Towards Quantum-Safe O-RAN: Experimental Evaluation of ML-KEM-Based IPsec on the E2 Interface

Perera, M; Mackay, M; Hashem Eiza, M; Raschella, A; Shone, N; Maheshwari, MK

Towards Quantum-Safe O-RAN: Experimental Evaluation of ML-KEM-Based IPsec on the E2 Interface

Export Citation

Perera, M, Mackay, M ORCID: 0000-0001-9013-7884, Hashem Eiza, M ORCID: 0000-0001-9114-8577, Raschella, A ORCID: 0000-0002-1626-8947, Shone, N ORCID: 0000-0002-7920-9434 and Maheshwari, MK Towards Quantum-Safe O-RAN: Experimental Evaluation of ML-KEM-Based IPsec on the E2 Interface. Future Internet. ISSN 1999-5903 (Accepted)

Preview

Text
Draft v1.0.pdf - Accepted Version
Available under License Creative Commons Attribution.
Download (904kB) | Preview

Abstract

As Open Radio Access Network (O-RAN) deployments expand and adversaries adopt “store-now, decrypt-later” strategies, operators need empirical data on the cost of mi-grating critical control interfaces to post-quantum cryptography (PQC). This paper ex-perimentally evaluates the impact of integrating a NIST-aligned Module-Lattice Key-Encapsulation Mechanism (ML-KEM) into IKEv2/IPsec, protecting the E2 interface between the 5G Node B (gNB) and the Near-Real-Time RAN Intelligent Controller (Near-RT RIC). Using an open-source testbed built from srsRAN, Open5GS, FlexRIC and strongSwan (with liboqs), we compare three configurations: no IPsec, classical Elliptic Curve Diffie–Hellman (ECDH)-based IPsec, and ML-KEM-based IPsec. The study fo-cuses on IPsec tunnel-setup latency and the runtime behaviour of Near-RT RIC xApps under realistic signalling workloads. Results from repeated, automated runs show that ML-KEM integration adds a small overhead to tunnel establishment, which is ap-proximately 2.7~4.7 ms in comparison to classical IPsec, while xApp operation and RIC control loops remain stable in our experiments. These findings, produced from an open, reproducible testbed, indicate that ML-KEM–based IPsec on the E2 interface is practi-cally feasible and inform quantum-safe migration strategies for O-RAN deployments.

Item Type:	Article
Uncontrolled Keywords:	46 Information and computing sciences
Subjects:	Q Science > QA Mathematics Q Science > QA Mathematics > QA76 Computer software
Divisions:	Computer Science and Mathematics
Publisher:	MDPI
Date of acceptance:	23 March 2026
Date of first compliant Open Access:	24 March 2026
Date Deposited:	24 Mar 2026 10:15
Last Modified:	24 Mar 2026 10:15
URI:	https://researchonline.ljmu.ac.uk/id/eprint/28284

View Item

CORE (COnnecting REpositories)