Securing xApps in Open RAN: A Hierarchical Approach to Authentication and Authorisation

Pramitha Fernando; Pawani Porambage; Madhusanka Liyanage; Kris Steenhaut; An Braeken

doi:10.1109/CNS66487.2025.11195058

Securing xApps in Open RAN: A Hierarchical Approach to Authentication and Authorisation

Pramitha Fernando^*
, Pawani Porambage
, Madhusanka Liyanage
, Kris Steenhaut
, An Braeken

^*Corresponding author for this work

BA6403 Cybersecurity engineering and automation

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

Abstract

The Open Radio Access Network (RAN) represents a significant advancement in the ongoing evolution of mobile networks, transitioning from proprietary physical hardware to virtualised network functions. Open RAN advocates for a disaggregated RAN utilising commercial off-the-shelf (COTS) hardware. The O-RAN Alliance is the preeminent organisation in the Open RAN initiative, guiding the industry towards a vendor-neutral radio access network characterised by open interfaces and protocols. The introduction of RAN Intelligent Controllers (RICs) and the ability to deploy third-party services on these RICs expedite the innovation within the RAN. The two RICs, non-real-time RIC and near-real-time RIC, enhance the operation of RAN by facilitating the deployment of third-party services, either as an rApp for non-real-time RIC or as an xApp for near-real-time RIC. However, this new disaggregated and open RAN expands the threat surface and introduces novel security and privacy challenges that were previously absent, and these issues remain unaddressed. The introduction of new stakeholders, such as third-party application providers and cloud service providers, into the RAN ecosystem presents potential vulnerabilities. This paper proposes a hierarchical management strategy to tackle security challenges in Open RAN, enabling authorisation, authentication, and monitoring for third-party applications. Experimental evaluations across multiple configurations demonstrate that the proposed framework is scalable and imposes minimal overhead, making it a practical solution for securing next-generation RAN deployments.

Original language	English
Title of host publication	2025 IEEE Conference on Communications and Network Security, CNS 2025
Publisher	IEEE Institute of Electrical and Electronic Engineers
Number of pages	9
ISBN (Electronic)	9798331538569
DOIs	https://doi.org/10.1109/CNS66487.2025.11195058
Publication status	Published - 2025
MoE publication type	A4 Article in a conference publication
Event	13th Annual IEEE Conference on Communications and Network Security, CNS 2025 - Avignon, France Duration: 8 Sept 2025 → 11 Sept 2025

Conference

Conference	13th Annual IEEE Conference on Communications and Network Security, CNS 2025
Country/Territory	France
City	Avignon
Period	8/09/25 → 11/09/25

Funding

This research was conducted within the framework of the EU Marie Skłodowska-Curie Staff Exchange project Ensure-6G project (Grant ID. 101182933). Additional support was provided in part by the EU COST Action CA22104 (Behavioural Next Generation in Wireless Networks for Cyber Security), the Cybersecurity Research Program Flanders - Second Cycle (VOEWICS02), EU CONFIDENTIAL-6G project (Grant ID. 101096435), and the Research Ireland under CONNECT phase 2 (Grant no. 13/RC/2077-P2) project.

Keywords

Open RAN
Security
SG
xApp

Access to Document

10.1109/CNS66487.2025.11195058

Cite this

@inproceedings{77f064db978b4f7e9f7ff7d3e3b00744,

title = "Securing xApps in Open RAN: A Hierarchical Approach to Authentication and Authorisation",

abstract = "The Open Radio Access Network (RAN) represents a significant advancement in the ongoing evolution of mobile networks, transitioning from proprietary physical hardware to virtualised network functions. Open RAN advocates for a disaggregated RAN utilising commercial off-the-shelf (COTS) hardware. The O-RAN Alliance is the preeminent organisation in the Open RAN initiative, guiding the industry towards a vendor-neutral radio access network characterised by open interfaces and protocols. The introduction of RAN Intelligent Controllers (RICs) and the ability to deploy third-party services on these RICs expedite the innovation within the RAN. The two RICs, non-real-time RIC and near-real-time RIC, enhance the operation of RAN by facilitating the deployment of third-party services, either as an rApp for non-real-time RIC or as an xApp for near-real-time RIC. However, this new disaggregated and open RAN expands the threat surface and introduces novel security and privacy challenges that were previously absent, and these issues remain unaddressed. The introduction of new stakeholders, such as third-party application providers and cloud service providers, into the RAN ecosystem presents potential vulnerabilities. This paper proposes a hierarchical management strategy to tackle security challenges in Open RAN, enabling authorisation, authentication, and monitoring for third-party applications. Experimental evaluations across multiple configurations demonstrate that the proposed framework is scalable and imposes minimal overhead, making it a practical solution for securing next-generation RAN deployments.",

keywords = "Open RAN, Security, SG, xApp",

author = "Pramitha Fernando and Pawani Porambage and Madhusanka Liyanage and Kris Steenhaut and An Braeken",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 13th Annual IEEE Conference on Communications and Network Security, CNS 2025 ; Conference date: 08-09-2025 Through 11-09-2025",

year = "2025",

doi = "10.1109/CNS66487.2025.11195058",

language = "English",

booktitle = "2025 IEEE Conference on Communications and Network Security, CNS 2025",

publisher = "IEEE Institute of Electrical and Electronic Engineers",

address = "United States",

}

Fernando, P, Porambage, P, Liyanage, M, Steenhaut, K & Braeken, A 2025, Securing xApps in Open RAN: A Hierarchical Approach to Authentication and Authorisation. in 2025 IEEE Conference on Communications and Network Security, CNS 2025. IEEE Institute of Electrical and Electronic Engineers, 13th Annual IEEE Conference on Communications and Network Security, CNS 2025, Avignon, France, 8/09/25. https://doi.org/10.1109/CNS66487.2025.11195058

Securing xApps in Open RAN: A Hierarchical Approach to Authentication and Authorisation. / Fernando, Pramitha; Porambage, Pawani; Liyanage, Madhusanka et al.
2025 IEEE Conference on Communications and Network Security, CNS 2025. IEEE Institute of Electrical and Electronic Engineers, 2025.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Securing xApps in Open RAN

T2 - 13th Annual IEEE Conference on Communications and Network Security, CNS 2025

AU - Fernando, Pramitha

AU - Porambage, Pawani

AU - Liyanage, Madhusanka

AU - Steenhaut, Kris

AU - Braeken, An

PY - 2025

Y1 - 2025

N2 - The Open Radio Access Network (RAN) represents a significant advancement in the ongoing evolution of mobile networks, transitioning from proprietary physical hardware to virtualised network functions. Open RAN advocates for a disaggregated RAN utilising commercial off-the-shelf (COTS) hardware. The O-RAN Alliance is the preeminent organisation in the Open RAN initiative, guiding the industry towards a vendor-neutral radio access network characterised by open interfaces and protocols. The introduction of RAN Intelligent Controllers (RICs) and the ability to deploy third-party services on these RICs expedite the innovation within the RAN. The two RICs, non-real-time RIC and near-real-time RIC, enhance the operation of RAN by facilitating the deployment of third-party services, either as an rApp for non-real-time RIC or as an xApp for near-real-time RIC. However, this new disaggregated and open RAN expands the threat surface and introduces novel security and privacy challenges that were previously absent, and these issues remain unaddressed. The introduction of new stakeholders, such as third-party application providers and cloud service providers, into the RAN ecosystem presents potential vulnerabilities. This paper proposes a hierarchical management strategy to tackle security challenges in Open RAN, enabling authorisation, authentication, and monitoring for third-party applications. Experimental evaluations across multiple configurations demonstrate that the proposed framework is scalable and imposes minimal overhead, making it a practical solution for securing next-generation RAN deployments.

AB - The Open Radio Access Network (RAN) represents a significant advancement in the ongoing evolution of mobile networks, transitioning from proprietary physical hardware to virtualised network functions. Open RAN advocates for a disaggregated RAN utilising commercial off-the-shelf (COTS) hardware. The O-RAN Alliance is the preeminent organisation in the Open RAN initiative, guiding the industry towards a vendor-neutral radio access network characterised by open interfaces and protocols. The introduction of RAN Intelligent Controllers (RICs) and the ability to deploy third-party services on these RICs expedite the innovation within the RAN. The two RICs, non-real-time RIC and near-real-time RIC, enhance the operation of RAN by facilitating the deployment of third-party services, either as an rApp for non-real-time RIC or as an xApp for near-real-time RIC. However, this new disaggregated and open RAN expands the threat surface and introduces novel security and privacy challenges that were previously absent, and these issues remain unaddressed. The introduction of new stakeholders, such as third-party application providers and cloud service providers, into the RAN ecosystem presents potential vulnerabilities. This paper proposes a hierarchical management strategy to tackle security challenges in Open RAN, enabling authorisation, authentication, and monitoring for third-party applications. Experimental evaluations across multiple configurations demonstrate that the proposed framework is scalable and imposes minimal overhead, making it a practical solution for securing next-generation RAN deployments.

KW - Open RAN

KW - Security

KW - SG

KW - xApp

UR - https://www.scopus.com/pages/publications/105020942922

U2 - 10.1109/CNS66487.2025.11195058

DO - 10.1109/CNS66487.2025.11195058

M3 - Conference article in proceedings

AN - SCOPUS:105020942922

BT - 2025 IEEE Conference on Communications and Network Security, CNS 2025

PB - IEEE Institute of Electrical and Electronic Engineers

Y2 - 8 September 2025 through 11 September 2025

ER -

Securing xApps in Open RAN: A Hierarchical Approach to Authentication and Authorisation

Abstract

Conference

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this