ACL Digital
May 9, 2025
5 Minutes read
Secure 5G Networks with O-RAN Architecture: Benefits, Security Standards
As 5G continues to redefine how we connect, communicate, and collaborate, security becomes the cornerstone of its success. The O-RAN Alliance is leading the charge in creating a more open, flexible, and secure 5G Radio Access Network (RAN) architecture. Building on 3GPP standards, O-RAN introduces further disaggregation of RAN components, enabling a transparent and scalable ecosystem that fosters innovation and security by design.
The Need for an Open and Secure RAN Architecture
As traditional RAN architectures can pose limitations on deployment flexibility and scalability that might be vendor-locked and monolithic. With the following solutions, O-RAN overcomes these challenges by:
- Simplifying orchestration to suit various deployment scenarios
- Enabling intelligence and analytics at optimal locations within the network
- Supporting efficient and independent upgrades of RAN functions
- Reducing costs through a multi-vendor, competitive ecosystem
- Utilizing cloud-native principles for elastic scaling and service availability
Understanding O-RAN Architecture
O-RAN builds upon the traditional RAN architecture defined by 3GPP. It introduces further disaggregation of network components to enhance flexibility. This approach also encourages a broader and more competitive vendor ecosystem. By decoupling hardware and software and adopting open interfaces, O-RAN allows mobile network operators to deploy components independently, customize deployments for diverse use cases, introduce innovations more rapidly and scale infrastructure efficiently using cloud-native technologies.
Security Challenges in O-RAN Networks
Designing a secure O-RAN system requires thorough analysis and proactive measures to mitigate potential attacks. As the architecture introduces disaggregated components and open interfaces, it also brings new security challenges, such as:
- Securing communications between distributed RAN components
- Managing a diverse vendor ecosystem with varying security postures
- Ensuring trust in software supply chains
- Responding to configuration errors and insider threats
Each new component and interface must undergo a detailed threat assessment to prevent vulnerabilities. While disaggregation increases the attack surface, it also introduces greater transparency. Unlike traditional black-box systems, O-RAN’s open architecture allows for better alignment with recognized security standards and best practices.
To address these challenges, the O-RAN Security Focus Group (SFG) was formed. It works closely with stakeholders to analyze threats, assess risks, and recommend appropriate security controls, thereby enhancing the resilience of O-RAN deployments.
Security Advantages of the O-RAN Architecture
Interface Security
The disaggregation of the RAN introduces new interfaces between components such as the Distributed Unit (DU), Centralized Unit (CU), and Radio Unit (RU). O-RAN ensures these interfaces are secured through standards-defined mechanisms, including encryption, authentication, and integrity protection, safeguarding data in transit.
Software Security
O-RAN aligns with industry-leading best practices to ensure secure software development and delivery. This includes:
- Compliance with the OpenSSF Best Practices Badge Program, which promotes secure coding, code testing, verification, and signing to ensure high-quality, trustworthy software.
- Software Supply Chain Security, through mandatory inclusion of Software Bills of Materials (SBOM) for O-RAN software components, following frameworks such as those from the Department of Commerce (DoC) and NTIA.
Zero-Trust Security
O-RAN adopts a zero-trust architecture where:
- Every user, device, or service must be continuously authenticated, authorized, and monitored.
- The principle of least privilege is enforced, reducing the attack surface and mitigating risks from misconfigurations or insider threats. This model proactively strengthens the system against unauthorized access and lateral movement within the network.
Role of O-RAN Security Focus Group (SFG)
The O-RAN Security Focus Group (SFG) plays a central role in defining security guidelines across the entire O-RAN architecture. Working in close coordination with all O-RAN Working Groups (WGs), as well as organizations like GSMA, regulators, and standards development bodies, the SFG ensures alignment with global security requirements.
The SFG’s risk analysis and evaluation process follows recognized methodologies such as ISO 27005 and is carried out in collaboration with domain experts from operators, vendors, and regulatory entities. This collaborative approach ensures comprehensive threat modeling and effective mitigation strategies.
To support the open interfaces and disaggregated design of O-RAN, the SFG has released four key security specifications:
- O-RAN Security Threat Modeling and Remediation Analysis v2.01
- O-RAN Security Requirements Specifications v2.0
- O-RAN Security Protocols Specifications v3.0
- O-RAN Security Tests Specifications v1.0
O-RAN Security Specifications and Standards
The O-RAN security architecture is based on four security requirements that include the SFG work. The O-RAN ALLIANCE website offers the currently available SFG specifications, which were approved in July 2021.
O-RAN Security Threat Modeling and Remediation Analysis 2.0 1
A risk-based framework for managing security risks in O-RAN systems.
It follows the ISO 27005 standard for security risk management and provides a comprehensive threat analysis for O-RAN components and interfaces.
The document guides O-RAN vendors and operators on managing risks and building secure architectures.
O-RAN Security Requirements Specifications v1.0
Specifies security requirements for each O-RAN interface and component, focusing on confidentiality, integrity, availability, and access control.
Includes requirements for mandatory authentication, authorization, and protection mechanisms, like TLS and PKIX for secure communications.
O-RAN Security Protocols Specifications v2.0
Defines security protocols required for O-RAN implementations, including SSH, IPSec, DTLS, TLS (1.2, 1.3), and NETCONF, to ensure secure data transmission across network components.
O-RAN Security Tests Specifications v1.0
Provides test specifications to verify the proper implementation of security protocols and other security requirements. Covers areas such as protection against DDoS attacks, password protection, and vulnerability scanning.
O-RAN Security Threat Modeling and Remediation Analysis v2.1
An updated version of the earlier threat modeling document, with additional focus on the Fronthaul interface, including new threats related to synchronization and control planes.
O-RAN Security Protocols Specifications v3.0
Updates the security protocol specifications, mandating support for TLS 1.3 to align with NIST guidelines by 2024.
O-RAN Security Requirements Specifications v2.0 updated
Introduces additional support for TLS 1.2+ and PKIX for mutual authentication on the Fronthaul M-Plane.
Adds transversal requirements for protecting networks, services, and addressing software supply chain security with the inclusion of Software Bill of Materials (SBOM) for software deliveries.
Conclusion
With the expanding scope of 5G applications across diverse industries, security becomes a cornerstone of next-generation infrastructure. The O-RAN Alliance introduces an open 5G network architecture designed to support flexible deployments with robust security specifications. At ACL Digital, we actively contribute to building secure and scalable solutions by leveraging our deep expertise in embedded systems, cloud integration, and network security. Our end-to-end capabilities—ranging from secure hardware integration to custom software development—create a resilient platform for secure deployment. Backed by a proactive security team, we ensure rapid detection and response to vulnerabilities, helping our clients maintain a secure, future-ready 5G ecosystem.
