Saved in:
Bibliographic Details
Main Authors: Ganiyu, Abiodun, Ron, Dara, Hussain, Syed Rafiul, Shah, Vijay K
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2509.05161
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915481534857216
author Ganiyu, Abiodun
Ron, Dara
Hussain, Syed Rafiul
Shah, Vijay K
author_facet Ganiyu, Abiodun
Ron, Dara
Hussain, Syed Rafiul
Shah, Vijay K
contents The Y1 interface in O-RAN enables the sharing of RAN Analytics Information (RAI) between the near-RT RIC and authorized Y1 consumers, which may be internal applications within the operator's trusted domain or external systems accessing data through a secure exposure function. While this visibility enhances network optimization and enables advanced services, it also introduces a potential security risk -- a malicious or compromised Y1 consumer could misuse analytics to facilitate targeted interference. In this work, we demonstrate how an adversary can exploit the Y1 interface to launch selective jamming attacks by passively monitoring downlink metrics. We propose and evaluate two Y1-aided jamming strategies: a clustering-based jammer leveraging DBSCAN for traffic profiling and a threshold-based jammer. These are compared against two baselines strategies -- always-on jammer and random jammer -- on an over-the-air LTE/5G O-RAN testbed. Experimental results show that in unconstrained jamming budget scenarios, the threshold-based jammer can closely replicate the disruption caused by always-on jamming while reducing transmission time by 27\%. Under constrained jamming budgets, the clustering-based jammer proves most effective, causing up to an 18.1\% bitrate drop while remaining active only 25\% of the time. These findings reveal a critical trade-off between jamming stealthiness and efficiency, and illustrate how exposure of RAN analytics via the Y1 interface can enable highly targeted, low-overhead attacks, raising important security considerations for both civilian and mission-critical O-RAN deployments.
format Preprint
id arxiv_https___arxiv_org_abs_2509_05161
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Jamming Smarter, Not Harder: Exploiting O-RAN Y1 RAN Analytics for Efficient Interference
Ganiyu, Abiodun
Ron, Dara
Hussain, Syed Rafiul
Shah, Vijay K
Cryptography and Security
The Y1 interface in O-RAN enables the sharing of RAN Analytics Information (RAI) between the near-RT RIC and authorized Y1 consumers, which may be internal applications within the operator's trusted domain or external systems accessing data through a secure exposure function. While this visibility enhances network optimization and enables advanced services, it also introduces a potential security risk -- a malicious or compromised Y1 consumer could misuse analytics to facilitate targeted interference. In this work, we demonstrate how an adversary can exploit the Y1 interface to launch selective jamming attacks by passively monitoring downlink metrics. We propose and evaluate two Y1-aided jamming strategies: a clustering-based jammer leveraging DBSCAN for traffic profiling and a threshold-based jammer. These are compared against two baselines strategies -- always-on jammer and random jammer -- on an over-the-air LTE/5G O-RAN testbed. Experimental results show that in unconstrained jamming budget scenarios, the threshold-based jammer can closely replicate the disruption caused by always-on jamming while reducing transmission time by 27\%. Under constrained jamming budgets, the clustering-based jammer proves most effective, causing up to an 18.1\% bitrate drop while remaining active only 25\% of the time. These findings reveal a critical trade-off between jamming stealthiness and efficiency, and illustrate how exposure of RAN analytics via the Y1 interface can enable highly targeted, low-overhead attacks, raising important security considerations for both civilian and mission-critical O-RAN deployments.
title Jamming Smarter, Not Harder: Exploiting O-RAN Y1 RAN Analytics for Efficient Interference
topic Cryptography and Security
url https://arxiv.org/abs/2509.05161