Securing 4G and LTE systems with Deep Learning and Virtualization

1
VIRTUALIZATION SOLUTIONS &
DEEP LEARNING WHITEPAPER
SECURING 4G AND 5G
NETWORKS
Phone: 561-306-4996
Email: sales@eglacorp.com
751 Park of Commerce Dr. Suite 128
Boca Raton, FL, 33487
EGLA CORP – July 2020

© 2020 EGLA CORP, All rights reserved
www.eglacorp.com | www.eglacomm.net/ip
2
SECURING WIRELESS INFRASTRUTURE IN
4G and 5G SYSTEMS
By Dr Edwin A. Hernandez
PROBLEM STATEMENT
Modern wireless communications use a mixture of Radio Frequency (RF) and
Internet communications. These wireless networks employ modern modulation
techniques that are defined by the 3rd
Generation Partnership Program (3GPP).
In general, the standardization process is arrived by agreement among multiple
wireless vendors and technology experts. These agreements or standards have
developed a modern infrastructure leading 4G and 5G communication systems
where all communication is all IP-based or “Internet Protocol”-based.
Hence, securing these systems and mobile communications is crucial as the
same challenges being faced by internet applications are also observed by
voice calls, messages, video calls in 4G and 5G networks.
In essence, the great vulnerability in all 4G and 5G systems resides in “control”
of that IP infrastructure and relinquishing that control to a 3rd
party and not
managing your own mobile traffic creates a major threat.
ENCRYPTION, VPN, AND TUNNELING DO NOT SUFFICE WHEN THERE IS NO
CONTROL OF YOUR WIRELESS NETWORK TRAFFIC.
HOW 4G AND 5G INFRASTRUCTURE
WORKS?
4G infrastructures are substantially similar
to a 5G, as they both use IP. Although,
other component names and functionality
maybe used, both systems use “Internet
Protocols” as a foundation. The good thing
is that both technologies can then be virtualized and secured.

3
4G and 5G systems rely on two entities to interface all mobile users with an
infrastructure and are called eNodeB in 4G and gNB in 5G (a.k.a. Base
Stations). These base stations operate in a similar way as a standard home-
based WIFI system with your cable provider. In other words, by having an
internet link, a base station communicates with the infrastructure using internet
signals by delivering voice, web, and other traffic to the eNodeBs (or gNBs) that
is later sent directly from the mobile phone to the internet.
In other words, all mobile device
traffic including phone calls,
video calls, positioning, and all
web requests that are made
from all devices to the public
internet network is “seen” by the
“carrier.”
As a side effect, all mobile
network traffic provides carriers
and operators with additional financial value while raising privacy and security
issues. This is not new as most internet users are familiar with privacy and
security questions derived from using Facebook, Google, Youtube, and many
other applications. In fact, all traffic regardless of anonymity claims, can be
utilized to fingerprint users, detect movement patterns, and even intercept
communications if that control is lost.
THREAT
Foreign entities as HUAWEI are being questioned and banned from 4G and 5G
deployments in the US and Europe, as a threat of eavesdropping and traffic
management is possible. China has been notorious for controlling their own
infrastructure and censuring internet traffic.
There are several techniques that eavesdropping that can go basically
undetected, in fact HUAWEI and other Chinese vendors use machine learning
and artificial intelligence extensively to a) reconfigure the network, b) to

4
implement deep learning capabilities in the system for optimization, and c)
smarts use of network access.
Hence protecting, all mobile logs, IP Addresses, origination and termination of
calls, web requests, VPN, and others is very important, and that is the main
reason why Huawei is not allowed in some of these markets.
HOW 4G INFRASTRUCTURE CARRIES NETWORK TRAFFIC
First we will understand how infrastructure in 4G systems work and introduce
our solution.
Our solution relies on “Virtual Network Function” operatior which consists in
moving sensitive functionality in the network to a private cloud that is controlled
by a trusted party. Hence, securing eNodeB and gNB (Base Station) traffic from
all systems to a virtual network is key to improve security and enhance privacy.
As shown, the following diagram, a UE (mobile phone) communicates with the
PDN (public internet). All the blocks in between can be virtual and execute in at
private cloud at a trusted location..
Public
Internet

5
The chart above shows that in our solution all signaling required by a 4G
terminal or mobile phone can be directed to a virtual infrastructure. Each line of
communication between UE (User Equipment) and the PDN Packet Data
Network) and all components in between that include S-GW, P-GW, and the a
PDN(CN) are now under a trusted management and chances of eavesdropping
or tracking uses is substantially diminished. The path shown below is now
secured.
Even telecommunication carriers such as AT&T, Verizon, T-Mobile & Sprint, and
other operators are exposed to threats derived of injecting IP Tunnels, obtaining
log files with sensitive information from servers, and potential indirect
eavesdropping of all network traffic.
Clearly, the proposed infrastructure now carries all web requests from all
applications made by a mobile phone to internet-based applications such as a
web server, email, social medial, video conference, streaming, google searches,
and other sensitive network traffic.
This white paper will cover two available solutions that EGLA CORP can help
with.
UE WEB,
VIDEO,
MESSAGES

6
SOLUTION 1. INFRASTRUCTURE
VIRTUALIZATION
EGLA CORP has a virtualization
solution that consists in creating a
virtual carrier of your own, by
replicating S-GW, P-GW, MME, PDN
and other 4G components in the
network to work as a private carrier
win a controlled infrastructure
managed by a trusted party.
The solution uses cloud-based
instances that include all those
components in the cloud. The cloud
can be formed using docker, VmWare,
or XenServer instances that leverage modern techniques of management and
securing a “cloud.”
Our system then brings that required control over all mobile communications
transmissions that are made by a mobile terminal. The private system handles
all mobile traffic from all base stations at Verizon, AT&T, or T-Mobile to this
network infrastructure and each phone can be provisioned with its own number
and set pf IP addresses.
Also provisioning of that system is done by a SIM Card that is issued by the
trusted entity controlling this environment.
Operationally, a virtualized infrastructure functions in a similar way to a “virtual
network operator” that uses AT&T, Verizon, and T-Mobile licensed frequencies.
As shown, our system can be installed in a trusted on-premise location, at your
own facility, except an agreement to use the licensed spectrum by AT&T,
Verizon, or T-Mobile. Verizon and T-Mobile have over 30+ virtual network
operators.
However, since all mobile device encryption keys and all IP transmissions are
generated and orchestrated from the virtualized cloud, all communications
between all endpoints are only known by the private virtualized infrastructure.

7
“INTERFACING THE PRIVATE SYSTEM TO OTHER CARRIERS FOR CALLS,
MESSAGING ,EVEN LONG-DISTANCE CALLS IS FEASIBLE”
The solution will then look like this:
SOLUTION #2. VIRTUALIZATION WITH CBRS OR CITIZENS BROADBAND
RADIO SERVICE
In order to gain entire control to the communication’s path and for a complete
end-to-end solution, a CBRS eNodeB is required. The FCC has liberated the
CBRS band or Citizens Broadband Radio Service for LTE services and
eNodeB’s can be installed to create a private 4G LTE network.
Moreover, CBRS-band base stations do not require any regulatory approval by
the FCC as those bands can be employed and can carry 4G Traffic, just as you
can enjoy WIFI spectrum. Most mobile phones can connect to these bands
already and operation in those bands requires deployment of base stations in
areas where those communications need to be secured as shown:

8
Hence, Solution #1 and #2 are designed for the
future and suitable for reuse of many of its
components for future updates in 4G systems, as
well as, it is upgradable to 5G. As 5G frequencies
and devices become mainstream, deploying 5G is
easier than ever.
ADDITIONAL SECURITY WITH BLUEHEXAGON
Now that infrastructure is virtualized, cloud-based
protection of data and infrastructure is possible
including modern deep learning techniques. In
partnership with BLUEHEXAGON, we offer an
Artificial Intelligence system capable of securing a cloud-based platform and our
network function virtualization system.
BLUEHEXAGON is deployed as part of our cloud and uses deep learning to
protect all communications within the network infrastructure.
IN FACT, BY APPLYING DEEP LEARNING TO THE COMPLETE INSPECTION OF
HEADERS AND PAYLOADS, YOU CAN DETECT THREATS IN REAL-TIME, AND
STOP PATIENT-ZERO OR PREVENT FURTHER LATERAL MOVEMENT.
BLUE HEXAGON REAL-TIME DEEP LEARNING CAN ADDRESS.
Deep learning and artificial intelligence further secures our solution.

9
OUR EXPERTISE
Our CTO and owner, Dr. Edwin Hernandez is a world expert in wireless and has
been a judge for the Mobile World Congress 2019 and 2020. As a judge, Dr.
Hernandez evaluated cutting edge 4G, 5G systems and other advanced
infrastructure technologies made by global players.
Additionally, Dr. Hernandez
has assisted wireless
communications patent cases
in 4G and assisted with these
technologies including its own. Among the technologies that EGLA CORP has
a license to US Patents:
• 7,231,330, 7,697,508 and 8,213,417
• 9,071,957 and 9,338,629
• 10,123,074 and 10,524,002

Securing 4G and LTE systems with Deep Learning and Virtualization

More Related Content

What's hot

Similar to Securing 4G and LTE systems with Deep Learning and Virtualization

More from Dr. Edwin Hernandez

Recently uploaded

Securing 4G and LTE systems with Deep Learning and Virtualization