the security risks in the Near Real - Time RAN Intelligent Controller (RIC) cluster provided by the O - RAN Software Community (OSC). ### Main problems include: 1. **Potential vulnerabilities and configuration errors**: - Through static scanning and quantitative evaluation methods, the authors found a large number of potential security vulnerabilities and configuration errors in the Kubernetes infrastructure. These vulnerabilities are mainly due to the use of outdated software package versions. - Specifically, they found 792 vulnerabilities, of which 16 are critical - level vulnerabilities that can lead to serious consequences such as remote code execution. 2. **Outdated software versions**: - The versions of dependencies used in official documents and installation scripts are very old and no longer supported. For example, Kubernetes 1.16.0, CNI 0.7.5, Docker 20.10.21 and Helm 3.5.4 all have multiple known security vulnerabilities. 3. **Cluster configuration errors**: - Problems such as not setting resource limits, allowing privilege escalation, and enabling anonymous access were found in the Kubernetes cluster, and these problems can be fixed through appropriate configuration. ### Solution suggestions: 1. **Integrate security evaluation methods**: - Integrate security evaluation methods into the deployment process to ensure that security checks can be carried out for each deployment, and potential security problems can be discovered and fixed in a timely manner. 2. **Deploy hardening measures**: - Harden the Kubernetes API server to prevent malicious attackers from using the API server to cause damage. - Implement Pod security policies to control the communication between Pods and prevent unauthorized access. 3. **Policy control**: - Introduce a policy - based control mechanism to ensure the security of RAN components, and regularly update and check all components. In short, this paper aims to improve the overall security of virtualized and software - defined Open RAN systems by identifying and analyzing security vulnerabilities in Open RAN systems and proposing corresponding solutions.