NSF Convergence Accelerator Track: G: The Security-Enhanced Radio Access Network (SE-RAN)
NSF 融合加速器轨道:G:安全增强型无线接入网络 (SE-RAN)
基本信息
- 批准号:2326882
- 负责人:
- 金额:$ 499.96万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Cooperative Agreement
- 财政年份:2023
- 资助国家:美国
- 起止时间:2023-09-01 至 2025-08-31
- 项目状态:未结题
- 来源:
- 关键词:
项目摘要
SRI International, Ohio State University (OSU), and AccuKnox Inc. will develop innovative edge-to-core security services for the next generation of the Open Radio Access Network (O-RAN) compliant 5G+ mobile architecture. This collaborative project, named Security-Enhanced Radio Access Network (SE-RAN), will fortify 5G mobile infrastructures against a wide range of attacks that target vulnerabilities within 5G networks, protocols, and their control-layer services. The project's centerpiece is a transformative network management service, offering 5G operators an unprecedented level of threat identification, policy enforcement, and compliance monitoring throughout their entire 5G network infrastructures. Project SE-RAN specifically focuses on safeguarding mission-critical 5G networks, providing a comprehensive protection architecture against sophisticated mobile-network adversaries.Project SE-RAN will deliver an O-RAN compliant 5G-Native Application Protection Platform (5GNAPP) for monitoring and inline policy enforcement across mobile devices, base stations, RAN operations, and the 5G control plane. It will substantially enhance the trustworthiness of 5G networks, including security with respect to mobile device privacy, 5G communications confidentiality and integrity, resistance to attacks, including attempts at control-plane infiltration, and live detection of attacks against the mobile infrastructure and its users. The project involves collaboration with key open-source stakeholders to integrate security specifications and modules with top-tier 5G open-source O-RAN projects. The project will also work with 5G integrators throughout the government to transition modular security services to address various mission-critical use cases. Finally, the project will foster sustainable impacts on the U.S. information technology industries by transitioning SE-RAN technologies through strategic relationships with startups, industry leaders, and investors actively involved in the development of novel and disruptive 5G security and privacy technologies.Project SE-RAN will foster a community that creates modular O-RAN-compliant security components to enhance the deployment and runtime management of mobile network infrastructures. These solutions will extend the existing O-RAN consortium’s open software architecture to tackle at least two fundamental problems. The first problem is the extensive attack surface that arises from the migration of the mobile network control plane into a cloud-based operating environment. While the integration of the RAN Intelligent Controller (RIC) into a Kubernetes framework dramatically increases the scalability and extensibility of control logic, it also exposes the control plane to the breadth of adversarial tactics and open-source supply chain vulnerabilities that plague existing cloud ecosystems. The second problem is the existing lack of visibility into core 5G network operations: one cannot secure the mobile network if one cannot observe its operations with sufficient granularity. Project SE-RAN represents the first security-focused, base-station-internal telemetry stream that will facilitate runtime security monitoring within the O-RAN compliant 5G Open-Source Software (OSS) ecosystem.SE-RAN is based on four groundbreaking innovations. First, SE-RAN will deliver a modular base station extension (i.e., an O-RAN service model) that delivers advanced 5G-protocol layer-3 security auditing designed to transform the ability of 5G operators to track the security-relevant state of every user equipment (UE) device and base station in the network. Second, SE-RAN will deliver the first runtime 5G-IDS (intrusion detection system) control plane application for malicious radio frequency (RF)-based exploit and anomaly detection. Third, SE-RAN will introduce 5G-KubeArmor, the first near real-time RAN Intelligent Controller (nRT-RIC) security policy generation and enforcement engine, enabling 5G administrators to secure the 5G control plane using application-layer least-permissive security policies. Finally, it will introduce the first 5GNAPP management service that integrates all three technologies under a unified security incident and event management (SIEM) system. The overall benefit of this project will be a transformative security framework that provides 5G operators with unprecedented threat identification, policy enforcement, and compliance monitoring that spans the entire 5G network infrastructure.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
SRI International、俄亥俄州州立大学(OSU)和AccuKnox Inc.将为下一代开放无线接入网络(O-RAN)兼容的5G+移动的架构开发创新的边缘到核心安全服务。这个名为安全增强无线电接入网络(SE-RAN)的合作项目将加强5G移动的基础设施,以抵御针对5G网络、协议及其控制层服务中漏洞的各种攻击。该项目的核心是一项变革性的网络管理服务,为5G运营商在整个5G网络基础设施中提供前所未有的威胁识别、策略执行和合规性监控。 SE-RAN项目将提供一个符合O-RAN标准的5G原生应用保护平台(5GNAPP),用于在移动的设备、基站、RAN运营和5G控制平面上监控和执行内联策略。它将大大增强5G网络的可信度,包括移动终端隐私、5G通信机密性和完整性、抵抗攻击(包括控制平面渗透)的能力,以及实时检测针对移动的基础设施及其用户的攻击。 该项目涉及与主要开源利益相关者的合作,将安全规范和模块与顶级5G开源O-RAN项目集成。 该项目还将与整个政府的5G集成商合作,将模块化安全服务过渡到各种关键任务用例。 最后,该项目将通过与初创公司、行业领导者、和投资者积极参与创新和颠覆性的5G安全和隐私技术的开发。项目SE-RAN将培养一个创建模块化O-RAN的社区,兼容的安全组件,以增强移动的网络基础设施的部署和运行时管理。 这些解决方案将扩展现有的O-RAN联盟的开放软件架构,以解决至少两个基本问题。第一个问题是由于将移动的网络控制平面迁移到基于云的操作环境中而产生的广泛的攻击面。虽然RAN智能控制器(RIC)集成到Kubernetes框架中大大提高了控制逻辑的可扩展性和可扩展性,但它也使控制平面暴露于对抗策略和开源供应链漏洞的广度,这些漏洞困扰着现有的云生态系统。第二个问题是核心5G网络运营缺乏可见性:如果不能以足够的粒度观察其运营,就无法保护移动的网络。SE-RAN项目代表了首个以安全为中心的基站内部遥测流,将有助于在O-RAN兼容的5G开源软件(OSS)生态系统内进行运行时安全监控。SE-RAN基于四项突破性创新。首先,SE-RAN将提供模块化基站扩展(即,O-RAN服务模型),提供高级5G协议第3层安全审计,旨在转变5G运营商跟踪网络中每个用户设备(UE)设备和基站的安全相关状态的能力。其次,SE-RAN将提供第一个运行时5G-IDS(入侵检测系统)控制平面应用程序,用于基于恶意射频(RF)的漏洞利用和异常检测。第三,SE-RAN将推出5G-KubeArmor,这是第一个近实时RAN智能控制器(nRT-RIC)安全策略生成和执行引擎,使5G管理员能够使用应用层最低许可安全策略保护5G控制平面。最后,它将介绍第一个5GNAPP管理服务,该服务将所有三种技术集成在统一的安全事件和事件管理(SIEM)系统下。 该项目的总体好处将是一个变革性的安全框架,为5G运营商提供前所未有的威胁识别、策略执行和合规监控,覆盖整个5G网络基础设施。该奖项反映了NSF的法定使命,并通过使用基金会的知识价值和更广泛的影响审查标准进行评估,被认为值得支持。
项目成果
期刊论文数量(1)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
5G-Spector: An O-RAN Compliant Layer-3 Cellular Attack Detection Service
- DOI:10.14722/ndss.2024.24527
- 发表时间:2024
- 期刊:
- 影响因子:0
- 作者:Haohuang Wen;Phillip Porras;V. Yegneswaran;Ashish Gehani;Zhiqiang Lin
- 通讯作者:Haohuang Wen;Phillip Porras;V. Yegneswaran;Ashish Gehani;Zhiqiang Lin
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Phillip Porras其他文献
LANTERN: Layered Adaptive Network Telemetry Collection for Programmable Dataplanes
LANTERN:可编程数据平面的分层自适应网络遥测收集
- DOI:
10.1145/3630047.3630194 - 发表时间:
2023 - 期刊:
- 影响因子:0
- 作者:
Kaiyu Hou;Dhiraj Saharia;V. Yegneswaran;Phillip Porras - 通讯作者:
Phillip Porras
Coordinated dataflow protection for ultra-high bandwidth science networks
超高带宽科学网络的协调数据流保护
- DOI:
- 发表时间:
2019 - 期刊:
- 影响因子:0
- 作者:
Vasudevan Nagendra;V. Yegneswaran;Phillip Porras;Samir Ranjan Das - 通讯作者:
Samir Ranjan Das
Phillip Porras的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Phillip Porras', 18)}}的其他基金
NSF Convergence Accelerator Track: G: Security Services for the 5G Software-Defined Edge
NSF 融合加速器轨道:G:5G 软件定义边缘的安全服务
- 批准号:
2226443 - 财政年份:2022
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
EAGER: Visualizing Cyber Defense Networks
EAGER:可视化网络防御网络
- 批准号:
1824258 - 财政年份:2018
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
Exploring the Transition of Research-Derived Cyber-Threat Data
探索研究衍生的网络威胁数据的转变
- 批准号:
1640386 - 财政年份:2016
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
Collaborative Research: CICI: Secure and Resilient Architecture: S3D: A New SDN-Based Security Framework for the Science DMZ
合作研究:CICI:安全和弹性架构:S3D:用于科学 DMZ 的新的基于 SDN 的安全框架
- 批准号:
1642150 - 财政年份:2016
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
EAGER: ACI: A Software-Defined Network (SDN) WAN Security Testbed
EAGER:ACI:软件定义网络 (SDN) WAN 安全测试平台
- 批准号:
1547206 - 财政年份:2015
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
EAGER: ACI: Secure and Effective Policy Enforcement in Software-Defined WANs
EAGER:ACI:软件定义的 WAN 中安全有效的策略执行
- 批准号:
1446426 - 财政年份:2014
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
TC: Medium: Collaborative Research: Multi-Perspective Bayesian Learning for Automated Diagnosis of Advanced Malware
TC:媒介:协作研究:用于高级恶意软件自动诊断的多视角贝叶斯学习
- 批准号:
0905518 - 财政年份:2009
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
Collaborative Research: CT-L: CLEANSE: Cross-Layer Large-Scale Efficient Analysis of Network Activities to Secure the Internet
合作研究:CT-L:CLEANSE:跨层大规模有效分析网络活动以保护互联网安全
- 批准号:
0831170 - 财政年份:2008
- 资助金额:
$ 499.96万 - 项目类别:
Continuing Grant
Collaborative Research: CT-T: Logic and Data Flow Extraction for Live and Informed Malware Execution
协作研究:CT-T:实时且知情的恶意软件执行的逻辑和数据流提取
- 批准号:
0716612 - 财政年份:2007
- 资助金额:
$ 499.96万 - 项目类别:
Continuing Grant
相似海外基金
NSF Convergence Accelerator Track L: HEADLINE - HEAlth Diagnostic eLectronIc NosE
NSF 融合加速器轨道 L:标题 - 健康诊断电子 NosE
- 批准号:
2343806 - 财政年份:2024
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
NSF Convergence Accelerator track L: Translating insect olfaction principles into practical and robust chemical sensing platforms
NSF 融合加速器轨道 L:将昆虫嗅觉原理转化为实用且强大的化学传感平台
- 批准号:
2344284 - 财政年份:2024
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
NSF Convergence Accelerator Track K: Unraveling the Benefits, Costs, and Equity of Tree Coverage in Desert Cities
NSF 融合加速器轨道 K:揭示沙漠城市树木覆盖的效益、成本和公平性
- 批准号:
2344472 - 财政年份:2024
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
NSF Convergence Accelerator Track L: Smartphone Time-Resolved Luminescence Imaging and Detection (STRIDE) for Point-of-Care Diagnostics
NSF 融合加速器轨道 L:用于即时诊断的智能手机时间分辨发光成像和检测 (STRIDE)
- 批准号:
2344476 - 财政年份:2024
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
NSF Convergence Accelerator Track L: Intelligent Nature-inspired Olfactory Sensors Engineered to Sniff (iNOSES)
NSF 融合加速器轨道 L:受自然启发的智能嗅觉传感器,专为嗅探而设计 (iNOSES)
- 批准号:
2344256 - 财政年份:2024
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
NSF Convergence Accelerator Track K: COMPASS: Comprehensive Prediction, Assessment, and Equitable Solutions for Storm-Induced Contamination of Freshwater Systems
NSF 融合加速器轨道 K:COMPASS:风暴引起的淡水系统污染的综合预测、评估和公平解决方案
- 批准号:
2344357 - 财政年份:2024
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
NSF Convergence Accelerator Track M: Water-responsive Materials for Evaporation Energy Harvesting
NSF 收敛加速器轨道 M:用于蒸发能量收集的水响应材料
- 批准号:
2344305 - 财政年份:2024
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
NSF Convergence Accelerator (L): Innovative approach to monitor methane emissions from livestock using an advanced gravimetric microsensor.
NSF Convergence Accelerator (L):使用先进的重力微传感器监测牲畜甲烷排放的创新方法。
- 批准号:
2344426 - 财政年份:2024
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
NSF Convergence Accelerator, Track K: Mapping the nation's wetlands for equitable water quality, monitoring, conservation, and policy development
NSF 融合加速器,K 轨道:绘制全国湿地地图,以实现公平的水质、监测、保护和政策制定
- 批准号:
2344174 - 财政年份:2024
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant
NSF Convergence Accelerator Track M: A new biomanufacturing process for making precipitated calcium carbonate and plant-based compounds that support human health
NSF Convergence Accelerator Track M:一种新的生物制造工艺,用于制造支持人类健康的沉淀碳酸钙和植物基化合物
- 批准号:
2344228 - 财政年份:2024
- 资助金额:
$ 499.96万 - 项目类别:
Standard Grant