"Evaluation of Open RAN network equipment including underlying (EvORAN)", 2023-2024. Europe Horizon NGIsargasso (Financial Support to Third Parties), Grant No. 101092887. Project cost: 450 K PLN.


The Repository of the project can be accessed through LINK

Our primary objective is to establish a security assurance baseline for O-RAN networks by developing open-source tools for the security assessment of O-RAN solutions operating on open-cloud platforms. This addresses the current disconnect between O-RAN equipment and its broader commercial deployment, ensuring Mobile Network Operators (MNOs) can trust the underlying infrastructure. Our approach to evaluation will be time-specific, emphasizing the consistency of test outcomes.

Our project aims to bolster the decentralization of Open Radio Access Network (O-RAN) technologies in mobile networks (5G/6G), enhancing their global acceptance by MNOs. O-RAN, a transformative approach to the traditionally vendor-locked mobile network market, relies on open interfaces and is predominantly driven by SMEs and startups. Supported by the EU and USA, O-RAN offers a remedy to the trust issues in the 5G/6G supply chain, amplifying data security and privacy. Our goal is to enhance O-RAN products' security assurance capabilities and establish a trust benchmark for multi-provider O-RAN gear.

EvORAN addresses internet architecture overhaul and trust enhancement, with an emphasis on interoperability and standardization. O-RAN's decentralization from dominant providers enhances trust through a diversified supply chain. With a focus on cybersecurity, mobile networks, and open-source technology, our project is centered on the security assessment of O-RAN 5G and prospective 6G systems.

Anticipated outcomes include the development of open-source tools for O-RAN product assessment, software ensuring test repeatability, a repository for software accessibility, a specification aligned with the EN 17640:2022 standard, and two publications centered on time-fixed evaluation in O-RAN.

Preliminary results:
- A first release of the tools has been provided. We are now testing all the tools and deploying tests on commercial O-RAN network equipment:
open-source evaluation tool (Open Distributed Unit)
The functionalities of the ORANfuzz module are as follows:
• Report Manager – the module implements a set of functions responsible for recording all messages (logs) generated in individual test scenarios. Finally, the module provides a detailed report that contains information about the test in the form of logs in individual test steps. The log types/levels presented in the report are: INFO, WARNING and ERROR. Based on the received logs, the test result will be presented: PASS/FAIL with a detailed comment/reason.
• Fuzz Manager – the main module of the program. It runs the main functions of the test scenario, loads the test configuration from the Config Manager module and runs the Report Manager functions used to analyze the test logs.
• Config Manager – the module implements functions for creating configura-tions of the test scenarios saved in configuration files.
• E2AP Handler/F1AP Handler – the handlers implement functions to send/receive protocol messages.
• Wireshark sniffer v 4.0.5 – a tool used to analyze the sequence of messages in individual test scenarios and to check the values of fields set in headers and data fields for E2AP and F1AP protocols.

- Publications funded by the project:
Mongay Batalla J. Featured Papers on Network Security and Privacy. Journal of Sensor and Actuator Networks. 2024; 13(1):11. https://doi.org/10.3390/jsan13010011