权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

NSF Convergence Accelerator Track: G: The Security-Enhanced Radio Access Network (SE-RAN)

NSF 融合加速器轨道：G：安全增强型无线接入网络 (SE-RAN)

基本信息

批准号：
2326882
负责人：
Phillip Porras
金额：
$ 499.96万
依托单位：
SRI International
依托单位国家：
美国
项目类别：
Cooperative Agreement
财政年份：
2023
资助国家：
美国
起止时间：
2023-09-01 至 2025-08-31
项目状态：
未结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2326882&HistoricalAwards=false
关键词：
NSF Convergence Accelerator Track Security

项目摘要

SRI International, Ohio State University (OSU), and AccuKnox Inc. will develop innovative edge-to-core security services for the next generation of the Open Radio Access Network (O-RAN) compliant 5G+ mobile architecture. This collaborative project, named Security-Enhanced Radio Access Network (SE-RAN), will fortify 5G mobile infrastructures against a wide range of attacks that target vulnerabilities within 5G networks, protocols, and their control-layer services. The project's centerpiece is a transformative network management service, offering 5G operators an unprecedented level of threat identification, policy enforcement, and compliance monitoring throughout their entire 5G network infrastructures. Project SE-RAN specifically focuses on safeguarding mission-critical 5G networks, providing a comprehensive protection architecture against sophisticated mobile-network adversaries.Project SE-RAN will deliver an O-RAN compliant 5G-Native Application Protection Platform (5GNAPP) for monitoring and inline policy enforcement across mobile devices, base stations, RAN operations, and the 5G control plane. It will substantially enhance the trustworthiness of 5G networks, including security with respect to mobile device privacy, 5G communications confidentiality and integrity, resistance to attacks, including attempts at control-plane infiltration, and live detection of attacks against the mobile infrastructure and its users. The project involves collaboration with key open-source stakeholders to integrate security specifications and modules with top-tier 5G open-source O-RAN projects. The project will also work with 5G integrators throughout the government to transition modular security services to address various mission-critical use cases. Finally, the project will foster sustainable impacts on the U.S. information technology industries by transitioning SE-RAN technologies through strategic relationships with startups, industry leaders, and investors actively involved in the development of novel and disruptive 5G security and privacy technologies.Project SE-RAN will foster a community that creates modular O-RAN-compliant security components to enhance the deployment and runtime management of mobile network infrastructures. These solutions will extend the existing O-RAN consortium’s open software architecture to tackle at least two fundamental problems. The first problem is the extensive attack surface that arises from the migration of the mobile network control plane into a cloud-based operating environment. While the integration of the RAN Intelligent Controller (RIC) into a Kubernetes framework dramatically increases the scalability and extensibility of control logic, it also exposes the control plane to the breadth of adversarial tactics and open-source supply chain vulnerabilities that plague existing cloud ecosystems. The second problem is the existing lack of visibility into core 5G network operations: one cannot secure the mobile network if one cannot observe its operations with sufficient granularity. Project SE-RAN represents the first security-focused, base-station-internal telemetry stream that will facilitate runtime security monitoring within the O-RAN compliant 5G Open-Source Software (OSS) ecosystem.SE-RAN is based on four groundbreaking innovations. First, SE-RAN will deliver a modular base station extension (i.e., an O-RAN service model) that delivers advanced 5G-protocol layer-3 security auditing designed to transform the ability of 5G operators to track the security-relevant state of every user equipment (UE) device and base station in the network. Second, SE-RAN will deliver the first runtime 5G-IDS (intrusion detection system) control plane application for malicious radio frequency (RF)-based exploit and anomaly detection. Third, SE-RAN will introduce 5G-KubeArmor, the first near real-time RAN Intelligent Controller (nRT-RIC) security policy generation and enforcement engine, enabling 5G administrators to secure the 5G control plane using application-layer least-permissive security policies. Finally, it will introduce the first 5GNAPP management service that integrates all three technologies under a unified security incident and event management (SIEM) system. The overall benefit of this project will be a transformative security framework that provides 5G operators with unprecedented threat identification, policy enforcement, and compliance monitoring that spans the entire 5G network infrastructure.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

SRI International、俄亥俄州州立大学（OSU）和AccuKnox Inc.将为下一代开放无线接入网络（O-RAN）兼容的5G+移动的架构开发创新的边缘到核心安全服务。这个名为安全增强无线电接入网络（SE-RAN）的合作项目将加强5G移动的基础设施，以抵御针对5G网络、协议及其控制层服务中漏洞的各种攻击。该项目的核心是一项变革性的网络管理服务，为5G运营商在整个5G网络基础设施中提供前所未有的威胁识别、策略执行和合规性监控。 SE-RAN项目将提供一个符合O-RAN标准的5G原生应用保护平台（5GNAPP），用于在移动的设备、基站、RAN运营和5G控制平面上监控和执行内联策略。它将大大增强5G网络的可信度，包括移动终端隐私、5G通信机密性和完整性、抵抗攻击（包括控制平面渗透）的能力，以及实时检测针对移动的基础设施及其用户的攻击。该项目涉及与主要开源利益相关者的合作，将安全规范和模块与顶级5G开源O-RAN项目集成。该项目还将与整个政府的5G集成商合作，将模块化安全服务过渡到各种关键任务用例。最后，该项目将通过与初创公司、行业领导者、和投资者积极参与创新和颠覆性的5G安全和隐私技术的开发。项目SE-RAN将培养一个创建模块化O-RAN的社区，兼容的安全组件，以增强移动的网络基础设施的部署和运行时管理。这些解决方案将扩展现有的O-RAN联盟的开放软件架构，以解决至少两个基本问题。第一个问题是由于将移动的网络控制平面迁移到基于云的操作环境中而产生的广泛的攻击面。虽然RAN智能控制器（RIC）集成到Kubernetes框架中大大提高了控制逻辑的可扩展性和可扩展性，但它也使控制平面暴露于对抗策略和开源供应链漏洞的广度，这些漏洞困扰着现有的云生态系统。第二个问题是核心5G网络运营缺乏可见性：如果不能以足够的粒度观察其运营，就无法保护移动的网络。SE-RAN项目代表了首个以安全为中心的基站内部遥测流，将有助于在O-RAN兼容的5G开源软件（OSS）生态系统内进行运行时安全监控。SE-RAN基于四项突破性创新。首先，SE-RAN将提供模块化基站扩展（即，O-RAN服务模型），提供高级5G协议第3层安全审计，旨在转变5G运营商跟踪网络中每个用户设备（UE）设备和基站的安全相关状态的能力。其次，SE-RAN将提供第一个运行时5G-IDS（入侵检测系统）控制平面应用程序，用于基于恶意射频（RF）的漏洞利用和异常检测。第三，SE-RAN将推出5G-KubeArmor，这是第一个近实时RAN智能控制器（nRT-RIC）安全策略生成和执行引擎，使5G管理员能够使用应用层最低许可安全策略保护5G控制平面。最后，它将介绍第一个5GNAPP管理服务，该服务将所有三种技术集成在统一的安全事件和事件管理（SIEM）系统下。该项目的总体好处将是一个变革性的安全框架，为5G运营商提供前所未有的威胁识别、策略执行和合规监控，覆盖整个5G网络基础设施。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。