Key points are not available for this paper at this time.
The impending adoption of Open Radio Access Network (O-RAN) is fueling innovation in the RAN towards data-driven operation. Unlike traditional RAN where the RAN data and its usage is restricted within proprietary and monolithic RAN equipment, the O-RAN architecture opens up access to RAN data (i.e., network telemetry), via RAN intelligent controllers (RICs), to third-party machine learning (ML) powered applications - rApps and xApps - to optimize RAN operations. Consequently, a major focus has been placed on leveraging RAN data to unlock greater efficiency gains. However, there is an increasing recognition that RAN data access to apps could become a source of vulnerability and be exploited by malicious actors. Motivated by this, we carry out a comprehensive investigation of data vulnerabilities on both xApps and rApps, respectively hosted in Near- and Non-real-time (RT) RIC components of O-RAN. Our investigation begins by qualitatively analyzing the O-RAN security mechanisms and limitations relevant to xApps and rApps, such as their onboarding authentication process and RIC database access mechanisms. Considering a threat model informed by this analysis, we design a viable and effective black-box evasion attack strategy targeting O-RAN RIC Apps while accounting for the stringent timing constraints (particularly for xApps) and attack effectiveness. The attack strategy employs four key techniques: the model cloning algorithm, input-specific perturbations, universal adversarial perturbations (UAPs), and targeted UAPs. This strategy targets ML models used by both xApps and rApps within the O-RAN system, aiming to degrade network performance. We experimentally validate the effectiveness of the designed evasion attack strategy and quantify the scale of performance degradation using a real-world O-RAN testbed and emulation environments. This evaluation is conducted using the Interference Classification xApp and the Power Saving rApp as representative applications for near-RT and non-RT RICs, respectively. Further, we show that the attack strategy is effective against prominent defense techniques for adversarial ML, such as defensive distillation and adversarial training.
Gajjar et al. (Mon,) studied this question.