PhD Defence for Daniel Alberto Dik Rodriguez
- Principal supervisor: Associate Professor Michael Stübert Berger, Department of Electrical and Photonics Engineering, DTU
- Co-supervisor: Thomas Gerner Nørgaard, Founder, Comcores ApS
- Co-supervisor: Jørgen Carstensen, R & D, Comcores ApS
- Associate Professor Sarah Renée Ruepp, DTU Electrical & Photonics Engineering
- Senior Lecturer Rasheed Hussain, University of Bristol, UK
- IoT Technology Lead Christian Kloch, Force Technology
Master of the Ceremony
Associate Professor Henrik Wessing, DTU Electrical & Photonics Engineering
The next generation of cellular networks move from services dedicated only for human consumers to a service mix that integrates communication services for things at a very high-performance level. With 5G and 6G, long-time envisioned services and applications are becoming a reality. This includes autonomous vehicles, remote robot control for industrial environments, and remote health assistance. To achieve these services and performance requirements, several technological innovations are integrated in cellular networks. The Radio Access Network (RAN) is responsible for providing access, coverage, and capacity to mobile devises in cellular networks. It accounts for a considerable part of the investment in cellular network deployments and is where most of the innovation I centered. One of the main innovations in the RAN is the split of base station functionalities into a Radio Unit (RU) and a Distributed Unit (DU). This results in a disaggregated and open RAN (O-RAN) architecture where functions can be centralized close to the core for performance improvement and function extendibility. The interface between Rus and Dus is the open fronthaul interface. The O-RAN architecture adopts many technologies and architectural concepts. The increased disaggregation allows for more granular control systems that increase efficiency of execution and diversity of the censor supply chain. However, it also increases the potential attack surface from a cyber-security perspective. Therefore, there is a need to take these potential risks into account.
This PhD thesis investigates transport network security in the O-RAN fronthaul. Firstly, it analyzes the threats and vulnerabilities that the fronthaul data are exposed to and their overall impact on the network, thereby, elucidating the urgent need for Layer 2 security mechanisms. Secondly, it analyzes Media Access Control Security (MACsec) as a potential solution to protect the fronthaul. It outlines MACsec's capabilities and limitations for threat protection and its implementation challenges in the fronthaul network. Thirdly, it proposes multiple hardware architectures to secure the fronthaul data using MACsec and evaluates their feasibility in Field-Programmable Gate Array (FPGA) devices and their impact on the network performance. These architectures consider different fronthaul scenarios including time sensitive networking technologies, point-to-point and network of switches fronthaul, and dynamic large-scale fronthaul networks with channel aggregation and Security-as-a-Service. Fourthly, this thesis presents the integration of Quantum Key Distribution and the MACsec control plane to secure the fronthaul network against quantum-computer attacks. Finally, a risk assessment of the system hosting MACsec in RUs and DUs is conducted, where the isolation of its control plane using Trusted Execution Environments is proposed and analyzed. As a result, this Ph.D. thesis provides relevant research and system implementations for securing open architectures in current and next-generation RANs.