权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

NSF Convergence Accelerator Track: G: The Security-Enhanced Radio Access Network (SE-RAN)

NSF 融合加速器轨道：G：安全增强型无线接入网络 (SE-RAN)

基本信息

批准号：
2326882
负责人：
Phillip Porras
金额：
$ 499.96万
依托单位：
SRI International
依托单位国家：
美国
项目类别：
Cooperative Agreement
财政年份：
2023
资助国家：
美国
起止时间：
2023-09-01 至 2025-08-31
项目状态：
未结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2326882&HistoricalAwards=false
关键词：
NSF Convergence Accelerator Track Security

项目摘要

SRI International, Ohio State University (OSU), and AccuKnox Inc. will develop innovative edge-to-core security services for the next generation of the Open Radio Access Network (O-RAN) compliant 5G+ mobile architecture. This collaborative project, named Security-Enhanced Radio Access Network (SE-RAN), will fortify 5G mobile infrastructures against a wide range of attacks that target vulnerabilities within 5G networks, protocols, and their control-layer services. The project's centerpiece is a transformative network management service, offering 5G operators an unprecedented level of threat identification, policy enforcement, and compliance monitoring throughout their entire 5G network infrastructures. Project SE-RAN specifically focuses on safeguarding mission-critical 5G networks, providing a comprehensive protection architecture against sophisticated mobile-network adversaries.Project SE-RAN will deliver an O-RAN compliant 5G-Native Application Protection Platform (5GNAPP) for monitoring and inline policy enforcement across mobile devices, base stations, RAN operations, and the 5G control plane. It will substantially enhance the trustworthiness of 5G networks, including security with respect to mobile device privacy, 5G communications confidentiality and integrity, resistance to attacks, including attempts at control-plane infiltration, and live detection of attacks against the mobile infrastructure and its users. The project involves collaboration with key open-source stakeholders to integrate security specifications and modules with top-tier 5G open-source O-RAN projects. The project will also work with 5G integrators throughout the government to transition modular security services to address various mission-critical use cases. Finally, the project will foster sustainable impacts on the U.S. information technology industries by transitioning SE-RAN technologies through strategic relationships with startups, industry leaders, and investors actively involved in the development of novel and disruptive 5G security and privacy technologies.Project SE-RAN will foster a community that creates modular O-RAN-compliant security components to enhance the deployment and runtime management of mobile network infrastructures. These solutions will extend the existing O-RAN consortium’s open software architecture to tackle at least two fundamental problems. The first problem is the extensive attack surface that arises from the migration of the mobile network control plane into a cloud-based operating environment. While the integration of the RAN Intelligent Controller (RIC) into a Kubernetes framework dramatically increases the scalability and extensibility of control logic, it also exposes the control plane to the breadth of adversarial tactics and open-source supply chain vulnerabilities that plague existing cloud ecosystems. The second problem is the existing lack of visibility into core 5G network operations: one cannot secure the mobile network if one cannot observe its operations with sufficient granularity. Project SE-RAN represents the first security-focused, base-station-internal telemetry stream that will facilitate runtime security monitoring within the O-RAN compliant 5G Open-Source Software (OSS) ecosystem.SE-RAN is based on four groundbreaking innovations. First, SE-RAN will deliver a modular base station extension (i.e., an O-RAN service model) that delivers advanced 5G-protocol layer-3 security auditing designed to transform the ability of 5G operators to track the security-relevant state of every user equipment (UE) device and base station in the network. Second, SE-RAN will deliver the first runtime 5G-IDS (intrusion detection system) control plane application for malicious radio frequency (RF)-based exploit and anomaly detection. Third, SE-RAN will introduce 5G-KubeArmor, the first near real-time RAN Intelligent Controller (nRT-RIC) security policy generation and enforcement engine, enabling 5G administrators to secure the 5G control plane using application-layer least-permissive security policies. Finally, it will introduce the first 5GNAPP management service that integrates all three technologies under a unified security incident and event management (SIEM) system. The overall benefit of this project will be a transformative security framework that provides 5G operators with unprecedented threat identification, policy enforcement, and compliance monitoring that spans the entire 5G network infrastructure.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

SRI国际公司、俄亥俄州立大学(OSU)和AccuKnox公司将为下一代兼容开放式无线接入网络(O-RAN)的5G+移动架构开发创新的边缘到核心安全服务。这个名为安全增强型无线接入网络(SE-RAN)的合作项目将加强5G移动基础设施，使其免受针对5G网络、协议及其控制层服务中的漏洞的广泛攻击。该项目的核心是一项变革性的网络管理服务，为5G运营商提供前所未有的威胁识别、政策执行和合规监控，覆盖整个5G网络基础设施。项目SE-RAN专门专注于保护任务关键型5G网络，提供针对复杂移动网络攻击的全面保护架构。项目SE-RAN将提供O-RAN兼容的5G本地应用保护平台(5GNAPP)，用于跨移动设备、基站、RAN运营和5G控制平面监控和内联策略实施。它将大幅增强5G网络的可信度，包括移动设备隐私、5G通信机密性和完整性方面的安全、对攻击的抵抗，包括控制平面渗透的企图，以及对针对移动基础设施及其用户的攻击的实时检测。该项目涉及与关键开源利益攸关方合作，将安全规范和模块与顶级5G开源O-RAN项目整合。该项目还将与政府各地的5G集成商合作，过渡模块化安全服务，以解决各种任务关键型使用案例。最后，该项目将通过与积极参与新型颠覆性5G安全和隐私技术开发的初创企业、行业领导者和投资者建立战略关系，过渡SE-RAN技术，从而对美国信息技术行业产生可持续的影响。SE-RAN项目将培育一个社区，创建符合O-RAN标准的模块化安全组件，以增强移动网络基础设施的部署和运行时管理。这些解决方案将扩展现有O-RAN联盟的开放软件架构，以解决至少两个基本问题。第一个问题是移动网络控制平面迁移到基于云的操作环境所产生的广泛攻击面。虽然RAN智能控制器(RIC)集成到Kubernetes框架中极大地提高了控制逻辑的可扩展性和可扩展性，但它也使控制平面暴露在困扰现有云生态系统的对抗性战术和开源供应链漏洞的广度之下。第二个问题是目前缺乏对核心5G网络运营的可见性：如果不能以足够的粒度观察移动网络的运营，就无法确保移动网络的安全。SE-RAN项目代表了第一个关注安全的基站内部遥测数据流，它将促进O-RAN兼容的5G开源软件(OSS)生态系统内的运行时安全监控。SE-RAN基于四项突破性创新。首先，SE-RAN将提供模块化基站扩展(即O-RAN服务模型)，该扩展提供高级5G协议第3层安全审计，旨在转变5G运营商跟踪网络中每个用户设备(UE)设备和基站的安全相关状态的能力。其次，SE-RAN将提供第一个运行时5G-IDS(入侵检测系统)控制平面应用程序，用于基于射频(RF)的恶意攻击和异常检测。第三，SE-RAN将推出5G-KubeArmor，这是第一个近乎实时的RAN智能控制器(NRT-RIC)安全策略生成和执行引擎，使5G管理员能够使用应用层最低许可的安全策略来保护5G控制平面。最后，它将推出第一个5GNAPP管理服务，该服务在统一的安全事件和事件管理(SIEM)系统下集成了所有这三种技术。该项目的总体好处将是一个变革性的安全框架，为5G运营商提供前所未有的威胁识别、政策执行和合规性监控，覆盖整个5G网络基础设施。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。