LTE is designed with strong cryptographic techniques, mutual authentication between LTE network elements with security mechanisms built into its architecture.
With the emergence of the open, all IP based, distributed architecture of LTE, attackers can target mobile devices and networks with spam, eavesdropping, malware, IP-spoofing, data and service theft, DDoS attacks and numerous other variants of cyber-attacks and crimes.
The Long Term Evolution (LTE) is the latest step in an advancing series of mobile telecommunications systems. In this paper, authors show interest on the security features and the cryptographic algorithms used to ensure confidentiality and integrity of the transmitted data. A closer look is taken upon EPS confidentiality and integrity algorithms. The authors also defined AKA, AS and NAS security and key derivations during normal Attach process and Handover also.
Understanding Telecom SIM and USIM/ISIM for LTEntel
SIM cards have been witnessing increasing adoption with the growing use of smartphones and other devices requiring always-on connectivity. SIM cards represent a key platform for value added services and applications, and are a core element in providing interoperability among the telecom industry players while ensuring security and safe authentication.
Key Features:
Form factors: mini-SIM (2FF), micro-SIM (3FF) and nano-SIM (4FF)
Memory size: from 32k up to 256k
High security standards and strong authentication algorithms
Over-The-Air (OTA) content management
Wide range of Value Added Services applications
Circuit Switched Fallback (CSFB) is the most commonly used method to support voice services over Long Term Evolution (LTE) networks today, as the deployment of IP Multimedia Subsystem (IMS) is still in its infancy.
The Long Term Evolution (LTE) is the latest step in an advancing series of mobile telecommunications systems. In this paper, authors show interest on the security features and the cryptographic algorithms used to ensure confidentiality and integrity of the transmitted data. A closer look is taken upon EPS confidentiality and integrity algorithms. The authors also defined AKA, AS and NAS security and key derivations during normal Attach process and Handover also.
Understanding Telecom SIM and USIM/ISIM for LTEntel
SIM cards have been witnessing increasing adoption with the growing use of smartphones and other devices requiring always-on connectivity. SIM cards represent a key platform for value added services and applications, and are a core element in providing interoperability among the telecom industry players while ensuring security and safe authentication.
Key Features:
Form factors: mini-SIM (2FF), micro-SIM (3FF) and nano-SIM (4FF)
Memory size: from 32k up to 256k
High security standards and strong authentication algorithms
Over-The-Air (OTA) content management
Wide range of Value Added Services applications
Circuit Switched Fallback (CSFB) is the most commonly used method to support voice services over Long Term Evolution (LTE) networks today, as the deployment of IP Multimedia Subsystem (IMS) is still in its infancy.
This slide for your understanding on LTE !
LTE, the wireless access protocol for 4G mobile network service, has evolved from GSM and WCDMA based on 3GPP!
The contents of this slide is below;
I. LTE Introduction
II. LTE Protocol Layer
III. SAE Architecture
IV. NAS(Non Access Stratum) Protocols
V. EPC Protocol Stacks
With my regards,
Guisun Han
This basic presentation / video looks at SIM (Subscriber Identity Module) card, its evolution and what is the relation between SIM and UICC (Universal Integrated Circuit Card). It also explains different form factors like 2FF, 3FF, 4FF and MFF2 and UICC contents briefly.
Finally, we look at embedded SIM (eSIM), integrated SIM (iSIM), eUICC Profiles and profile switching via remote provisioning functions.
All our #3G4G5G slides and videos are available at:
Videos: https://www.youtube.com/3G4G5G
Slides: https://www.slideshare.net/3G4GLtd
5G Page: https://www.3g4g.co.uk/5G/
Free TrainingVideos: https://www.3g4g.co.uk/Training/
In the seven-layer OSI model of computer networking, media access control (MAC) data communication protocol is a sublayer of the data link layer (layer 2). The MAC sublayer provides addressing and channel access control mechanisms that make it possible for several terminals or network nodes to communicate within a multiple access network that incorporates a shared medium, e.g. an Ethernet network. The hardware that implements the MAC is referred to as a media access controller.
The MAC sublayer acts as an interface between the logical link control (LLC) sublayer and the network's physical layer. The MAC layer emulates a full-duplex logical communication channel in a multi-point network. This channel may provide unicast, multicast or broadcast communication service.
in these slides you will learn what is roaming and how it is work in simple way also with some signaling to show how the operators work together and how call & SMS routed , billing ,agreement ,
for any information plz contact me (rawand.ali@hotmail.com)
Tel: +9647701105935
Motivation for a specialized MAC (Hidden and exposed terminals, Near and far terminals), SDMA, FDMA, TDMA, CDMA, Wireless LAN/(IEEE 802.11)
Mobile Network Layer: IP and Mobile IP Network Layers, Packet Delivery and Handover Management, Location Management, Registration, Tunneling and Encapsulation, Route Optimization, DHCP
Other test equipment providers sell LTE capabilities separately, but following our all-inclusive model, we’ve included LTE testing for every BreakingPoint CTM, existing or new. (All it takes is a firmware update.) The combination of such large-scale testing and our all-in-one pricing model drops the cost per UE to under $0.25. That’s right — less than 25 cents.
Contrast that to the $1,000 price tag mentioned above, and it’s not hard to see the impact it makes. The fact that we can now offer our customers the most cost-effective option of simulating millions of concurrent users with real application traffic (plus security attacks and fuzzing, of course) means that they can now validate their LTE network configurations at scale before going live. This is something they simply could not have done before.
For more information, please visit www.breakingpoint.com/lte
Universal mobile telecommunication System (UMTS) is actually the third generation mobile, which uses WCDMA. The Dream was that 2G and 2.5G systems are incompatible around the world.
-Worldwide devices need to have multiple technologies inside of them, i.e. tri-band phones, dual-mode phones
To develop a single standard that would be accepted around the world.
-One device should be able to work anywhere.
Increased data rate.
- Maximum 2048Kbps
UMTS is developed by 3GPP (3 Generation Partnership Project) a joint venture of several organization
3G UMTS is a third-generation (3G): broadband, packet-based transmission of text, digitized voice, video, multimedia at data rates up to 2 Mbps
Also referred to as wideband code division multiple access(WCDMA)
Allows many more applications to be introduce to a worldwide
Also provide new services like alternative billing methods or calling plans.
The higher bandwidth also enables video conferencing or IPTV.
Once UMTS is fully available, computer and phone users can be constantly attached to the Internet wherever they travel and, as they roam, will have the same set of capabilities.
This slide for your understanding on LTE !
LTE, the wireless access protocol for 4G mobile network service, has evolved from GSM and WCDMA based on 3GPP!
The contents of this slide is below;
I. LTE Introduction
II. LTE Protocol Layer
III. SAE Architecture
IV. NAS(Non Access Stratum) Protocols
V. EPC Protocol Stacks
With my regards,
Guisun Han
This basic presentation / video looks at SIM (Subscriber Identity Module) card, its evolution and what is the relation between SIM and UICC (Universal Integrated Circuit Card). It also explains different form factors like 2FF, 3FF, 4FF and MFF2 and UICC contents briefly.
Finally, we look at embedded SIM (eSIM), integrated SIM (iSIM), eUICC Profiles and profile switching via remote provisioning functions.
All our #3G4G5G slides and videos are available at:
Videos: https://www.youtube.com/3G4G5G
Slides: https://www.slideshare.net/3G4GLtd
5G Page: https://www.3g4g.co.uk/5G/
Free TrainingVideos: https://www.3g4g.co.uk/Training/
In the seven-layer OSI model of computer networking, media access control (MAC) data communication protocol is a sublayer of the data link layer (layer 2). The MAC sublayer provides addressing and channel access control mechanisms that make it possible for several terminals or network nodes to communicate within a multiple access network that incorporates a shared medium, e.g. an Ethernet network. The hardware that implements the MAC is referred to as a media access controller.
The MAC sublayer acts as an interface between the logical link control (LLC) sublayer and the network's physical layer. The MAC layer emulates a full-duplex logical communication channel in a multi-point network. This channel may provide unicast, multicast or broadcast communication service.
in these slides you will learn what is roaming and how it is work in simple way also with some signaling to show how the operators work together and how call & SMS routed , billing ,agreement ,
for any information plz contact me (rawand.ali@hotmail.com)
Tel: +9647701105935
Motivation for a specialized MAC (Hidden and exposed terminals, Near and far terminals), SDMA, FDMA, TDMA, CDMA, Wireless LAN/(IEEE 802.11)
Mobile Network Layer: IP and Mobile IP Network Layers, Packet Delivery and Handover Management, Location Management, Registration, Tunneling and Encapsulation, Route Optimization, DHCP
Other test equipment providers sell LTE capabilities separately, but following our all-inclusive model, we’ve included LTE testing for every BreakingPoint CTM, existing or new. (All it takes is a firmware update.) The combination of such large-scale testing and our all-in-one pricing model drops the cost per UE to under $0.25. That’s right — less than 25 cents.
Contrast that to the $1,000 price tag mentioned above, and it’s not hard to see the impact it makes. The fact that we can now offer our customers the most cost-effective option of simulating millions of concurrent users with real application traffic (plus security attacks and fuzzing, of course) means that they can now validate their LTE network configurations at scale before going live. This is something they simply could not have done before.
For more information, please visit www.breakingpoint.com/lte
Universal mobile telecommunication System (UMTS) is actually the third generation mobile, which uses WCDMA. The Dream was that 2G and 2.5G systems are incompatible around the world.
-Worldwide devices need to have multiple technologies inside of them, i.e. tri-band phones, dual-mode phones
To develop a single standard that would be accepted around the world.
-One device should be able to work anywhere.
Increased data rate.
- Maximum 2048Kbps
UMTS is developed by 3GPP (3 Generation Partnership Project) a joint venture of several organization
3G UMTS is a third-generation (3G): broadband, packet-based transmission of text, digitized voice, video, multimedia at data rates up to 2 Mbps
Also referred to as wideband code division multiple access(WCDMA)
Allows many more applications to be introduce to a worldwide
Also provide new services like alternative billing methods or calling plans.
The higher bandwidth also enables video conferencing or IPTV.
Once UMTS is fully available, computer and phone users can be constantly attached to the Internet wherever they travel and, as they roam, will have the same set of capabilities.
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSIJNSA Journal
This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8-security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manages to ensure more secure packets transmission by taking all the necessary security measures.
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
Due to extensive growth of the Internet and increasing availability of tools and methods for intruding and attacking
networks, intrusion detection has become a critical component of network security parameters. TCP/IP protocol suite is the defacto
standard for communication on the Internet. The underlying vulnerabilities in the protocols is the root cause of intrusions. Therefor
Intrusion detection system becomes an important element in network security that controls real time data and leads to huge
dimensional problem. Processing large number of packets and data in real time is very difficult and costly. Therefor data preprocessing
is necessary to remove redundant and unwanted information from packets and clean network data. Here, we are focusing on
two important aspects of intrusion detection; one is accuracy and other is performance. The layered approach of TCP/IP model can be
applied to packet pre-processing to achieve early and faster intrusion detection. Motivation for the paper comes from the large impact
data preprocessing has on the accuracy and capability of anomaly-based NIPS. In this paper it is demonstrated that high attack
detection accuracy can be achieved by using layered approach for data preprocessing in Internet. To reduce false positive rate and to
increase efficiency of detection, the paper proposed framework for preprocessing in intrusion prevention system. We experimented
with real time network traffic as well as he KDDcup99 dataset for our research.
This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8-security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manages to ensure more secure packets transmission by taking all the necessary security measures.
Network security in the sense, they are the practices and technologies that a business putting place to protect its IT infrastructure. Infrastructure in the sense it is made up of all the programs, data, applications, networks, software and hardware that are managed by the business. Network security is more important simply because we are living in a Digital-First world. Digital-First world is composed with advanced as more and more people that who expects everyday transactions, services and information that must to be readily available at their fingertips on time and wherever they are being at any moment. If a business process couldn’t consider or provide with these expectations, consumers do find one that provides those expectations.
This paper clarifies the standards defined around LTE network security by standard development organizations including 3GPP, ITU, ETSI, and industry group NGMN. It also examines the different security borders of the mobile network, and delves deeper into the requirements of the Mobile Access Border - the border between the RAN and the core (S1).
Types of Networks Week7 Part4-IS RevisionSu2013 .docxwillcoxjanay
Types of Networks
Week7 Part4-IS
RevisionSu2013
Types of Networks
There are different types of networks. Each type has different characteristics and
therefore different security needs. Some of the fundamental differentiating attributes of
the various types of networks are:
the physical distance the network spans
the topology of the network nodes
the types of media used for communication between nodes in the network
the different devices supported on the network
the different applications supported on the network
the different groups of users permitted on the network
the different protocols supported on each network
Depending on the type of network there may be different information security
requirements requiring that various protocols, security services, security mechanisms are
used in a fashion to support that type of network.
While each network environment has some characteristics and security needs unique to
that environment, there are many security techniques that should be universally applied to
all environments. For example; sound policies and procedures, risk assessment of the
assets, user awareness training, encryption technology, authentication technology, sound
credential (password) selection and protection, malware protection, firewalls are a few
security techniques that need to be applied in all of the networks albeit in configurations
that best suits a particular environment.
Local Area Network (LAN)
A LAN network covers a small geographic area that takes advantage of high speed data
transfers usually implemented through Ethernet or fiber. A LAN could be a home, office,
group of building with local proximity (university, business). LANs typically share
resources such as file servers and printers.
Wide Area Network (WAN)
A WAN covers a large geographic area that may require connection through satellite,
high speed dedicated lines and other means. The internet is a WAN. WANs can connect
LANs together into a larger organizational structure that can be used to share resources
such as file, email, dns servers to name a few. Resources can be shared using slower
connections on geographically separated areas across the WAN.
Wireless Networks and Mobile Networks
The movement to laptop systems at home and workplaces accelerated the mobility of
computing.
As employees traveled between offices, client sites, home and various other remote
locations they could remain connected to company servers as long as the remote site had
connectivity to the companies’ intranet. Initially this connectivity was provided by
having Ethernet cabling available for remote users to physically plug their laptops into.
Eventually, companies started installing wireless hotspots that could be automatically
detected by systems that had wireless cards.
The proliferation of wireless connectivity and internet use spread from the workplace to
genera ...
The Internet of things (IoT) is the extension of Internet connectivity into physical devices and everyday objects.
Presentation cover below topics
How IoT works ? IoT Key Components. Enabling technologies for IoT, IoT Connectivity , Technology Road Map. Iot architecture, How to Choose the Right IoT Platform,Benefits of IoT, IoT adoption barriers, Challenges for IoT security:
Other Challenges
Network functions virtualization (NFV) is a network architecture concept that uses the technologies of IT virtualization to virtualized entire classes of network node functions into building blocks that may connect, or chain together, to create communication services.
Understanding the cloud computing stackSatish Chavan
Understanding the cloud computing stack
Introduction
Key characteristics
At Glance
Standardization, Migration &Adaptation
Service models
Deployment models
Network as a Service
Software as a Service (SaaS).
Platform as a Service (PaaS).
Infrastructure as a Service (IaaS).
Communications as a Service (CaaS)
Data as a Service - DaaS
Benefits & Challenges
Security Risks & Challenges
Cloud Vendors
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. Introduction
LTE is designed with strong cryptographic techniques, mutual authentication between
LTE network elements with security mechanisms built into its architecture.
With the emergence of the open, all IP based, distributed architecture of LTE, attackers
can target mobile devices and networks with spam, eavesdropping, malware, IP-
spoofing, data and service theft, DDoS attacks and numerous other variants of cyber-
attacks and crimes.
LTE architecture was developed by 3GPP taking into consideration security principles
right from its inception and design based on five security feature groups.
1. Network access security, to provide a secure access to the service by the user.
2. Network domain security, to protect the network elements and secure the signalling and user
data exchange.
3. User domain security, to control the secure access to mobile stations
4. Application domain security, to establish secure communications over the application layer
5. Visibility and configuration of security, bring the opportunity for the user to check if the
security features are in operation.
3. Introduction-2
I. Network Access Security These security features facilitates
the UEs for the secure access to EPC and protects possible
attacks on radio link through integrity protection and
ciphering between the USIM, ME, EUTRAN and entities of EPC
(both serving networks and home networks).
II. Network domain security The set of security features protects
possible attack on wire line networks and enables the data
exchange in secure manner.
III. User domain security The mutual authentication of USIM and
ME is supported using a secret PIN before they can access
each other.
IV. Application level security These are the set of security features that enables the application in UE and the service
provider domain for the secure exchange of messages.
V. Non 3GPP domain security These are the set of features enables the UEs to securely access to the EPC via non
3GPP access networks and provide security protection on the access link.
4. LTE architecture model has been divided into the following network segments:
LTELTE architecture model
1. User equipment (UE),
2. Access,
3. Evolved Packet Core Transport
4. Service network
LTE security architecture
5. Key security threats/risks
LTE security requirements are very different from UMTS. An LTE security gateway
solution needs to not only authenticate eNodeBs and encrypt traffic with IPsec, but also
provide SCTP firewall functions to protect the mobile packet core from signaling storms
and man in the middle attacks.
Key security threats/risks:
1. Distributed network and open architecture
2. Complex business models (IS/Service sharing)
3. Decentralized accountability for security
4. Minimizing security spend
Preventative measures:
1. Interoperability standards
2. Strong partner agreement
3. Security audits with remediation commitments
4. Security Budget
6. LTENetwork segments wise risk and measures-1
Network segments Key risks ,Security threats Preventative measures
User Equipment (UE)
subscriber entry
points into the LTE
network
1. Physical attacks
2. Risk of data loss, privacy
3. Lack of security standards &
controls on UEs
4. Application layer: virus, malware,
phishing
1. Subscriber education
2. Antivirus
3. Industry security standards &
controls on UE
4. Strong authentication,
authorization, encryption
Access
interconnection
between UE and
EUTRAN.
1. Physical attacks
2. Rogue eNodeBs
3. Eavesdropping, Redirection, MitM
attacks, DoS
4. Privacy
1. Physical security
2. Authentication, authorization,
encryption
3. Network monitoring, IPS
systems
4. Security Architecture
7. LTE
Network segments Key risks ,Security threats Preventative measures
Core (EPC)/Transport
manages user
authentication,
authorization and
accounting (AAA), IP
address allocation,
mobility , charging, QoS
and security
1. Unauthorized access
2. DoS and DDoS attacks
3. Overbilling attacks (IP address
hijacking, IP spoofing)
1. Security Architecture: VPNs,
VLANs
2. Encryption, IKE/ IPSec
3. Network monitoring,
management and load
balancing
Service Network
Security management in
IMS is particularly
important
1. Unauthorised access
2. Service abuse attacks, Theft of
service
3. Network snoop, session hijacking
1. Border Security
2. Strong authentication
3. Enable security protocols
4. Implement Security Gateways
Network segments wise risk and measures-2
8. Attack type Trigger and impact
DDoS The target network is flooded by traffic from multiple sources.
Ping flood
A large volume of ping packets causes a network
to crash. In a “ping of death,” malformed ping
requests are used.
SYN flood
The attacker sends a high number of TCP/SYN
packets, which the network accepts as
connection requests and which overwhelm the
network.
Replay attack
The attacker intercepts legitimate signaling
traffic and retransmits it until the network is
overwhelmed.
SQL injection
The attacker sends malicious commands in
statements to a SQL database to make
unauthorized changes to the database or to get
a copy of the data.
DNS hijacking
The attacker redirects DNS queries to a rogue
DNS server.
IP port scans
The attacker scans network elements for active
ports and exploits their vulnerabilities.
Attack type,Trigger and impact
9. Legacy Network IP Based network
Mobile Devices
Voice-based network,
Limited data capabilities:
easier for operators to
control.
Data-centric devices,
visible from the internet:
increased vulnerability, more
entry points, less control.
Equipment
Expensive RAN
equipment, large form
factor: difficult to buy or
operate a rogue base
station.
Femto cells, small cells and
Wi-Fi hotspots:
Easier and cheaper provide
an entry point to the mobile
network.
Network architecture
Proprietary,
Hierarchical/Close networks
Difficult to penetrate,
Easier to protect.
Flat networks,
More connections among elements
Porous easier to penetrate.
Signaling SS7: Closed signaling environment,
Difficult to penetrate.
Diameter: IP increases mobile networks vulnerability to
security threats.
Applications
Few applications available or used
limited
entry points to devices.
Applications in a fragmented
is difficult to control
Misc / Economic
/security targets.
Billing fraud
Limited use of cellular networks for M2M
applications.
Access to corporations and
government.
M2M unmonitored devices difficult to protect without
stricter security requirements.
Transition to IP-based mobile networks
10. Preventative measures - Security audits -1
Audit Main Point
GTP • Endpoint discovery
• Illegal connection/association establishment
– User identity impersonation
– Fuzzing
• Leak of user traffic
1. to Core Network (EPC)
2. to LTE RAN
X2AP Audit • Endpoint discovery
• Illegal connection/association establishment
– Fuzzing
• Reverse engineering of proprietary extensions
• MITM
11. LTEPreventative measures - Security audits -2
Audit Audit Point
S1AP Audit • Endpoint discovery
• Illegal connection/association establishment
– Fuzzing
• Reverse engineering of proprietary extensions
• MITM
– NAS injection
LTE EPC DNS Audit • EPC DNS is important
• EPC DNS scanner
• Close to GRX / IMS
12. security approach LTESecurity Approach
• First Level Router-based Security Protection for all attacks
• Packet filter policy based on a ‘deny-all’ approach. permits ingress of packets permissible user traffic of the
receiving network. The Router can provide DoS protection for the connected network using rate limiting to
prevent performance-impacting overload ofthe network and services.
1
• Second Level Firewall-based Security Inner Layer Protection
• Use of firewall filter policies, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
stateful inspection are used to lower the number of policies required. GPRS Tunneling Protocol (GTP)
inspection is used to inspect traffic destined for other peer networks via GRX. Firewalls provide DoS
attack protection, deep packet inspection, and intrusion detection and prevention options. Deep packet
inspection supports both stateful signatures and protocol anomalies.
2
• Third Level Host Security Protection for smartest attacks
• Network devices including packet gateways, application nodes provide further access control measures.
using identification, authentication and authorization mechanisms. Node hardening’. This includes
measures such as Interior Border Gateway Protocol (IGP) and Border Gateway Protocol
(BGP)authentication, applying access control lists , closing unwanted or unused ports in applications and
clients, and using a secure protocol like Secure Shell (SSH) instead of Telnet for configuration and
management.
3
13. LTENetwork Element & IP Network Security Measures
Network Security Measures
• Network elements designed and implemented with security and comply with the 3GPP
recommendations.
• Network element security architecture.
• Network element hardening and security testing.
• Threat and risk analysis per network element.
• Security audit, Timely patch and hardware upgradation.
• Security vulnerability and performance monitoring.
• Authorized site access.
IP Network Security Measures
• Secure operation and maintenance process.
• Perimeter security and Traffic separation
• IPsec used to be mandatory for core network.
14. LTEOM Security Measures
OM Security functions in the system Measures
1. The log and security alarm function monitors the security of the whole system and reports
the security information to the management system.
2. The user authentication and access control function controls the user access to avoid access
of invalid users.
3. The OM system security protects the software and configuration data running on the eNodeB
to prevent invalid control over the eNodeB.
– Digital Signature of Software is used to ensure software integrity and reliability
– An eNodeB can be deployed using a Secured USB storage device
– Data backup ensures data consistency and integrity. If eNodeB data is detected as damaged, like
operating systems are corrupted, backup data can be used to restore the system.
4. The OM channel security ensures security for the channel between EMS equipment and the
NEs.
– Security Socket Layer (SSL) is a protocol that provides end-to-end communication security between
TCP layer and the application layer
– NTP (Network Time Protocol) security authentication is used to encrypt and authenticate the NTP
packets so that the validity of the reference time
17. LTEeNodeB Security
•Performs the crypto specified for radio interface and backhaul link
•Access to the cleartext in the user plane
•Exposed to tampering that eavesdrop/modify user traffic, send maliciously crafted PDUs to the
core, detach mobiles, discard traffic
• 3GPP requires a secure environment inside the eNB
• Stores keys, executes crypto, helps to secure boot
• Preserves integrity and confidentiality of its content
• Authorized access
18. TENetwork Access Security 1
Network access security protects the mobile’s communications with the network across
the air interface, which is the most vulnerable part of the system.
Using four main techniques
1. Authentication
2. Confidentiality
3. Ciphering
4. Integrity protection
• Authentication - Evolved packet core (EPC) network and mobile confirm each other’s
identities the confirms that the user is authorized to use the network’s services and is
not using a cloned device.
Mobile confirms that the network is genuine and is not a spoof network set up to
steal the user’s personal data
19. LTENetwork Access Security-2
• Confidentiality- protects the user’s identity
International mobile subscriber identity (IMSI) is
one of the quantities that an intruder needs to
clone a mobile so LTE avoids broadcasting it across
the air interface wherever possible instead, the
network identifies the user by means of temporary
identities.
EPC knows the MME pool area that the mobile is in
during paging, then it uses the 40 bit STMSI
otherwise (during the attach procedure) it uses the
longer GUTI (Globally Unique Temporary ID)
similarly, the radio access network uses the radio
network temporary identifiers (RNTIs)
20. LTENetwork Access Security-3
•Ciphering also known as encryption, ensures that
intruders cannot read the data and signaling messages
that the mobile and network exchange.
The packet data convergence protocol (PDCP) ciphers
data and signaling messages in the air interface access
stratum, while the EMM protocol ciphers signaling
messages in the non access stratum
• Integrity protection detects any attempt by an
intruder to replay or modify signaling messages.
Protects the system against problems such as man-
in-the-middle attacks, in which an intruder
intercepts a sequence of signaling messages and
modifies and re-transmits them, in an attempt to
take control of the mobile.
23. LTEEPS Key Hierarchy and Radio Interface Security
Keys and Key Hierarchy
In the Evolved Packet Core Authentication and Key Agreement (EPS AKA) protocol, all the keys that are needed for
various security mechanisms are derived from intermediate key KASME which is viewed as local master key for the
subscriber in contrast to permanent master key K. In the network side, the local master key KASME is stored in the
MME and permanent master key is stored in the AuC. This approach provides the following advantages.
1. It enables cryptographic key separation, where the usage of each key in one specific context and knowing one
key does not deduce the second one.
2. The system is improved by providing key freshness and it is possible to renew the keys used in security
mechanism. The EPS AKA is need not be run every time when the key to be renewed for protecting the radio
interface and also the home network is not involved every time. This introduces a security versus complexity
trade-off situation. For EPS, the security benefits of using an intermediate key overweigh the added complexity
which was not true in 3G.
The base station eNB stores another key KeNB and the
addition of KeNB makes it possible to renew keys for
protection of radio access without involving MME.
24. LTEKey Derivations
The hierarchy contains one root key (K), several
intermediate keys such as CK, IK etc. and a set of leaf
keys [5]. The purpose of the different keys are explained
below.
1. K is a random bit string and it is a subscriber specific
master key stored in USIM and AuC.
2. CK and IK are 128 bit keys derived from K using
additional input parameters.
3. KASME is derived from CK and IK using two additional
parameters, the serving network id and bitwise sum of
two additional parameters (SQN and AK from the EPS
AKA procedure). The KASME serves as local master key.
4. KeNB is derived from KASME and the additional input a counter. This additional parameter is needed to ensure
that each new key KeNB derived differs from the earlier key.
5. NH is another intermediate key derived from KASME, and used in handover situations. It is derived from KeNB for
the initial NH derivation or previous NH as an additional input.
6. KRRCenc, KRRCint and KUPenc are used for the encryption and integrity of RRC and Users.The complex key
hierarchy achieves the key separation and prevents related key attack. The key hierarchy achieves key renewal very
easily without affecting the other keys. When one key is changed, only the keys dependent on it have to be changed
and others may remain same.
26. LTEConclusion
How to Secure an LTE-Network?
•Comply with the 3GPP recommendations .
•IP network security mechanisms and recommendations .
•Network elements designed and implemented with security .
•Fraud management and tools.
•Regular security Audit, Performance and Traffic trend report .
•Monitor network element keeping security points in mind.
Security is a ongoing and never ending process!
27. LTEAbbreviations
3GPP 3. Generation Partnership Project
ASME Access Security Management Entity
AuC Authentication Centre
CA Certificate Authority
CMP Certificate Management Protocol
CK Cipher Key
eNB Evolved Node B
enc Encryption
EPC Evolved Packet Core
ePDG Evolved Packet Data Gateway
EPS Evolved Packet System
ESP Encapsulating Security Payload
GRX GPRS Roaming eXchange Network
GTP-C GPRS Tunneling Protocol - Control
GW Gateway
HeNB Home eNB
HNB Home Node B
HSS Home Subscriber Server
IK Integrity Key
IMS IP Multimedia System
Int Integrity
K Key
LEA Law Enforcement Agency
LI Lawful Interception
LTE Long Term Evolution
MME Mobility Management Entity
NAS Non Access Stratum
PCRF Policy and Charging Rules Function
PDN Packet Data Network
PKI Public Key Infrastructure
PLMN Public Land Mobile Network
RA Registration Authority
RRC Radio Resource Control
SAE System Architecture Evolution
SEG Security Gateway
SeGW Security Gateway
Serv.GW Serving Gateway
UMTS Universal Mobile Telecomunication System
UP User Plane
USIM UMTS Subscriber Identity Module
28. LTEReferences
•3rd Generation Partnership Project, http://www.3gpp.org/
•Security aspects 3GPP specification 3G and beyond / GSM (R99 and later)series -33 series document
•ETSI Security White Paper Freely available at: www.etsi.org/securitywhitepaper
•Journal of Cyber Security and Information Systems – October 2013 4G LTE Security for Mobile Network Operators By Daksha
Bhasker
•White Paper The Security Vulnerabilities of LTE: Risks for Operators
•White paper Wireless security in LTE networks- Monica Paolini Senza Fili Consulting
•http://www.3glteinfo.com/lte-security-architecture/
•https://www.rsaconference.com/writable/presentations/file_upload/tech-r03_lte-security-how-good-is-it.pdf