CPC H04W 12/088 (2021.01) [H04W 12/033 (2021.01); H04W 12/30 (2021.01); H04W 12/60 (2021.01); H04W 24/08 (2013.01); H04W 76/12 (2018.02); H04W 80/12 (2013.01); H04W 84/04 (2013.01)] | 20 Claims |
1. A system, comprising:
a processor configured to:
extract a plurality of parameters from a GTP-U tunnel session setup message associated with a new session and from F1AP traffic to extract contextual information at a security platform for monitoring network traffic on a mobile network, wherein extracting a plurality of parameters from the GTP-U tunnel session setup message and from F1AP traffic to extract contextual information at the security platform further comprises:
inspect F1AP traffic over an F1-C interface between O-RAN Distributed Unit (O-DU) and O-RAN Centralized Unit Control Plane (O-CU-CP) nodes in an O-RAN environment in the mobile network to extract contextual information; and
inspect GTP-U traffic over an F1-U interface between the O-DU and O-RAN Centralized Unit User Plane (O-CU-UP) nodes for applying layer-7 security on User Plane (UP) traffic; and
enforce a security policy at the security platform on the new session based on one or more of the plurality of parameters to apply context-based security to the network traffic transported between the O-DU and the O-CU-CP nodes and between the O-DU and the O-CU-UP nodes in the O-RAN environment in the mobile network; and
a memory coupled to the processor and configured to provide the processor with instructions.
|