NSF Convergence Accelerator Track: G: The Security-Enhanced Radio Access Network (SE-RAN)

NSF 融合加速器轨道：G：安全增强型无线接入网络 (SE-RAN)

基本信息

批准号：
2326882
负责人：
Phillip Porras
金额：
$ 499.96万
依托单位：
SRI International
依托单位国家：
美国
项目类别：
Cooperative Agreement
财政年份：
2023
资助国家：
美国
起止时间：
2023-09-01 至 2025-08-31
项目状态：
未结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2326882&HistoricalAwards=false
关键词：
NSF Convergence Accelerator Track Security

项目摘要

SRI International, Ohio State University (OSU), and AccuKnox Inc. will develop innovative edge-to-core security services for the next generation of the Open Radio Access Network (O-RAN) compliant 5G+ mobile architecture. This collaborative project, named Security-Enhanced Radio Access Network (SE-RAN), will fortify 5G mobile infrastructures against a wide range of attacks that target vulnerabilities within 5G networks, protocols, and their control-layer services. The project's centerpiece is a transformative network management service, offering 5G operators an unprecedented level of threat identification, policy enforcement, and compliance monitoring throughout their entire 5G network infrastructures. Project SE-RAN specifically focuses on safeguarding mission-critical 5G networks, providing a comprehensive protection architecture against sophisticated mobile-network adversaries.Project SE-RAN will deliver an O-RAN compliant 5G-Native Application Protection Platform (5GNAPP) for monitoring and inline policy enforcement across mobile devices, base stations, RAN operations, and the 5G control plane. It will substantially enhance the trustworthiness of 5G networks, including security with respect to mobile device privacy, 5G communications confidentiality and integrity, resistance to attacks, including attempts at control-plane infiltration, and live detection of attacks against the mobile infrastructure and its users. The project involves collaboration with key open-source stakeholders to integrate security specifications and modules with top-tier 5G open-source O-RAN projects. The project will also work with 5G integrators throughout the government to transition modular security services to address various mission-critical use cases. Finally, the project will foster sustainable impacts on the U.S. information technology industries by transitioning SE-RAN technologies through strategic relationships with startups, industry leaders, and investors actively involved in the development of novel and disruptive 5G security and privacy technologies.Project SE-RAN will foster a community that creates modular O-RAN-compliant security components to enhance the deployment and runtime management of mobile network infrastructures. These solutions will extend the existing O-RAN consortium’s open software architecture to tackle at least two fundamental problems. The first problem is the extensive attack surface that arises from the migration of the mobile network control plane into a cloud-based operating environment. While the integration of the RAN Intelligent Controller (RIC) into a Kubernetes framework dramatically increases the scalability and extensibility of control logic, it also exposes the control plane to the breadth of adversarial tactics and open-source supply chain vulnerabilities that plague existing cloud ecosystems. The second problem is the existing lack of visibility into core 5G network operations: one cannot secure the mobile network if one cannot observe its operations with sufficient granularity. Project SE-RAN represents the first security-focused, base-station-internal telemetry stream that will facilitate runtime security monitoring within the O-RAN compliant 5G Open-Source Software (OSS) ecosystem.SE-RAN is based on four groundbreaking innovations. First, SE-RAN will deliver a modular base station extension (i.e., an O-RAN service model) that delivers advanced 5G-protocol layer-3 security auditing designed to transform the ability of 5G operators to track the security-relevant state of every user equipment (UE) device and base station in the network. Second, SE-RAN will deliver the first runtime 5G-IDS (intrusion detection system) control plane application for malicious radio frequency (RF)-based exploit and anomaly detection. Third, SE-RAN will introduce 5G-KubeArmor, the first near real-time RAN Intelligent Controller (nRT-RIC) security policy generation and enforcement engine, enabling 5G administrators to secure the 5G control plane using application-layer least-permissive security policies. Finally, it will introduce the first 5GNAPP management service that integrates all three technologies under a unified security incident and event management (SIEM) system. The overall benefit of this project will be a transformative security framework that provides 5G operators with unprecedented threat identification, policy enforcement, and compliance monitoring that spans the entire 5G network infrastructure.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

SRI国际，俄亥俄州立大学（OSU）和Accuknox Inc.将为下一代开放无线电访问网络（O-RAN）符合5G+移动体系结构开发创新的边缘安全服务。这个合作项目，名为“安全增强的无线电访问网络”（SE-RAN），将加固5G移动基础架构，以防止针对5G网络，协议及其控制层服务中漏洞的广泛攻击。该项目的核心是一项变革性网络管理服务，为5G运营商提供了前所未有的威胁识别，政策执法和合规性监控，整个5G网络基础架构。 SE-RAN项目专门针对维护任务至关重要的5G网络，提供针对复杂的移动网络对手的全面保护体系结构。ProjectSE-Ran将提供一个O-Ran合规性的5G-Native应用程序保护平台（5GN），以监视跨移动设备，基地，ran操作，RAN运营和5G控制和5G控制和5G控制和5G控制和5G控制和5G控制和5G控制。它将大大提高5G网络的可信赖性，包括有关移动设备隐私的安全性，5G通信机密性和完整性，对攻击的阻力，包括尝试控制平面浸润的尝试以及对移动基础架构及其用户的攻击实时检测。该项目涉及与主要开源利益相关者合作，以将安全规范和模块与顶级5G开源O-RAN项目集成在一起。该项目还将与整个政府的5G集成商合作，以过渡模块化安全服务，以解决各种关键任务用例。最后，该项目将通过与初创企业，行业领导者和积极参与新颖和破坏性的5G安全和隐私技术开发的投资者的战略关系来通过战略关系来促进对美国信息技术行业的可持续影响。ProssSE-RAN将促进一个社区，以促进一个创建模块化的Oran-ran Security Compounter的社区，以增强模式的型网络范围，以增强移动范围的雇用和雇用。这些解决方案将扩展现有的O-Ran联盟的开放软件体系结构，以解决至少两个基本问题。第一个问题是由移动网络控制平面迁移到基于云的操作环境中引起的广泛攻击表面。尽管RAN智能控制器（RIC）集成到Kubernetes框架中，大大提高了控制逻辑的可扩展性和可扩展性，但它也将控制平面暴露于对抗策略和开源供应链漏洞的广度，这些漏洞会困扰现有现有的云生态系统。第二个问题是现有对核心5G网络操作的知名度缺乏可见性：如果一个人无法以足够的粒度观察其操作，则无法保护移动网络。项目SE-RAN代表了第一个以安全性为基础的内部遥测流，它将促进O-Ran合规5G开源软件（OSS）生态系统中的运行时安全性监视。SE-RAN基于四个开创性的创新。首先，SE-RAN将提供一个模块化基站扩展名（即O-Ran服务模型），该扩展名提供了高级5G-POROTOCOL层-3安全审核，旨在改变5G运营商跟踪网络中每个用户设备（UE）设备和基本站的安全性与安全状态的能力。其次，SE-RAN将提供第一个运行时5G-IDS（入侵检测系统）控制平面应用恶意射频（RF）基于基于的漏洞检测和异常检测。第三，SE-RAN将推出5G-KubeArmor，这是第一个近实时RAN智能控制器（NRT-RIC）安全策略生成和执法引擎，使5G管理员能够使用应用程序 - 控制器使用应用程序最低验证的安全性策略来确保5G控制平面。最后，它将介绍第一个5GNAPP管理服务，该服务将所有三种技术集成在统一安全事件和事件管理（SIEM）系统下。该项目的总体好处将是一个变革性的安全框架，该框架为5G操作员提供了前所未有的威胁识别，政策执法和合规性监控，该框架涵盖了整个5G网络基础架构。该奖项反映了NSF的法定任务，并通过评估该基金会的知识点功能和广泛的影响来评估CRETERIA，并被认为是通过评估的支持。