NSF Award
2226443
This project will focus on the creation of an in-depth security architecture that integrates directly into the market-leading 5G Software-Defined Radio Access Network (SD-RAN) reference standard, currently in development by the leading international 5G industry consortium (O-RAN). The project introduces a cross-layer security architecture that leverages the modular extensibility of the new 5G software-defined architecture with services, applications, and protocol extensions to achieve a comprehensive runtime security management of 5G edge-to-core operations. It will augment and extend, not replace, the existing SD-RAN reference implementation with low-level application monitoring, machine learning, inline security compliance enforcement, identity management, and data provenance. The project is initiated at a critical moment in the 5G life cycle, particularly as 5G applications are increasingly developed for highly sensitive computing environments, such as military, government, industrial applications, and critical infrastructure. The project will dissect new 5G attack surfaces that have emerged from the SD-RAN design and will introduce security solutions from an experienced team of INFOSEC researchers, and an industry partner well-positioned to accelerate the transition of these solutions into the U.S. market. It decomposes the challenges of securing 5G networks into three focus areas: the User-to-RAN attack surface, threats against and within the RAN control plane, and threats that manifest through an analysis of RAN-to-core (the gateway between 5G and the Internet) operations.<br/><br/>The topic areas for this Convergence Accelerator project are decomposed into three complementary technical thrusts. First, the project will address threats that arise from hostile user equipment (UE) designed to attack RAN operations. It will investigate 5G-specific privacy and security attacks that span across the user edge, from 5G phones, IoTs, and sensor nets to automotive. UE attacks against SD-RANs will be analyzed, and new security service enhancements to the RAN will be proposed to detect and counter these attacks. Second, the project will design security extensions to the 5G SD-RAN control plane, based on a framework of in-depth 5G-specific security telemetry, automated policy generation, ML-based modeling, runtime policy enforcement, and provenance-based data flow protection. Finally, the project will design 5G-aware P4-enabled security services that can interplay with the SD-RAN control layer, offering novel and scalable methods to integrate core-to-edge defenses. The benefits of this project are multi-faceted. A primary goal is to improve 5G UE-edge security for diverse communities, including critical infrastructure providers, US DoD, and the society at a national scale. The security-enhanced SD-RAN will deliver features that are vital for addressing compliance directives that are pervasive within the DoD, U.S. government, and critical infrastructure operating environments. Another crucial project benefit is its contribution to the education and diversity of the future U.S. workforce. The team is composed of an educational institution and a research laboratory that are active in the preparation of the next generation of computer scientists needed to protect the U.S. from cyber attacks. In particular, the proposal incorporates a detailed education and participation plan that encourages the inclusion of graduate students, particularly women and minorities, and will build upon an ongoing collaboration with a non-profit focused on retaining women in R&D in the workforce. Throughout this project, students will help conduct the proposed research, academic papers, and support the preparation of our convergence material. This project will involve multiple graduate and undergraduate researchers, and incorporate specific plans to reach out to under-represented groups and encourage their direct participation in the proposed research.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
