Securing Ethernet-based Optical Fronthaul for 5G Network

Authors

  • Joo Yeon Cho ADVA Optical Networking SE, Fraunhoferstrasse 9a, Martinsried, 82152, Germany https://orcid.org/0000-0003-0351-0885
  • Andrew Sergeev ADVA Optical Networking Israel, 2 Hatidhar Street, Ra’anana, 4366105, Israel https://orcid.org/0000-0002-1165-9148
  • Jim Zou ADVA Optical Networking SE, Märzenquelle 1–3 Meiningen, 98617, German

DOI:

https://doi.org/10.13052/jcsm2245-1439.913

Keywords:

5G, Ethernet, Optical fronthaul, MACsec, IPsec, WireGuard, Quantum-resistant cryptography

Abstract

In 5G networks, an optical fronthaul transports massive user data from remote radio heads (RRH) to the core network (CO) with high throughput and low latency. eCPRI is a new standard interface for the Ethernet-based optical fronthaul network to enhance the efficiency and performance. However, if fronthaul networks are deployed in an unsafe domain, an end-to-end security system should be implemented over the data flow, which requires additional overhead and processing time. This redundancy may cause unexpected latency and performance degradation in the data transport for 5G networks. According to the specification of eCPRI, vendors may optionally implement either IPsec or MACsec for the secure transmission. In this paper, we investigate security solutions suitable for the Ethernet-based optical fronthaul network. We analyse the standard security protocols such as IPsec and MACsec. Alternatively, we propose WireGuard as an replacement of IPsec for secure fronthaul networks. According to our analysis, the extended overhead for three security protocols has negligible impact on the latency. However, the encryption and decryption of transmission packets may cause additional latency on the eCPRI processing time and eventually reduce the maximum transmission distance between RRH and CO. To verify our analysis, we simulated an eCPRI traffic on our test platform with the WireGuard protocol enabled. Our test results showed that the latency caused by encryption and decryption process could be significant. We also point out that a re-key interval should be carefully selected not to compromise the security of the high capacity transmission link such as 5G fronthaul networks. Our analysis is further extended with quantum-resistant cryptographic solutions for the long-term security of fronthaul networks.

Downloads

Download data is not yet available.

Author Biographies

Joo Yeon Cho, ADVA Optical Networking SE, Fraunhoferstrasse 9a, Martinsried, 82152, Germany

Joo Yeon Cho received the Ph.D. degree in cryptography from the Macquarie University, Australia, in 2007. He has worked on the research and development of cryptography and data security for more than 10 years. He is currently a Principal Engineer in the Advanced Technology group at ADVA Optical Networking in Munich, Germany. His expertise comprises cryptography, network security, cryptanalysis and cybersecurity.

Andrew Sergeev, ADVA Optical Networking Israel, 2 Hatidhar Street, Ra’anana, 4366105, Israel

Andrew Sergeev is currently a senior principal engineer in the Advanced Technology department at ADVA Optical Networking, actively participating in various projects in the field of Network Function Virtualization (NFV) and of modern cryptography. Andrew has broad hands-on experience in software development, system engineering and design for data communications and wireless data services. He is the author of more than twenty inventions in the networking area. Andrew graduated from the Saint Petersburg State Electrotechnical University with a M.Sc. in electrical engineering.

Jim Zou, ADVA Optical Networking SE, Märzenquelle 1–3 Meiningen, 98617, German

Shihuan (Jim) Zou is currently a senior engineer in the Advanced Technology department at ADVA Optical Networking SE, Germany, participating in various EU FP7 and Horizon-2020 research projects. He is also a core member of PLM Access Solution team, responsible for product roadmap, prototyping, and business development support related to the next generation optical access technologies. He received his B.Eng. in communication and information engineering and M.Sc. in electrical circuits and systems from Shanghai University, China, in 2008 and 2011, respectively. In 2015, he received the PhD degree from the Eindhoven University of Technology, The Netherlands, where he conducted the research work with Electro-Optical Communication (ECO) group of COBRA research institute in the area of broadband indoor fiber-wireless networks.

References

CPRI, “Common Public Radio Interface eCPRI Interface Specification

V1.2,” 2018. [Online].

S. Bjørnstad, D. Chen and R. Veisllari, “Handling Delay in 5G Ethernet

Mobile Fronthaul Networks,” in European Conference on Networks and

Communications (EuCNC), 2018.

3GPP, “3G security; Network Domain Security (NDS); IP network layer

security (Release 16). TS 33.210 V16.1.0,” 2019.

K. Shaneman and S. Gray, “Optical network security: technical analysis

of fiber tapping mechanisms and methods for detection amp; prevention,”

IEEE MILCOM 2004. Military Communications Conference,

vol. 2, p. 711–716, 2004.

H. J. Son and S. Shin, “Fronthaul Size: Calculation of maximum distance

between RRH and BBU,” [Online]. Available: https://www.netm

anias.com/en/post/blog/6276/c-ranfronthaul-lte/fronthaul-size-calculat

ion-of-maximum-distance-between-rrhand-bbu.

S. Kumar, “Simulating DDoS Attacks on the US Fiber-Optics Internet

Infrastructure,” in Proceedings of the 2017 Winter Simulation Conference,

P. W. Shor, “Algorithms for quantum computation: discrete logarithms

and factoring.,” 35th annual IEEE symposium on the foundations of

computer science, 1994.

N. J. Gomes et al., “Boosting 5G Through Ethernet: How Evolved

Fronthaul Can Take Next-Generation Mobile to the Next Level,” IEEE

Veh. Technol. Mag., vol. 13, p. 74–84, 2018.

IEEE, “Precision Clock Synchronization Protocol for Networked Measurement

and Control Systems,” IEEE Std. 1588–2008.

IEEE, “Precision clock synchronization protocol for networked measurement,”

IEEE Std. 1588–2008.

3GPP, “Study on the security aspects of the next generation system

(Release 14), TR 33.899 V1.3.0,” 2017.

IEEE, “Local and metropolitan area networks–Media Access Control

(MAC) Security,” IEEE Std 802.1AE.

IEEE, “Standard for local and metropolitan area network – port-based

network access control. IEEE 802.1X-2010.”

S. Santesson, M. Myers, R. Ankney, A. Malpani, S. Galperin and

C. Adams, “X.509 Internet Public Key Infrastructure Online Certificate

Status Protocol – OCSP,” 2013. [Online]. Available: https://tools.ietf.

org/html/rfc2560.

J. Donenfeld, “WireGuard: Next Generation Kernel Network Tunnel,”

[Online]. Available: https://www.wireguard.com/papers/wireguard.pdf.

Y. Nir and A. Langley, “ChaCha20 and Poly1305 for IETF Protocols,”

[Online]. Available: https://tools.ietf.org/html/rfc8439.

C. Wood, T. Enghardt, T. Pauly, C. Perkins and K. Rose, “A Survey of

Transport Security Protocols,” 2019. [Online]. Available: draft-ietf-tap

s-transport-security.

B. Lipp, B. Blanchet and K. Bhargavan, “A Mechanised Cryptographic

Proof of the WireGuard Virtual Private Network Protocol,” in IEEE

European Symposium on Security and Privacy (EuroS&P’19), 2019.

A. Luykx and K. Paterson, “Limits on Authenticated Encryption Use

in TLS – Information Security,” 2017. [Online]. Available: http://www.

isg.rhul.ac.uk/˜kp/TLS-AEbounds.pdf.

IEEE, “MAC Security (MACsec) – Extended Packet Numbering,” IEEE

1AEbw-2013.

C. Kaufman, P. Hoffman, Y. Nir, P. Eronen and T. Kivinen, “The Internet

Key Exchange Protocol Version 2 (IKEv2). IETF RFC 7296,” 2014.

L. Chen, S. Jordan, Y. Liu, D. Moody, R. Peralta, R. Perlner and

D. Smith-Tone, “Report on Post-Quantum Cryptography, NISTIR

,” 2016.

A. Langley, M. Hamburg and S. Turner, “Elliptic Curves for Security,”

IETF RFC 7748, 2016.

B. B. K. B. Benjamin Lipp, “A Mechanised Cryptographic Proof of

the WireGuard Virtual Private Network Protocol,” June 2019. [Online].

Available: https://hal.inria.fr/hal-02100345v2/document.

J. Appelbaum, C. Martindale and P. Wu„ “Tiny WireGuard Tweak,”

Cryptology ePrint Archive, Report 2019/482, 2019.

DPDK, “Data Plane Development Kit,” [Online]. Available: https://www.

dpdk.org.

“XDP: eXpress Data Path,” IO Visor Project, [Online]. Available:

https://www.iovisor.org/technology/xdp.

T. Høiland-Jørgensen, J. Brouer, D. Borkmann, J. Fastabend, T. Herbert,

D. Ahern and D. Miller, “The eXpress Data Path: Fast Programmable

Packet Processing in the Operating System Kernel,” [Online]. Available:

https://github.com/xdp-project/xdp-paper/blob/master/xdp-the-expressdata-

path.pdf.

Downloads

Published

2020-01-25

How to Cite

1.
Cho JY, Sergeev A, Zou J. Securing Ethernet-based Optical Fronthaul for 5G Network. JCSANDM [Internet]. 2020 Jan. 25 [cited 2024 Apr. 25];9(1):91-110. Available from: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/1151

Issue

2020: Vol9 Iss 1

Section

ARES 2019 workshops

Most read articles by the same author(s)