Exploring Cybersecurity in Open Radio Access Networks with Mark Megarry

Show Notes

In this episode, Francis Gorman interviews Mark Megarry, a PhD student specializing in 6G open radio access networks. They discuss Mark's journey into cybersecurity, the implications of 6G technology, and the security risks associated with open radio access networks. The conversation also covers the role of machine learning in future networks, the real-world consequences of insecure networks, and the importance of public speaking and community engagement in the cybersecurity field. Mark shares insights from his Capture the Flag competitions and emphasizes the need for resilience in network security.

Takeaways

• Mark transitioned from electronics to cybersecurity through hands-on experience.
• Curiosity drives the field of cybersecurity and research.
• 6G networks will focus on enabling new applications beyond just speed.
• Security risks in open radio access networks often stem from misconfigurations.
• Machine learning is becoming integral to the development of future networks.
• Insecure networks can lead to serious privacy breaches and data theft.
• Public speaking can be improved by sharing topics you are passionate about.
• Community engagement is crucial for personal and professional growth in cybersecurity.
• Capture the Flag competitions provide practical experience and learning opportunities.
• Quantum security is a significant concern for future network specifications.

Transcript

Francis Gorman (00:00.854)
Hi everyone, welcome to episode 6 of the entry podcast. joined by Mark Megarry. He's a PhD student on 6G open radio access networks. Hey Mark, how's things? How are you keeping?

Mark Megarry (00:11.746)
Yeah, all's good. Thank you very much for having me on the podcast, Francis.

Francis Gorman (00:14.848)
Great to have you here today, Mark. And really, we have a really interesting subject matter to discuss on this episode. But before we jump into it, I'm curious, you started off your journey in electronics and now you've ventured into radio access network security. How did that transformation happen? How did you go from one discipline and kind of pivot into the security field?

Mark Megarry (00:39.662)
Okay, well, I studied electrical and electronic engineering for my undergraduate degree. And I always had a bit of an interest in security at the time. I mean, who doesn't find hacking interesting, right? But it wasn't until my placement where I was working in a hardware department at a security company, where I got really, really into security. So I was sitting there and I had an engineering copy of a security product on my desk.

And I just thought it was really interesting how by soldering the right tool to the right place or screwing in the right tool at the right place on this board, I could see data in flight. I could read data from memory or I could read and write the firmware on the board. So that really got me into thinking more about how can I defeat the security assumptions of this device. Then from there I sort of had to move into, well not had to, I moved into

Radio frequency engineering a little bit. I focused on that. But then even within that area, I was very interested in this idea that there are all these signals, you know, whizzing through the air around us and with the right tools, actually, you can hear any of them. And the only thing stopping you understanding these signals is the cryptography involved. So I came across this opportunity to hybridize a little bit for my PhD.

to do communications and security. So of course jumped at that opportunity and here we are.

Francis Gorman (02:13.306)
Curiosity is the backbone of cybersecurity, so I suppose that that pivot is is always piqued by interest. What happens in a cybersecurity PhD? I've always had an interest, you know, just in case I get bored in the next couple of years and decide to to rock back into education.

Mark Megarry (02:31.31)
It's always an option if you feel you don't have quite enough on your plate.

Mark Megarry (02:39.394)
Yes. So I'll go from the point, I'll assume that you've chosen a project title. You've talked to your supervisor. There's a lot of back and forth there where you come up with a description or a basic plan of work for your project. But what happens on a cybersecurity PhD? You'll come in day one. As I say, you have your project title. You'll maybe have some training organized on how to carry out research. But if you've a master's degree already, that'll only be so helpful. know, it's

It's you, your project title and the wealth of research that's out there already. So step one is you'll be hitting the books and probably carrying out a literature review because you need to know what everyone else knows to start with. You can't just run straight into it.

Now at my university, Queen's University, Belfast, the first first checkpoint you have to pass is a three month review called initial review. And what they're looking for there is, you know, have you been able to carry out an effective literature review? Do you know the subject area? And are you likely to be able to continue researching confidently? Then you've got about

six months to go and try and build up some work, maybe get some results. And then about nine months in, you'll be looking at what's called differentiation.

And before differentiation, if I remember correctly, you're technically not a PhD student, you're a postgraduate research student. Then after your differentiation, once you've shown, you can do research and maybe get results. And there's a good chance that you're going to be able to follow through for the next two and a bit years. After that point, then you're a PhD student proper. But all of this is in service of trying to write a thesis.

Mark Megarry (04:38.475)
It's a lot of self-guided work, really.

Francis Gorman (04:42.294)
So your thesis, Mark, can you give me a bit of insight into where you're headed with that?

Mark Megarry (04:50.35)
Yes. So really at the minute, I'm just focusing on getting discrete blocks of work done. You know, I'm trying to get papers published before then hopefully, because it's a lot easier to defend. in terms of my area at the minute, I'm really focused on resilience in video access networks. So how can we have a network that's not just secure, but if it's attacked, how does it stay standing up?

Francis Gorman (05:22.326)
And I think that's a really key topic at the moment. Resilience is pivotable. You've seen in the wider industry focus to things like Dora and this too, et cetera, with a high focus on the resilience aspect. But when it comes to radio access networks, these are the things that we depend upon in the field as in our day-to-day business. A lot of people are familiar with 2G, 3G, 5G, et cetera.

What's 6G? What's different? When is it common?

Mark Megarry (05:54.776)
Okay, well, when is it coming? The number that we see thrown around a lot is 20, 30, but obviously that's very much subject to a lot of different factors. So we'll just have to wait and see when it's coming. But in terms of where it's at right now, well, we'll need to go back and look at the fact that telecoms technologies like LTE, 5G, they're all built on top of many, many, many specifications and the specifying body for...

for these technologies is called the Third Generation Partnership Project or 3GPP. And we're there at right now with 6G is they're carrying out a study on some of the requirements for 6G. So that's in progress, but in the meantime, they're working on what's called 5G Advanced. 5G Advanced is considered to be a bridge towards 6G. We're bringing in technologies like machine learning in the radio access networks.

But no, we don't have specifications for 6G yet, but we can look at the current research and we can look at where industry thinks 6G is going to go. So in a recent white paper by Samsung, Samsung essentially said that 6G will be less focused on just improving things like the raw throughput, you know, because

You open up your phone right now, you turn on 5G and you can stream a whole movie, no problem, right? But where 6G is really going to be focusing on is enabling new applications. So things like how can we have a network that supports drone deliveries, vehicle infrastructure communications, how can we support things like extended reality applications. It's more about improving the quality of experience and enabling new applications.

Francis Gorman (07:54.23)
Okay, okay, so there's a couple of terms there. What was the first one you said? Extended reality? was the first one you took?

Mark Megarry (07:59.968)
extended reality. So extended reality is sort of a combination of virtual reality and augmented reality. So virtual reality being, you know, I have a headset on my head and I'm sort of fully immersed. There's a screen in front of me. Augmented reality. Generally we talk about something like the old Google glass idea where you've got a little heads up display or something.

Francis Gorman (08:22.43)
imprints in real time data about people that you meet in the actual world, correct? The augmented reality piece or the landscape that you're surrounded by, information points related to historical buildings or whatever.

Mark Megarry (08:34.978)
Yeah. So yeah, it can be helpful for getting around or even for training purposes, right? You know, how can you train say, a crane operator and maybe you have like a heads up display of how high their cargo is, things like that.

Francis Gorman (08:50.43)
OK, the future is terrifying. OK, OK, so I have this now vision of people just walking around with helmets, not talking to anyone at all anymore. It's a futuristic, futuristic world.

Mark Megarry (08:54.574)
100 %

Mark Megarry (09:01.869)
Ha

Mark Megarry (09:05.986)
Well, right now I suppose people are walking around looking at their phones, not talking to anyone, so it's not too much of a difference.

Francis Gorman (09:10.966)
True, yeah, instead of looking at the ground, they'll be just captured inside some sort of a headset. OK, not sure if that's a good thing, Mark, but anyway, we'll see how it evolves. Am I correct in saying you won a Best Student Paper award for your work on understanding the security implications in open radio access networks with abusive adversaries?

Mark Megarry (09:32.222)
Yes, indeed. So that was at a conference called an ISCOM. I can't remember the acronym off the top of my head right now. Sorry, but that was some work I carried out early on with my supervisor and the rest of the team. So that was definitely more of a collaborative effort. But that was looking, well, that really set my direction actually. So the work we carried out there was on this idea of looking at, okay, abusive adversaries.

We define an abusive adversary as one which is attacking a network and they don't care about the resources that they have to expend to carry out that attack, right? They'll go broke carrying out this attack. So we assume that any application that controls the network. So in open radio access network architecture, we have these applications called X apps, which control things like

let's say they can control handovers, they can control whether or not a radio unit is powered on for energy saving, they control the networks. And in this paper, we looked at attackers that can arbitrarily take control of these applications at any time. And they'll try and carry out attacks like routing a ton of traffic towards one node to try and result in a denial of service. So we looked at

how we can use things like Markov decision process and fuzzy inference.

to find the probability of a successful attack given the state of the network at a given time. We propose this framework.

Francis Gorman (11:15.742)
Okay, okay, now really interesting stuff and what was the biggest security risks you've identified so far when you're looking at these technologies, if any?

Mark Megarry (11:25.454)
Let's see, that's hard to say because at the minute open radio access network, the way I see it, it's a specification, right? And the real security issues come up.

In implementation, it's all about the network misconfigurations, right? But there's a lot of focus on things like signaling storms, which is essentially a very worrying distributed denial of service attack. But I'm very much focused on this idea of misbehaving or malicious control applications in the network. So that's really what I'm concerned with malicious X apps.

Francis Gorman (12:07.488)
I'm sure Mark you've come across the Flipper tool that's widely available to use. Yeah, it's one of my favorite gadgets in my box to rock up beside someone's garage door and open and close it for them without their remote control. It's a really powerful tool. Have you applied that type of a technology approach to validate or to demonstrate weaknesses in the implementation side of these networks?

Mark Megarry (12:10.446)
I love the flipper.

Mark Megarry (12:35.982)
In terms of carrying out practical attacks, no, so I am very much into radio hacking as a hobby. mean, I have a demonstration from the East Side to Belfast and Northern Ireland developer conference talks where I rock up to my car and I'm able to defeat the rolling code on that, you know, and unlock my car with not a Flipper Zero, but a software-defined radio, a similar sort of bit of kit. But in terms of cell networks, I'm not...

played about with that yet, but if I was, the first thing I'd like to try is to track the encryption on 2G communications. So they use a stream cipher. It has been broken, but I've just not played about with that myself yet.

Francis Gorman (13:21.726)
OK, OK. No, the flipper is definitely a fun tool to play with. I think it's a great it's a great way to demonstrate different types of attacks on different technology implementations for from a novel perspective. You you talk about unlocking your car, etc. That that that can really raise a few eyebrows if you rock up to someone's car and pop it open with a little device you have in your hand just because you captured their code when they hit the open button under a key, you know.

Mark Megarry (13:48.942)
So 100%, I think for abstract things like communications, you really need to bring it back to things that people use every day. That's why I do often use the example of my car or like a projector screen motor, you know, can roll it up or roll it down while someone's speaking. People care about that more than, well, people definitely do care about the security of their phone calls, but I think people care a bit more about their car rolling out of their driveway.

Francis Gorman (14:18.134)
And Mark, you talked earlier about 16 networks and the hypothesis that machine learning may be part of the abstraction into those technologies. We're seeing the integration of AI in Gen. AI and machine learning technologies into just about everything at the moment. Do you think it'll play a critical role in the open radio access networks in the future infrastructures or is it a validation piece that's going on at the moment?

Mark Megarry (14:43.526)
I mean, machine learning in general, there's so much movement in implementing machine learning in general in radio access networks in 5G advanced and then of course in 6G. So in general, machine learning, a hundred percent in terms of generative AI specifically. I mean, obviously things like GANs, generative adversarial networks, if I'm getting that right.

are very much useful for security applications. But in terms of your typical large language models.

Actually, that is interesting. I I have seen papers looking at using large language models to analyze security specifications. So things like, you you could feed the three GPP security specifications for an interface into a large language model that's been trained to identify potential security flaws in specifications and use that as part of your security process.

I'm not sure how LLMs could be applied to the radio access network specifically, but for control applications, yes, 100 % we're looking at, I think the term AI native has been used a lot for 6G networks.

Francis Gorman (16:08.31)
AI native, yeah, a new acronym, new acronym to the real of AI acronyms that are out there. In terms of the real world implications, so we're talking a lot about the open radio access network and its inherent security. If it isn't addressed properly, what do you believe the real world consequences could be in that space?

Mark Megarry (16:09.546)
AI native. Yep, you buzzwords.

Mark Megarry (16:34.146)
Yes, well, if, I mean, if your radio access network isn't secure, what you're looking at is a situation where people can eavesdrop on, you know, user plan data, things like what websites people are visiting, things like, you know, their phone calls. And actually, obviously with the internet specifically, we see so many websites using HTTPS, but even having the URL someone visits can be useful for.

blackmail and such. if these networks aren't appropriately secured, mean, we will see things like advanced persistent threats lurking on the network and just eating up data. Maybe even, what's the word, capture now decrypt later when quantum comes along, right? Just hoovering up all the packets they can on everyone and then cracking later once they're able to get their hands on a quantum computer whenever that comes around.

Francis Gorman (17:30.58)
Yeah, and the timelines for that are varied. That's been a hot topic of discussion within the industry, the quantum problem. And just the fact that it also applies to this space just shows it's an end-to-end issue that's not going anywhere. So we really need to start thinking about how we address it. I'm assuming the 6G specifications, when they come, will have quantum as a core consideration in terms of their underpin cryptography.

Mark Megarry (17:58.21)
Yes, we're seeing in research already and in the white papers, are seeing quantum security as a big concern.

And yeah, there's been a lot of work done on post quantum secure algorithms. And in fact, I have some colleagues working on how can we, how can we transition smoothly from existing crypto algorithms to quantum safe crypto algorithms? So that's, you know, that's essential that we consider that because if quantum computing comes along and we're still using quantum vulnerable.

cryptography in our communications, then basically everything we have is exposed to those with a quantum computer.

Francis Gorman (18:48.886)
And when they look at that, Mark, I'm not sure if you've got into the detail yet, but what we've seen in the wider industry is when you potentially uplift to quantum safe algorithms, you can create hardware issues in terms of buffer size, et cetera, with some of your intermediate services like your switches and routers, et cetera, things that need to handle a lot of different packet flows that the byte size is bigger for quantum encryption. And therefore your buffer has an issue and you send

X amount of messages from multiple downstream servers and that communication channel gets clogged up and it just can't handle a process. It's you need to uplift your actual physical hardware as well as uplifting your underpinning cryptographic suites. Do you believe that's going to be an issue, especially since we still have a lot of kind of, I think we still have quite a bit of 2G in lower tier networks, but we still have definitely lots of 3G and obviously 4 and.

5G are prevalent in different parts of the country and the wider geopolitical landscape as well, we've got all of those considerations to take into place.

Mark Megarry (19:58.498)
It's a hundred percent. And as we've said, you know, 2G has or 2G encryption has been broken, in terms of, or sorry, GSM has been broken, but in terms of, you know, the overhead with quantum, it's not something I've looked at specifically, but definitely if it is an issue, it needs to be considered in the specifications for 16 networks. And if it is something that isn't an issue with

integrating with existing networks, then we will have a big problem. So that is something that needs to be considered.

Francis Gorman (20:39.146)
needs to be considered one to one to watch. I'm going to pivot slightly. I'm intrigued. You're doing you're doing a bit of public speaking at the moment. That's always a difficult area to to get into. And, know, no matter how confident you are when you stand in front of a stage full of people and have to talk about a very unique subject matter, it's it's it's tricky and it takes some curating of your of your craft.

How did you decide to go into public speaking and how are you finding it? Is it an area that you were always interested in or is it something that you forced yourself to do to get yourself out there?

Mark Megarry (21:14.018)
Yes, well, I mean, I've always been trying to get better at public speaking, even back in school, I was on the debate team, but I was never very, I wasn't a very confident speaker. But since I've started this PhD project, it seems like anytime there's been a guest in our department, they've, we say that, you know, they wheel out some of the PhD students to show off what we're working on at the minute. And, you know, they'll have us

talk at events like there's one called the NI cyber breakfast where have a lot of industry folks come in and they'll have some PhD students present projects. So a lot of that was very much something I was pushed into doing. But then I got some opportunities like I was asked to apply to besides Belfast.

And I sort of realized, if I'm talking about something that I care about, that's a lot easier. And in fact, if you're talking at a conference like that and it's something you're interested in and people have actually shown up to come and listen to their talk, well, then you can just think that they've, well, they've come to listen to the talk. They're clearly interested. So, you you needn't be worried in that scenario, but I just think it's very important. I mean, everyone.

listening to this podcast now probably has some interesting skill sets and interesting experience or at least a curious mindset. And I think it's important if you have interesting skills to share them or at least talk about them, get it out there. Don't keep it to yourself.

Francis Gorman (22:50.806)
Very, very, very much so. And, know, it is that key thing. If it's something that you love to talk about, it'll it'll it'll flow naturally once you get over those initial jitters, you know, it'll it'll it'll it'll just need something to spark that flame to go. Have you found anything that helps in terms of speaking? Have you got any tips or tricks for listeners that they may find useful if they're thinking about dipping their toes into that world?

Mark Megarry (23:15.566)
Let's see, let's see. Well, there are some community events being run in the run up to B-Sides Belfast. We had a trainer by the name of Garth Gilmore come in and just for free just talk to people a bit about public speaking. And some of the advice he gave that I find really helpful was number one, be the happiest person you can reasonably be on stage, right? No one wants to hear, know, very grumpy.

very sad speaker, know, but also no one wants to be questioning why is he so chipper today, right? That and that just back to that idea of if people have come along to your talk, they probably want to hear what you're talking about. So just don't worry about it. But that all came about for me, even finding out about that training came from being involved in the local, I guess, maker community, you know, hanging out.

at one of Belfast's maker spaces or hacker spaces, a place called Farset Labs, and just sort of getting to know people there. think a community aspect has been really important in sort of learning, well, what are the people who come along to these talks? What are they like? What do they care about? What do they want to hear?

Francis Gorman (24:33.812)
That's it. Curiosity. Curiosity, as I said at the start, is it underpins cybersecurity, know, that community aspect. If we didn't have that open sharing of intelligence and, you know, you'll find a lot of security folks go out of their way to tell people about other security problems or how they solve a certain problem because, you know, it bugs them and they like to get under the hood of the issue and figure out how to tune it up that it's no longer a problem or at least it minimizes the problem or puts a medic in in place.

Mark Megarry (24:35.598)
Yeah.

Francis Gorman (25:03.732)
I think that community aspect is really important. that's a great insight, you know, if you're interested in something, find other folk who are interested in it and they'll gravitate towards you and that'll open up opportunities then to talk about it in a wider spectrum of, you know, the public eye, is always daunting, but very much rewarding once it's done.

Mark Megarry (25:24.826)
And you'll learn more than just staying around university or work if you actually go out and talk to people, right? They will also share their knowledge back. It's a two-way exchange.

Francis Gorman (25:35.87)
Yeah. And you get you get something back and you get it. You get a nugget that you can, you know, wrap into your own spiel the next time you're talking to someone to say, I was talking to such and such in their perspective was and, know, it helps you. It helps you kind of build a more solid argument around different subject matters as you, you know, as you demonstrate what it is you're actually trying to achieve in a space. It gives a level of value to that sentiment rather than just you saying something out loud and, you know, hoping people roll in behind it.

Mark Megarry (25:42.402)
Mm.

Francis Gorman (26:04.63)
Mark, one last thing I mentioned, I see you're involved in Capture the Flag competition, a favorite of mine. you give me a little bit insight into that,

Mark Megarry (26:09.272)
Yes.

Mark Megarry (26:13.902)
Uh, yes. So, uh, near the start of my PhD, uh, the manager of my cohort said that we need to form a capture the flag team, uh, for various reasons. just, it it had to happen and she was looking for volunteers. So four of us put our hands up and it turned out only one of us had any real experience with, you know, hands on cybersecurity at the time. Uh, you know, it wasn't me, but.

We started off by realizing, okay, we need to get up to speed. So we looked at what can we do for free? What can we do in our own time? And we settled on doing the hack the box starting point exercises. That was good. That taught us some basic tools. But even during that, we realized that the most important thing we can do is practicing, right? We need to keep on practicing. So we allocated two hours a week with Meet.

in our department's cyber range. We'd just sit down, we'd pick a challenge on Hack the Box, we'd pick a machine or something, or we'd pick some topic we want to read up on. We'd just sit down and get hands-on. we don't get the flag, we don't end it, you at the start. It was very slow going, actually. A lot of persistence was needed. And I know I spent a lot of time outside of that, even when I was traveling, just working on

you know, trying to track these exercises. But once we started to improve a bit, you know, we started seeing the patterns, the common things between challenges. You know, nothing, I guess nothing is truly unique, you know. And we also worked out how to get into the mindset of someone who's written these. So we went from that.

And we ended up actually hosting our own competition, our own internal Queen's University, capital flag challenge. So we worked with our engineering team and put together four machines, four boxes. We invited a bunch of undergraduate and master's around to the cyber range and just had them crack at our network. And that was really satisfying to see. not only can we

Mark Megarry (28:37.486)
you know, do these challenges, we can actually make a room and make a room, reasonably challenging ones.

Francis Gorman (28:45.428)
Mark, Mark, that is brilliant and that shows that shows genuine interest and love for the craft. I suspect we'll be hearing a lot more about Mark McGarry in the coming years. But look, it was a pleasure having you on. I wish you all the best in your future endeavors. And maybe after the PhD, you might come back and let us know how that turned out in terms of the outcome.

Mark Megarry (29:06.926)
Okay, Francis, thank you very much. Love to be on any home you love me.

Francis Gorman (29:13.29)
Perfect Mark, we'll chat to soon in the future. Take care.

Mark Megarry (29:17.144)
Thank you, Francis.