Stoke and Infonetics critical issues in optimizing and securing LTE traffic as LTE subscribers ramp up by the millions and operators ready their VoLTE services.
08448380779 Call Girls In Friends Colony Women Seeking Men
Security at the Speed of VoLTE: Protecting LTE Networks from Signaling Storms
1. Security at the Speed of VoLTE
An Infonetics Research Webinar
Co-produced with Stoke
#VoLTE The Webinar Will Begin Shortly
2. #VoLTE
Security at the Speed of VoLTE
An Infonetics Research Webinar
Co-produced with Stoke
3. Today’s Speakers
3
JoAnne Emery
Event Director
Infonetics Research
(Moderator)
Dilip Pillaipakam
VP Product Management
and Marketing
Stoke
Stéphane Téral
Principal Analyst,
Mobile Infrastructure and
Carrier Economics
Infonetics Research
#VoLTE
7. Flat IP Architecture Is Vulnerable
‣ The direct route from eNodeBs (eNBs) to the evolved packet core
(EPC) opens the door for denial of service (DoS) attacks and
interception of user communications
‣ Accidental or deliberate DoS attacks against customers remain the
most common security threat
7
Source: Arbor Networks, Inc.; Worldwide Infrastructure Security Report Volume IX (3Q2013)
8. The LTE Security Framework
8
S9
S1-C
Internet
S1-U
S5/S8
S6A
SGi
Gx
Gz/Gy
Other LTE
Network
S11
RAN-Core
Border
IMS Core
SEG
Webinar Focus: RAN-Core (S1) Protection
CSCF
Internet
Border
Policy/ Charging
Control
Device and
Application
MME
SGW
9. LTE Security at the S1 Link – Emerging Trends
9
Challenge Requirements
Stronger Security
• 2048 bit key length
• PKI
Signaling Protection
• Protect core from exponential
rise in transactions
VoLTE Rollout
• Low latency transport
• Sub-1 second recovery
New Threat Vectors
• S1 protocol/state validation
• SCTP filtering
11. How Secure Is Your Network?
1111
“They had reason to think, insiders said, that their
private, internal networks were safe from prying eyes.”
“Simply having a ‘private’ line doesn't mean that
you're not actually on a party line with the NSA.”
12. Caught in the Storm
121212
Common themes
“Unforeseen…”
“Widespread”…
“Costly to repair…”…
…
13. Unique RAN – Core Challenges
131313
‣ Unsecured backhaul
‣ Rapidly increasing throughput
‣ High tunnel density
‣ Ultra-low latency
‣ Directly impacts subscriber QoE
MME
SGW
Office
Home
Outdoor
Metrocell
Small
Cells
4G LTE
EPC
MME
SGW
EPC
E2E Latency Budget = 100 ms
VoLTE:
Low Latency
Small Packets
14. Impact of IPsec and Smaller Packets
141414
0%
20%
40%
60%
80%
100%
1518 1460 1280 1024 768 512 384 256 128 96
Throughput:%ofLineRate
Packet Size (Bytes)
512
Bytes
Loss of
Capacity
%ofTotalPackets
%EncryptedThroughput
IPsec
Small
Packets
Increased
Latency
Source: Stoke analysis of cumulative packet size distribution
16. The LTE Security Framework
16
S9
S1-C
Internet
S1-U S5/S8
S6A
Gx
Gz/Gy
Other LTE
Network
S11
RAN-Core
Border
SEG
The border between RAN and Core (S1) requires protection
against specific risks to critical infrastructure at that interface
New Protection Functions
- Control + user plane visibility
- RAN awareness
- Deeper EPC protection
DRA
SBC
IMS
Core
SGW
MME
CSCF
Internet Border
Policy / Charging
Control
SGi
18. Use Case: Security During Rapid Growth
and Unpredictability
181818
1.1
19.0
41.0
1Q11 2Q11 3Q11 4Q11 1Q12 3Q12 4Q12 2Q13 3Q13 4Q13 2014 2015
‣ Rapid 9-month
expansion
• 0–5k base stations
• 1 million subscribers
‣ Keep up with
demand
• 20x subscriber
increase
• Increased usage
‣ Maintain competitive
edge
• Add VoLTE
• Increase speed
New
Devices
New
Apps
Operator Objective:
Security + High Throughput + Low Latency
New
Services
Subscribers (M)
Source: Asian operator network fact book, press releases, and annual reports
19. Office
Home
Outdoor
Metrocell
Small
Cells
Use Case: Signaling Overload
‣ Signaling Overload Threats
• Application initiated
• Compromised eNodeBs
• Natural disasters
‣ Prioritized Traffic
• Already connected subscribers
• Specific eNodeBs
SGW
4G LTE
EPCMillions of
Service
Requests
MME
Application
Update
Server
QoE: Prioritize
19
20. Use Case: Small Cell Security
‣ Unsophisticated home owners
‣ Unsecured locations
‣ Much higher tunnel density
‣ Higher throughput per tunnel
MME
SGW
Office
Home
Small
Cells
4G LTE
EPC
100,000s Tunnels
Millions of
Tunnels
20
26. In Summary
‣ Network security is of increasing importance and even
so-called “private” networks are at risk
‣ VoLTE offers new, unique challenges to operators
‣ Signaling storms have already caused costly outages
‣ Carriers need a dedicated security element to secure the
RAN and protect the EPC
26
28. Audience Q&A
28
JoAnne Emery
Event Director
joanne@infonetics.com
Infonetics Research
(Moderator)
Dilip Pillaipakam
VP Product Management
and Marketing
dpillaipakam@stoke.com
Stoke
Stéphane Téral
Principal Analyst,
Mobile Infrastructure and
Carrier Economics
stephane@infonetics.com
Infonetics Research
#VoLTE
29. Thank You
This webcast will be available on-demand for 90 days
For additional Infonetics events, visit
https://www.infonetics.com/infonetics-events/
#VoLTE