Towards Quantum-Safe O-RAN: Experimental Evaluation of ML-KEM-Based IPsec on the E2 Interface
Abstract
1. Introduction
2. Related Works
2.1. O-RAN Architecture
2.2. O-RAN Security and Post-Quantum Cryptography (PQC)
2.3. PQC for O-RAN—Latest Industrial and Standardisation Efforts
3. Testbed Design
3.1. Design Rationale and Components Selection
3.2. Testbed Components
3.3. Testbed Topology and IPSec Placement
- (1)
- Minimal Functional Topology (Proof of Concept): In this stage, a single host runs srsRAN and Open5GS with a collocated RIC to validate basic E2 signalling and IKEv2/IPsec mechanics. This stage verified functional compatibility between RAN, RIC, and IPsec stacks and established measurement baselines.
- (2)
- Distributed Software Topology (Isolation and Instrumentation): Functions were separated into distinct virtual machines/containers, including (a) O-CU/O-DU (srsRAN), (b) 5G Core (Open5GS), (c) Near-RT RIC (FlexRIC + xApps), and (d) security gateway endpoints (strongSwan). Separating these roles enabled realistic network hops, latency characterisation, and per-node resource monitoring. It also allowed the IPsec tunnel endpoints to be placed in realistic locations. For instance, between the O-CU host and the Near-RT RIC host to emulate cross-domain E2 protection.
- (3)
- The final reproducible testbed is shown in Figure 2 below. The final design consolidates lessons from earlier stages into a modular topology suitable for repeatable experiments.
- O-RU/O-DU/O-CU (srsRAN Split): srsRAN implements the gNB split (DU + CU functions). In the testbed, the logical gNB endpoint of E2 is hosted on the O-CU node.
- Near-RT RIC (FlexRIC): This is hosted on a separate node reachable over the emulated network. It runs representative xApps to generate realistic E2 control traffic and closed-loop signalling.
- IPsec Endpoints (strongSwan): Configured to protect the E2 interface between the O-CU and Near-RT RIC. The IKEv2 configuration can be toggled between classical (ECDH) and ML-KEM key exchanges. ML-KEM is provided by liboqs/strongSwan integration and uses NIST-recommended parameter sets for experimentation.
- Core Network (Open5GS) and UE Traffic: deployed to produce normal session activity and user plane load where required by specific experiments, but the E2 path is the primary measurement focus.
- Measurement and Orchestration Hosts: Dedicated hosts and scripts for triggering tunnel setups, capturing packet traces, and measuring tunnel setup latency (from IKE_SA_INIT to IKE_AUTH completion and IPsec SA/ESP readiness). All nodes are time-synchronised to ensure accurate latency measurement.
3.4. Workloads and Metrics
4. Testbed Implementation
4.1. Deployment of 5G Network Components
4.1.1. srsUE
- # git clone https://github.com/zeromq/czmq.git (accessed on 12 August 2025)
- # make
- # git clone https://github.com/srsRAN/srsRAN_4G.git (accessed on 12 August 2025)
- When compiling srsRAN 4G, ZMQ should be enabled.
- /srsRAN_4G/build# cmake ../-DENABLE_EXPORT=ON -DENABLE_ZEROMQ=ON
- /srsRAN_4G/build# make
- /srsRAN_4G/build# make test
4.1.2. srsRAN
- # git clone https://github.com/srsRAN/srsRAN_Project.git (accessed on 12 August 2025)
- ZeroMQ is disabled by default, so it should also be enabled here when building as follows:
- # cmake ../-DENABLE_EXPORT=ON -DENABLE_ZEROMQ=ON
- # make -j $(nproc)
- # make install
4.1.3. Open5GS
4.1.4. FlexRIC
- # git clone https://gitlab.eurecom.fr/mosaic5g/flexric.git (accessed on 12 August 2025)
- ~/flexric# git checkout br-flexric
- ~/flexric/build# cmake -DKPM_VERSION=KPM_V3_00 -DXAPP_DB=NONE_XAPP ../
- ~/flexric/build# make
- ~/flexric/build# make install
- ~/flexric/build# ctest
4.2. Implementation of Interface Security
Key Confirmation and Failure Handling in IKEv2 with ML-KEM
4.3. Execution and Validation of the Testbed
- (1)
- 5G Core: Initialise 5G core using Docker: docker compose up 5gc.
- (2)
- Near-RT RIC: Run the FlexRIC executable: ~/flexric/build/examples/ric#./nearRT-RIC
- (3)
- gNB: Run the gnb executable, with the configuration file specific for E2 settings:../srsRAN_config# gnb -c gnb_zmq_e2.yaml. Upon starting the gNB, the following can be observed, as shown in Figure 7:
- -
- The “Connection to AMF on 10.53.1.2:38412” message indicates that the gNB initiated a connection to the 5G core.
- -
- The “Connection to NearRT-RIC on 172.16.2.34:36421” message indicates that the gNB initiated a connection to the NearRT-RIC successfully.
- (4)
- User Equipment: First, we need to create a namespace for the UE as follows: ~/project-lab# ip netns add ue1. Then, we initiate the UE by running the executable, with the configuration file modified with configuration settings for the ZMQ-based RF driver and E2:#./project-lab/srsRAN_4G/build/srsue/srcsrsue/root/project-lab/srsRAN_config/ue_zmq_e2.confOnce the srsUE is successfully attached, a message should appear on the 5G Core console. Finally, after configuring routing among these components, traffic between the UE and 5G Core is generated using ipref3 to validate the experimental setup. Note that we ran the iperf3 server on the 5G core as a Docker container, while the iperf3 client is running in the UE network namespace.
- (5)
- xApp: To verify the proper working of the experimental system, we ran an xApp available with the FlexRIC installation. The xApp xapp_oran_moni connects to the Near RT-RIC and uses E2SM_KPM service modules to subscribe to measurement data. The metric names to be passed to the xApp are in the srsRAN configuration file, which was updated with the Near RT-RIC IP address, as shown in Figure 9 below.
5. Evaluation and Result Analysis
5.1. Performance Metrics
- Latency Introduced by IPsec: This provides a direct measure of the overhead imposed on traffic between two endpoints due to securing an O-RAN interface. It is particularly relevant for latency-sensitive applications using the E2 interface.
- IPsec Security Association (SA) Setup Time: This measures the impact of using PQC KEM algorithms in comparison to classical KEM, as an additional overhead. It reflects how PQC adoption may impact session initiation delays in practice.
- Latency with IPSec SA setup for xApp. This measures the latency on xApp traffic during the IPSec SA setup. It reflects how PQC adoption may impact xApp’s operation during the shorter period of session initiation.
5.2. Experimental Scenario Setup
5.2.1. Latency Introduced by IPSec
5.2.2. IPSec SA Setup Time
- IKE Initiation: {start} parent_sa ikev2_init[I] and {end} parent_sa ikev2_init[R].
- IKE Authorisation: {start} child_sa ikev2_auth[I] and {end} child _sa ikev2_auth[R].
- Child SA Setup: {start} child_sa child_sa[I] and {end} child _sa child_sa[R].
5.2.3. Latency with IPSec SA Setup for xApp
- /root/project-lab/flexric/build/examples/xApp/c/monitor/xapp_oran_moni -c xapp_mon_e2sm_kpm.conf.
5.3. Results and Analysis
5.4. Limitations of Testbed Environment
6. Conclusions
- Optimising PQC: Leveraging federated feedback to determine optimal algorithm selection and parameter settings that balance security and efficiency.
- Collaborative Anomaly Detection: Aggregating locally trained model insights to capture behavioural and implementation anomalies without exposing raw data.
- Post-Deployment Hardening: rapid identification of novel attacks and implementation weaknesses based on federated insights from live systems, supporting ongoing attack resilience.
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
Abbreviations
| 3GPP | 3rd-Generation Partnership Project; |
| A1 | O-RAN A1 interface (Non-RT RIC ↔ Near-RT RIC); |
| E2 | O-RAN E2 interface (Near-RT RIC ↔ O-CU/O-DU); |
| ESP | Encapsulating Security Payload; |
| IKEv2 | Internet Key Exchange version 2; |
| IPsec | Internet Protocol Security; |
| ML-DSA | Module-Lattice Digital Signature Algorithm; |
| ML-KEM | Module-Lattice Key Encapsulation Mechanism; |
| NIST | National Institute of Standards and Technology; |
| Near-RT RIC | Near-Real-Time RAN Intelligent Controller; |
| Non-RT RIC | Non-Real-Time RAN Intelligent Controller; |
| O-Cloud | Cloud infrastructure hosting O-RAN VNFs/CNFs; |
| O-CU | O-RAN Central Unit; |
| O-DU | O-RAN Distributed Unit; |
| O-FH | Open Fronthaul; |
| O-RAN | Open Radio Access Network; |
| O-RU | O-RAN Radio Unit; |
| PQC | Post-Quantum Cryptography; |
| RAN | Radio Access Network; |
| RIC | RAN Intelligent Controller; |
| RRM | Radio Resource Management; |
| SMO | Service Management and Orchestration; |
| TLS | Transport Layer Security; |
| UE | User Equipment; |
| VNF | Virtual Network Function; |
| VM | Virtual Machine. |
References
- Polese, M.; Bonati, L.; D’oro, S.; Basagni, S.; Melodia, T. Understanding O-RAN: Architecture, Interfaces, Algorithms, Security, and Research Challenges. IEEE Commun. Surv. Tutor. 2023, 25, 1376–1411. [Google Scholar] [CrossRef]
- Liyanage, M.; Braeken, A.; Shahabuddin, S.; Ranaweera, P. Open RAN security: Challenges and Opportunities. J. Netw. Comput. Appl. 2023, 214, 103621. [Google Scholar] [CrossRef]
- O-RAN Alliance e.V. O-RAN Security Requirements and Controls Specifications 13.0. 2025. Available online: https://specifications.o-ran.org/download?id=991 (accessed on 12 August 2025).
- O-RAN Alliance e.V. O-RAN Security Protocols Specifications 13.0. 2025. Available online: https://specifications.o-ran.org/download?id=992 (accessed on 12 August 2025).
- National Institute of Standards and Technology (NIST). FIPS 203—Module-Lattice-Based Key-Encapsulation Mechanism Standard. 2024. Available online: https://csrc.nist.gov/pubs/fips/203/final (accessed on 12 August 2025).
- Groen, J.; D’Oro, S.; Demir, U.; Bonati, L.; Villa, D. Securing O-RAN Open Interfaces. arXiv 2024, arXiv:2404.15076. [Google Scholar] [CrossRef]
- Djuitcheu, H.; Kakani, P.K.; Brunke, D.; Fraunholz, D.; Schotten, H.D. Exploring the Implications and Methodologies of Securing the E2 Interface. In Proceedings of the IEEE Future Networks World Forum (FNWF), Dubai, United Arab Emirates, 15–17 October 2024. [Google Scholar]
- Scalise, P.; Garcia, R.; Boeding, M.; Hempel, M.; Sharif, H. An Applied Analysis of Securing 5G/6G Core Networks with Post-Quantum Key Encapsulation Methods. Electronics 2024, 13, 4258. [Google Scholar] [CrossRef]
- Software Radio Systems. srsRAN Enterprise 5G|Software Radio Systems. Available online: https://srs.io/srsran-enterprise-5g/ (accessed on 22 August 2025).
- Open5GS. Building Open5GS from Sources. Available online: https://open5gs.org/open5gs/docs/guide/02-building-open5gs-from-sources/ (accessed on 22 August 2025).
- Mosaic5g. Flexible RAN Intelligent Controller (FlexRIC) and E2 Agent. Available online: https://gitlab.eurecom.fr/mosaic5g/flexric (accessed on 22 August 2025).
- The strongSwan Team. strongSwan. Available online: https://strongswan.org/ (accessed on 22 August 2025).
- Salvat, J.; Ayala-Romero, J.; Zanzi, L.; Garcia-Saavedra, A.; Costa-Perez, X. Open Radio Access Networks (O-RAN) Experimentation Platform: Design and Datasets. IEEE Commun. Mag. 2023, 61, 138–144. [Google Scholar] [CrossRef]
- Azariah, W.; Bimo, F.; Lin, C.-W.; Cheng, R.-G.; Nikaein, N.; Jana, R. A Survey on Open Radio Access Networks: Challenges, Research Directions, and Open Source Approaches. Sensors 2024, 24, 1038. [Google Scholar] [CrossRef] [PubMed]
- O-RAN Alliance e.V. O-RAN Architecture Description 15.0. 2025. Available online: https://specifications.o-ran.org/download?id=932 (accessed on 22 August 2025).
- Wani, M.S.; Kretschmer, M.; Schröder, B.; Grebe, A.; Rademacher, M. Open RAN: A Concise Overview. IEEE Open J. Commun. Soc. 2025, 6, 13–28. [Google Scholar] [CrossRef]
- Kim, J.; Park, J.; Lee, J.-H. Integration of the Layer 2 Protection Extended Application for Open RAN: A Security by Design Approach. Comput. Electr. Eng. 2025, 126, 110479. [Google Scholar] [CrossRef]
- Aizikovich, E.; Mimran, D.; Grolman, E.; Elovici, Y.; Shabtai, A. Rogue Cell: Adversarial Attack and Defense in Untrusted O-RAN Setup Exploiting the Traffic Steering xApp. arXiv 2025, arXiv:2505.01816. [Google Scholar] [CrossRef]
- Mimran, D.; Bitton, R.; Kfir, Y.; Klevansky, E.; Brodt, O.; Lehmann, H.; Elovici, Y.; Shabtai, A. Security of Open Radio Access Networks. Comput. Secur. 2022, 122, 102890. [Google Scholar] [CrossRef]
- O-RAN Next Generation Research Group (nGRG). Platform Security in Next-Gen Mobile Networks. 2025. Available online: https://www.o-ran.org/research-reports/platform-security-in-next-gen-mobile-networks (accessed on 12 August 2025).
- Alimohammadi, H.; Mayhoub, S.; Chatzimiltis, S.; Shojafar, M.; Bhutta, M.N.M. Toward a Multi-Layer Defence Framework for Securing Near-Real-Time Operations in Open RAN. IEEE Open J. Commun. Soc. 2026, 7, 480–497. [Google Scholar] [CrossRef]
- O-RAN Alliance e.V. The O-RAN ALLIANCE Security Working Group Continues to Advance O-RAN Security. 2024. Available online: https://www.o-ran.org/blog/the-o-ran-alliance-security-working-group-continues-to-advance-o-ran-security (accessed on 12 August 2025).
- Eiza, M.H.; Akwirry, B.; Raschella, A.; Mackay, M.; Maheshwari, M.K. A Hybrid Zero Trust Deployment Model for Securing O-RAN Architecture in 6G Networks. Future Internet 2025, 17, 372. [Google Scholar] [CrossRef]
- O-RAN Next Generation Research Group (nGRG). Research Report on Quantum Security. 2023. Available online: https://mediastorage.o-ran.org/ngrg-rr/nGRG-RR-2023-04-Quantum-Security-v1_1.pdf (accessed on 12 August 2025).
- National Institute of Standards and Technology (NIST). NIST Releases First 3 Finalized Post-Quantum Encryption Standards. 13 August 2024. Available online: https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards (accessed on 12 December 2025).
- Joseph, D.; Misoczki, R.; Manzano, M.; Tricot, J.; Pinuaga, F.D.; Lacombe, O.; Leichenauer, S.; Hidary, J.; Venables, P.; Hansen, R. Transitioning organizations to post-quantum cryptography. Nature 2022, 605, 237–243. [Google Scholar] [CrossRef] [PubMed]
- García, C.R.; Rommel, S.; Takarabt, S.; Vegas Olmos, J.J.; Guilley, S.; Nguyen, P.; Monroy, I.T. Quantum-resistant Transport Layer Security. Comput. Commun. 2024, 213, 345–358. [Google Scholar] [CrossRef]
- Rathi, V.; Chopra, L.; Agarwal, M.; Rajput, N.; Sharma, K.; Mundepi, S.; Gangwar, S.; Rawal, R. Q-RAN: Quantum-Resilient O-RAN Architecture. arXiv 2025, arXiv:2510.19968v1. [Google Scholar]
- Montenegro, J.A.; Rios, R.; Lopez-Cerezo, J. A performance evaluation framework for post-quantum TLS. Future Gener. Comput. Syst. 2026, 175, 108062. [Google Scholar] [CrossRef]
- Bae, S.; Chang, Y.; Park, H.; Kim, M.; Shin, Y. A Performance Evaluation of IPsec with Post-Quantum Cryptography. In Information Security and Cryptology—ICISC 2022, Proceedings of the 25th International Conference, ICISC 2022, Seoul, Republic of Korea, 30 November–2 December 2022; Springer: Cham, Switzerland, 2023. [Google Scholar]
- Otero-García, P.; Fernández-Vilas, A.; Fernández-Veiga, M. Introducing Post-Quantum algorithms in Open RAN interfaces. arXiv 2025, arXiv:2501.10060v1. [Google Scholar] [CrossRef]
- Patero. Patero and Eridan Pioneer Quantum-Secure Open Radio Area Network. 31 July 2025. Available online: https://www.patero.io/news/how-technology-can-help-curb-attention-disorders (accessed on 9 January 2026).
- Nokia. Nokia and Turkcell Demonstrate Industry Leading Quantum-Safe Protection for Mobile Subscribers. 20 December 2024. Available online: https://www.nokia.com/newsroom/nokia-and-turkcell-demonstrate-industry-leading-quantum-safe-protection-for-mobile-subscribers/ (accessed on 9 January 2026).
- Samsung Research. Quantum Security for Future Communication Networks: Standards Perspective. 2 July 2025. Available online: https://research.samsung.com/blog/Quantum-Security-for-Future-Communication-Networks-Standards-Perspective (accessed on 9 January 2026).
- Open5GS. Open5GS—Open Source Implementation for 5G Core. Available online: https://open5gs.org/ (accessed on 22 August 2025).
- Northeastern University. Colosseum: The Open RAN Digital Twin. Available online: https://colosseum.sites.northeastern.edu/ (accessed on 22 August 2025).
- free5GC. free5GC—Open Source Core Network Implementation. Available online: https://free5gc.org/ (accessed on 22 August 2025).
- O-RAN Project. Installation Guides. Available online: https://docs.o-ran-sc.org/projects/o-ran-sc-ric-plt-ric-dep/en/latest/installation-guides.html (accessed on 22 August 2025).
- Maheshwari, M.K.; Raschella, A.; Mackay, M.; Eiza, M.H.; Wetherall, J.; Laing, J. 5G High Density Demand (HDD) Dataset in Liverpool City Region, UK. Sci. Data 2025, 12, 1992. [Google Scholar] [CrossRef] [PubMed]
- Software Radio Systems. srsRAN gNB with srsUE. Available online: https://docs.srsran.com/projects/project/en/latest/tutorials/source/srsUE/source/index.html (accessed on 22 August 2025).
- The ZeroMQ Authors. ZeroMQ. Available online: https://zeromq.org/ (accessed on 22 August 2025).
- Schmidt, R.; Irazabal, M.; Nikaein, N. FlexRIC: An SDK for next-generation SD-RANs. In Proceedings of the 17th International Conference on Emerging Networking EXperiments and Technologies (CoNEXT ‘21), Virtual, 7–10 December 2021. [Google Scholar]
- Mellanox Technologies. Mellanox/sockperf: Network Benchmarking Utility. 21 September 2022. Available online: https://github.com/Mellanox/sockperf (accessed on 12 August 2025).















| Scenario | IKE Initiation | IKE Authorisation | Child SA Setup |
|---|---|---|---|
| IPSec (ECDH Curve 25519) | (1363, 276) | (2093, 466) | (1658, 371) |
| IPSec (ML-KEM 768) | (4306, 577) | (2141, 490) | (1633, 304) |
| IPSec (ML-KEM 1024) | (6026, 787) | (2198, 535) | (1768, 435) |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2026 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license.
Share and Cite
Perera, M.; Mackay, M.; Hashem Eiza, M.; Raschella, A.; Shone, N.; Maheshwari, M.K. Towards Quantum-Safe O-RAN: Experimental Evaluation of ML-KEM-Based IPsec on the E2 Interface. Future Internet 2026, 18, 188. https://doi.org/10.3390/fi18040188
Perera M, Mackay M, Hashem Eiza M, Raschella A, Shone N, Maheshwari MK. Towards Quantum-Safe O-RAN: Experimental Evaluation of ML-KEM-Based IPsec on the E2 Interface. Future Internet. 2026; 18(4):188. https://doi.org/10.3390/fi18040188
Chicago/Turabian StylePerera, Mario, Michael Mackay, Max Hashem Eiza, Alessandro Raschella, Nathan Shone, and Mukesh Kumar Maheshwari. 2026. "Towards Quantum-Safe O-RAN: Experimental Evaluation of ML-KEM-Based IPsec on the E2 Interface" Future Internet 18, no. 4: 188. https://doi.org/10.3390/fi18040188
APA StylePerera, M., Mackay, M., Hashem Eiza, M., Raschella, A., Shone, N., & Maheshwari, M. K. (2026). Towards Quantum-Safe O-RAN: Experimental Evaluation of ML-KEM-Based IPsec on the E2 Interface. Future Internet, 18(4), 188. https://doi.org/10.3390/fi18040188

