Future Mobile Networks Gain Quantum Security Without Increased Energy Use

Researchers are addressing the critical challenge of securing future Open Radio Access Networks (O-RAN) against the threat of quantum computing, a vulnerability exacerbated by the energy demands of post-quantum cryptographic handshakes. Neha Gupta, Hamed Alimohammadi, and Mohammad Shojafar from the 5G & 6GIC at the University of Surrey, Guildford, UK, working with colleagues including De Mi and Muhammad N.M. Bhutta from Abu Dhabi University, UAE, present a novel energy-aware framework designed to alleviate this bottleneck. This collaborative work is significant because it proposes a system that optimises cryptographic scheduling within the O-RAN architecture, balancing the need for quantum resilience with the imperative of sustainable energy consumption. By intelligently managing handshake procedures and prioritising efficient parameter selection, the team demonstrates a potential reduction of approximately 60 percent in per-handshake energy expenditure, without compromising network performance.

The evolving landscape of mobile networks demands robust security against emerging threats, particularly those posed by cryptographically relevant quantum computers. While Post-Quantum Cryptography (PQC) offers a scalable defence, its computationally intensive processes create a significant bottleneck for the RAN control plane, raising concerns about long-term sustainability. The proposed system leverages O-RAN’s architecture, splitting control functions between a Crypto Policy rApp, residing in the Non-Real-Time (Non-RT) RIC, which defines the overall security strategy, and a Security Operations Scheduling (SOS) xApp in the Near-RT RIC, which translates this strategy into tactical actions. This innovative approach maintains cryptographic enforcement at standards-compliant network endpoints, utilising Media Access Control Security (MACsec) in the Open Fronthaul between the O-DU and O-RU, and IP Security (IPsec) for the xhaul network, encompassing both midhaul and backhaul connections. The core of the solution lies within the SOS xApp, which intelligently manages PQC overhead by batching non-urgent handshakes, prioritising session resumption, and strategically selecting parameters to meet stringent slice Service Level Agreements (SLAs) while minimising energy consumption per secure connection. Through a Discrete-Event Simulation (DES) employing realistic 3GPP traffic profiles and verified hardware benchmarks, researchers demonstrate a substantial reduction in per-handshake energy, approximately 60 percent, without exceeding established slice latency targets. The research addresses a critical challenge in future-proofing mobile networks: protecting long-lived assets like control-plane sessions and user data against the “harvest-now, decrypt-later” threat posed by quantum computers. By embedding security operations into O-RAN’s existing control loops, the framework delivers a proactive and sustainable solution. The system’s design incorporates a constrained reinforcement learning (RL) policy within the SOS xApp, optimising energy usage while adhering to strict safety constraints, such as latency targets and minimum security levels, using real-time network signals and an energy proxy to guide decision-making. This simulation environment allowed for controlled experimentation with 3GPP-aligned traffic profiles, replicating real-world network conditions with precision. The core of the DES involved modelling the interaction between the O-RAN Radio Intelligent Controller (RIC) components, specifically the Non-Real-Time (Non-RT) and Near-Real-Time (Near-RT) RIC, and the network elements responsible for cryptographic operations. The simulation meticulously recreated the O-RAN aligned split, featuring a Crypto Policy Radio Application (rApp) within the Non-RT RIC that defines the overarching security strategy. This rApp establishes parameters such as permitted cryptographic suites and rekeying intervals, communicating these directives via the A1 interface to the Security Operations Scheduling (SOS) xApp. The SOS xApp, operating within the Near-RT RIC, then translates these strategic policies into tactical timing and placement intents, orchestrating cryptographic operations to minimise energy consumption. To accurately reflect hardware limitations, the DES incorporated verified hardware benchmarks sourced from existing literature, ensuring realistic performance modelling. A key innovation within the simulation was the implementation of three tightly coupled mechanisms designed to mitigate the performance bottleneck associated with Post-Quantum Cryptography (PQC). Handshake scheduling intelligently delays non-urgent rekeys to periods of lower network load, while session resumption leverages mobility-aware pre-seeding to reduce cryptographic overhead. Adaptive suite and accelerator selection further optimizes energy efficiency by dynamically choosing the most appropriate PQC algorithms based on predicted energy gain. The decision-making process within the SOS xApp is governed by a constrained reinforcement learning (RL) policy, minimising joules per secure connection while adhering to stringent latency constraints, such as a 95th percentile (p95) target. Real-time E2SM-KPM signals, combined with an energy proxy, derived from CPU cycle counts or accelerator utilisation, form the observation vector for this RL policy. securing those networks against the threat of quantum computers. Simply bolting on post-quantum cryptography isn’t enough; the energy demands of these new algorithms threaten to overwhelm the very networks they are meant to protect. What distinguishes this research is its focus on intelligent scheduling, a subtle but powerful optimisation. Rather than brute-force cryptographic upgrades, the team proposes a system that anticipates and batches security handshakes, prioritising urgent connections and minimising wasted energy. This isn’t about faster processors or revolutionary new algorithms, but about making the most of what we already have. The reported sixty percent reduction in per-handshake energy consumption is significant, suggesting a pathway to sustainable quantum resilience. However, the simulation environment, while robust, remains a step removed from real-world deployment. The complexities of a live network, unpredictable traffic patterns, hardware variations, and the sheer scale of a modern mobile operator, could easily introduce unforeseen challenges. Furthermore, the study concentrates on the RAN itself, leaving the security of the wider core network largely unaddressed. Looking ahead, this work should spur further investigation into adaptive security policies, where the level of cryptographic protection dynamically adjusts based on network conditions and threat assessments. The convergence of AI and network security, already gaining momentum, could unlock even more sophisticated scheduling algorithms. Ultimately, securing the future of mobile communications will require a layered approach, combining robust cryptography with intelligent resource management and a proactive, adaptable security posture.