PRIVATE.ME PLATFORM

xAntenna: Open RAN Security

XorIDA-based security for Open RAN O-DU and O-CU interfaces. Control plane data is split so no single vendor component sees complete signaling.

Infrastructure COMING SOON XorIDA Powered

Section 01

The Problem

Open RAN disaggregates the radio access network across multiple vendors, but this creates new attack surfaces at the interfaces between vendor components.

The O-DU/O-CU interface carries sensitive control plane signaling including subscriber identity, handover data, and resource allocation. Each vendor component has full visibility into the traffic it processes.

Nation-state actors target supply chain vulnerabilities in RAN equipment. With Open RAN, the attack surface expands from one vendor to many, each with potential backdoors.

The Old Way

Section 02

The PRIVATE.ME Solution

xAntenna splits control plane data via XorIDA at the O-DU/O-CU boundary. Each vendor component receives one share — enough to perform its function but not enough to reconstruct complete signaling.

Control plane messages are XorIDA-split before crossing vendor boundaries. xLink M2M provides DID-authenticated communication between components. xBoot ensures firmware integrity on each component.

Even if one vendor component is compromised, the attacker gets zero usable information. Reconstruction requires cooperation of multiple independent vendor components.

The New Way

Section 03

How It Works

xAntenna combines XorIDA split-plane with xLink M2M authentication, xBoot firmware integrity, and threshold reconstruction across vendor components.

Key Security Properties

Control plane data is XorIDA-split across vendor components. No single vendor sees complete signaling. xBoot ensures firmware integrity. DID authentication prevents component impersonation.

Section 04

Use Cases

📶

Telecom

O-RAN Security

Split control plane data across Open RAN vendor components.

O-RAN

🛡️

Defense

Supply Chain Security

Prevent supply chain attacks via vendor-component data isolation.

Supply Chain

🔒

Security

Signaling Protection

Protect subscriber identity and handover data at vendor interfaces.

Signaling

🏭

Infrastructure

Firmware Integrity

xBoot-verified firmware on every Open RAN component.

Firmware

Section 05

Integration

Quick Start

import { RANGuard } from '@private.me/xantenna';

const guard = await RANGuard.create({
  components: [odu_did, ocu_did, ric_did],
  threshold: { k: 2, n: 3 }
});

RANGuard.create(opts): Promise<Result<RANGuard, RANError>>

Creates XorIDA split-plane security for Open RAN components with DID authentication and xBoot firmware verification.

Section 06

Security Properties

Property	Mechanism	Guarantee
Control plane	XorIDA split	✓ Per-vendor isolation
Firmware	xBoot verification	✓ Triple integrity check
Identity	DID per-component	✓ Ed25519 mutual auth
Transport	xLink M2M	✓ Encrypted inter-component

$14.3B

Open RAN TAM

K-of-N

Split-plane

xBoot

Firmware

VERIFIED BY XPROVE

Verifiable Data Protection

Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.

XPROVE AUDIT TRAIL

Every XorIDA split generates HMAC-SHA256 integrity tags. xProve chains these into a tamper-evident audit trail that proves data was handled correctly at every step. Upgrade to zero-knowledge proofs when regulators or counterparties need public verification.

Read the xProve white paper →

GET STARTED

Ready to deploy xAntenna?

Talk to Ren, our AI sales engineer, or book a live demo with our team.

Book a Demo

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

xAntenna generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF

Download proofs:

Tier 1 HMAC (~0.7KB)
Tier 2 Commit-Reveal (~0.5KB)
Tier 3 IT-MAC (~0.3KB)
Tier 4 KKW ZK (~0.4KB)

Verify proofs online →

Use Cases

🏛️

REGULATORY

FDA / SEC Submissions

Prove algorithm correctness for distributed systems without exposing trade secrets or IP.

Zero IP Exposure

🏦

FINANCIAL

Audit Without Access

External auditors verify secure operations without accessing source code or production systems.

FINRA / SOX Compliant

🛡️

DEFENSE

Classified Verification

Security clearance holders verify distributed systems correctness without clearance for source code.

CMMC / NIST Ready

🏢

ENTERPRISE

Procurement Due Diligence

Prove security + correctness during RFP evaluation without NDA or code escrow.

No NDA Required

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

Zero infrastructure setup
Automatic updates
99.9% uptime SLA
Enterprise SLA available

View Pricing →

📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

npm install @private.me/xantenna
TypeScript/JavaScript SDK
Full source access
Enterprise support available

Get Started →

🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

Complete data sovereignty
Air-gap capable deployment
Custom SLA + dedicated support
Professional services included

Request Quote →

Enterprise On-Premise Deployment

While xAntenna is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
Air-gapped environments — SCIF, classified networks, offline operations
Data residency requirements — EU GDPR, China data laws, government mandates
Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →