O-RAN CNF Migration Attacks（遷移攻擊）

Slide 1

Slide 1 text

#Tampering( ) #Information disclosure( ) #DoS( ) Open RAN CNF Migration Attacks hctsai@linux.com

Slide 2

Slide 2 text

Experience • Education • •

Slide 3

Slide 3 text

RRH BBU EPC

Slide 4

Slide 4 text

RAN Disaggregation O-DU O-CU RU (SMO)

Slide 5

Slide 5 text

O-DU ( ) O-CU ( ) RU (Infrastructure) (SMO) Hardware Disaggregation (Infrastructure)

Slide 6

Slide 6 text

O-RAN 介紹

Slide 7

Slide 7 text

O-RAN

Slide 8

Slide 8 text

Cloud Stack (Containers/VMs, OS, Mgmt.) O-DU RIC O-CU AAL AAL O-Cloud O-Cloud Physical Infra Node FPGA x86 ASIC GPU O-Cloud 伺服器支援部屬 VNF/CNF

Slide 9

Slide 9 text

Application O-CU, O-DU RU COTS HW COTS HW RU VNF/CNF O-CU O-DU Edge Side On-Prem ( ) UPF UPF BBU PNF O-RAN RU

Slide 10

Slide 10 text

電信業轉型雲原生 DevOps

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

Migrant Attack J. -R. Yeh, H. -C. Hsiao and A. -C. Pang, "Migrant Attack: A Multi-resource DoS Attack on Cloud Virtual Machine Migration Schemes," 2016 11th Asia Joint Conference on Information Security (AsiaJCIS), Fukuoka, Japan, 2016, pp. 92-99, doi: 10.1109/AsiaJCIS.2016.14.

Slide 14

Slide 14 text

O-RAN Migrant Attack SMO NFs O-Cloud O-Cloud O2 O-Cloud O-Cloud O-Cloud O-Cloud

Slide 15

Slide 15 text

O-RAN CNF Migration Attacks Data Plane Attacks Control Plane Attacks • Migration Flooding • False Resource Advertising • (MitM)

Slide 16

Slide 16 text

Data Plane Attacks O-RAN.WG11.O-CLOUD-Security-Analysis-TR.O-R003-v03.00

Slide 17

Slide 17 text

Data Plane Attacks Illustration of the migration MITM attack O-RAN.WG11.O-CLOUD-Security-Analysis-TR.O-R003-v03.00

Slide 18

Slide 18 text

Control Plane Attacks Cloud Stack (Containers/VMs, OS, Mgmt.) O-RU O-CU O-DU AAL AAL AAL PDCP/ SDAP RRC RLC MAC Low- PHY RF High- PHY O-Cloud Physical Infra Node FPGA x86 ASIC GPU Migration Module Control Plane Attacks • Migration Flooding • False Resource Advertising

Slide 19

Slide 19 text

Migration Flooding Cloud Stack (Containers/VMs, OS, Mgmt.) O-RU O-CU O-DU AAL AAL AAL PDCP/ SDAP RRC RLC MAC Low- PHY RF High- PHY O-Cloud Physical Infra Node FPGA x86 ASIC GPU Migration Module

Slide 20

Slide 20 text

Cloud Stack (Containers/VMs, OS, Mgmt.) O-Cloud Physical Infra Node FPGA x86 ASIC GPU Container Network Functions NF NF NF O-Cloud Physical Infra Node RIC O-CU O-DU Cloud Stack (Containers/VMs, OS, Mgmt.) FPGA x86 ASIC GPU Migration Module Illustration of the migration flooding attack NF NF

Slide 21

Slide 21 text

False Resource Advertising ( ) Cloud Stack (Containers/VMs, OS, Mgmt.) O-RU O-CU O-DU AAL AAL AAL O-Cloud Physical Infra Node FPGA x86 ASIC GPU Migration Module

Slide 22

Slide 22 text

Cloud Stack (Containers/VMs, OS, Mgmt.) O-Cloud Physical Infra Node FPGA x86 ASIC GPU Migration Module Container Network Functions NF NF NF

Slide 23

Slide 23 text

Cloud Stack (Containers/VMs, OS, Mgmt.) O-Cloud Physical Infra Node FPGA x86 ASIC GPU Migration Module Container Network Functions NF NF NF Cloud Stack (Containers/VMs, OS, Mgmt.) O-Cloud Physical Infra Node FPGA x86 ASIC GPU RIC O-CU O-DU

Slide 24

Slide 24 text

No content

Slide 25

Slide 25 text

Potential mitigations ( ) • • • • • • O-RAN.WG11.O-CLOUD-Security-Analysis-TR.O-R003-v03.00

Slide 1

Slide 1 text

Slide 2

Slide 2 text

Slide 3

Slide 3 text

Slide 4

Slide 4 text

Slide 5

Slide 5 text

Slide 6

Slide 6 text

Slide 7

Slide 7 text

Slide 8

Slide 8 text

Slide 9

Slide 9 text

Slide 10

Slide 10 text

Slide 11

Slide 11 text

Slide 12

Slide 12 text

Slide 13

Slide 13 text

Slide 14

Slide 14 text

Slide 15

Slide 15 text

Slide 16

Slide 16 text

Slide 17

Slide 17 text

Slide 18

Slide 18 text

Slide 19

Slide 19 text

Slide 20

Slide 20 text

Slide 21

Slide 21 text

Slide 22

Slide 22 text

Slide 23

Slide 23 text

Slide 24

Slide 24 text

Slide 25

Slide 25 text

Slide 26

Slide 26 text

Slide 27

Slide 27 text

Slide 28

Slide 28 text

Slide 29

Slide 29 text

Slide 30

Slide 30 text

Slide 31

Slide 31 text

Slide 32

Slide 32 text

Slide 33

Slide 33 text

Slide 34

Slide 34 text

Slide 35

Slide 35 text

Slide 36

Slide 36 text