SlideShare a Scribd company logo

Securing the LTE Core the Road to NFV 2014.pdf

A
AliAlwesabi

Securing the LTE Core the Road to NFV 2014.pdf

Career
1 of 8
Download to read offline
© 2014 Stoke Securing the LTE Core – the Road to NFV | Proprietary and Confidential Dilip Pillaipakam Vice President, Product Management and Marketing
© 2014 Stoke The LTE Security Framework 2 S9 S1-C Internet S1-U S5/S8 S6A Gx Gz/Gy Other LTE Network S11 RAN-Core Border SEG The border between RAN and Core (S1) requires protection against specific risks to critical infrastructure at that interface Control Plane Functions - IKE - AAA - Routing DRA SBC IMS Core SGW MME CSCF Internet Border Policy / Charging Control SGi Data Plane Functions - Forwarding - QoS - ACL - Packet Inspection Device and Application
© 2014 Stoke LTE Security at the S1 Link – Emerging Trends 3 Challenge Requirements Stronger Security • 2048 bit key length • PKI Signaling Protection - New Threat Vectors • Protect core - exponential transaction increase • S1 protocol/state validation VoLTE Rollout • Low latency transport • Sub-1 second recovery Elastic Deployment • Virtualized security gateway on COTS • SDN integration Scalable Small Cell Deployments • Dense session aggregation • Intelligent load balancing
© 2014 Stoke Use Case: Macro and Small Cell Security 4 » Unsecured backhaul » Rapidly increasing throughput » High tunnel density » Ultra-low latency » Directly impacts subscriber QoE 4 4 MME SGW Office Home Outdoor Metrocell Small Cells 4G LTE EPC MME SGW EPC E2E Latency Budget = 100 ms VoLTE: Low Latency Small Packets
© 2014 Stoke Office Home Outdoor Metrocell Small Cells Use Case: Signaling Overload » Signaling Overload Threats » Application initiated » Compromised eNodeBs » Natural disasters » Prioritized Traffic » Already connected subscribers » Specific eNodeBs SGW 4G LTE EPC Millions of Service Requests MME Application Update Server QoE: Prioritize 5
© 2014 Stoke The LTE Security Framework vSEG Phase 1 6 S9 Internet S5/S8 S6A Gx Gz/Gy Other LTE Network S11 RAN-Core Border Control Plane Functions - IKE - AAA - Routing DRA SBC IMS Core SGW MME CSCF Internet Border Policy / Charging Control SGi Data Plane Functions - Forwarding - QoS - ACL - Inspections Device and Application » vSEG on COTS hardware on Linux » Similar deployment and operational model as today » Benefits: » Removes restriction of physical chassis » scale to very large number of line cards SEG v-SEG (DP) v-SEG (CP)
© 2014 Stoke The LTE Security Framework vSEG Phase 2 7 Other LTE Network SGW MME DRA SBC CSCF Internet Border Policy / Charging Control Internet S1-C S1-U Internet V-EPC RAN-Core Border v-SEG (DP) v-SEG (CP) Security Gateway Cloud QoS Inspection ACLs IKE AAA Routing SEG Controller SDN Controller » Disaggregate control plane and data plane functions to scale each function independently. » Can be integrated with Operator's SDN infrastructure » Benefits » Fully elastic on-demand deployment » Capacity can be added dynamically by adding more service nodes » Scale some functions disproportionately
© 2014 Stoke Conclusions 8 » Each domain of the LTE Security Framework provides protection against specific threats and therefore has unique functional and performance requirements » S1 Link has stringent performance and latency requirements » Purpose built platforms will remain the mainstay for next few years » Virtualization has benefits, but is not the answer for all use cases | Proprietary and Confidential

Recommended

Securing the shared network
Securing the shared networkSecuring the shared network
Securing the shared networkMary McEvoy Carroll
 
New world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter managementNew world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter managementInnovation Assured
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureMyNOG
 
New world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter managementNew world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter managementInnovation Assured
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
LTE: Building next-gen application services for mobile telecoms
LTE: Building next-gen application services for mobile telecomsLTE: Building next-gen application services for mobile telecoms
LTE: Building next-gen application services for mobile telecomsNuoDB
 
 Network Innovations Driving Business Transformation
 Network Innovations Driving Business Transformation Network Innovations Driving Business Transformation
 Network Innovations Driving Business TransformationCisco Service Provider
 
Colt SD-WAN experience learnings and future plans
Colt SD-WAN experience learnings and future plansColt SD-WAN experience learnings and future plans
Colt SD-WAN experience learnings and future plansColt Technology Services
 

Recommended

Securing the shared network
Securing the shared networkSecuring the shared network
Securing the shared networkMary McEvoy Carroll
 
New world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter managementNew world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter managementInnovation Assured
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureMyNOG
 
New world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter managementNew world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter managementInnovation Assured
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
LTE: Building next-gen application services for mobile telecoms
LTE: Building next-gen application services for mobile telecomsLTE: Building next-gen application services for mobile telecoms
LTE: Building next-gen application services for mobile telecomsNuoDB
 
 Network Innovations Driving Business Transformation
 Network Innovations Driving Business Transformation Network Innovations Driving Business Transformation
 Network Innovations Driving Business TransformationCisco Service Provider
 
Colt SD-WAN experience learnings and future plans
Colt SD-WAN experience learnings and future plansColt SD-WAN experience learnings and future plans
Colt SD-WAN experience learnings and future plansColt Technology Services
 
PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktycznie
PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktyczniePLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktycznie
PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktyczniePROIDEA
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco Canada
 
Module 2-lte architecture and protocol
Module 2-lte architecture and protocolModule 2-lte architecture and protocol
Module 2-lte architecture and protocolravikbdayal
 
Edge / Far Edge: Convergent Access & Transport Infrastructure
Edge / Far Edge: Convergent Access & Transport InfrastructureEdge / Far Edge: Convergent Access & Transport Infrastructure
Edge / Far Edge: Convergent Access & Transport InfrastructureDmitry Timerkhanov
 
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...Cisco Canada
 
BRKCRS-2110.pdf
BRKCRS-2110.pdfBRKCRS-2110.pdf
BRKCRS-2110.pdfAsif Qureshi
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_diveNur Shiqim Chok
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Canada
 
Skt.2013.innovation technology for future convergence network
Skt.2013.innovation technology for future convergence networkSkt.2013.innovation technology for future convergence network
Skt.2013.innovation technology for future convergence networkson6971
 
CTIA 2010 Corporate Overview
CTIA 2010 Corporate OverviewCTIA 2010 Corporate Overview
CTIA 2010 Corporate OverviewContinuous Computing
 
Introduction to Segment Routing
Introduction to Segment RoutingIntroduction to Segment Routing
Introduction to Segment RoutingMyNOG
 
LTE Workshop
LTE WorkshopLTE Workshop
LTE WorkshopMohammadreza Hajizadeh
 
Cisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnhaCisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnhaldangelo0772
 
Introducing Application Engineered Routing Powered by Segment Routing
Introducing Application Engineered Routing Powered by Segment RoutingIntroducing Application Engineered Routing Powered by Segment Routing
Introducing Application Engineered Routing Powered by Segment RoutingCisco Service Provider
 
Cisco Prime for IP NGN
Cisco Prime for IP NGNCisco Prime for IP NGN
Cisco Prime for IP NGNCisco Canada
 
BRKIOT-2108.pdf
BRKIOT-2108.pdfBRKIOT-2108.pdf
BRKIOT-2108.pdfJokaTek
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaCisco Canada
 
MWC 2010 LTE
MWC 2010 LTEMWC 2010 LTE
MWC 2010 LTEContinuous Computing
 
M2M関連状況 roll&core WG meeting in IETF86
M2M関連状況 roll&core WG meeting in IETF86M2M関連状況 roll&core WG meeting in IETF86
M2M関連状況 roll&core WG meeting in IETF86Shoichi Sakane
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network ControllerMyNOG
 
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...AliAlwesabi
 
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...AliAlwesabi
 

More Related Content

Similar to Securing the LTE Core the Road to NFV 2014.pdf

PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktycznie
PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktyczniePLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktycznie
PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktyczniePROIDEA
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco Canada
 
Module 2-lte architecture and protocol
Module 2-lte architecture and protocolModule 2-lte architecture and protocol
Module 2-lte architecture and protocolravikbdayal
 
Edge / Far Edge: Convergent Access & Transport Infrastructure
Edge / Far Edge: Convergent Access & Transport InfrastructureEdge / Far Edge: Convergent Access & Transport Infrastructure
Edge / Far Edge: Convergent Access & Transport InfrastructureDmitry Timerkhanov
 
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...Cisco Canada
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_diveNur Shiqim Chok
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Canada
 
Skt.2013.innovation technology for future convergence network
Skt.2013.innovation technology for future convergence networkSkt.2013.innovation technology for future convergence network
Skt.2013.innovation technology for future convergence networkson6971
 
Introduction to Segment Routing
Introduction to Segment RoutingIntroduction to Segment Routing
Introduction to Segment RoutingMyNOG
 
Cisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnhaCisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnhaldangelo0772
 
Introducing Application Engineered Routing Powered by Segment Routing
Introducing Application Engineered Routing Powered by Segment RoutingIntroducing Application Engineered Routing Powered by Segment Routing
Introducing Application Engineered Routing Powered by Segment RoutingCisco Service Provider
 
Cisco Prime for IP NGN
Cisco Prime for IP NGNCisco Prime for IP NGN
Cisco Prime for IP NGNCisco Canada
 
BRKIOT-2108.pdf
BRKIOT-2108.pdfBRKIOT-2108.pdf
BRKIOT-2108.pdfJokaTek
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaCisco Canada
 
M2M関連状況 roll&core WG meeting in IETF86
M2M関連状況 roll&core WG meeting in IETF86M2M関連状況 roll&core WG meeting in IETF86
M2M関連状況 roll&core WG meeting in IETF86Shoichi Sakane
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network ControllerMyNOG
 

Similar to Securing the LTE Core the Road to NFV 2014.pdf (20)

PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktycznie
PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktyczniePLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktycznie
PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktycznie
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
Module 2-lte architecture and protocol
Module 2-lte architecture and protocolModule 2-lte architecture and protocol
Module 2-lte architecture and protocol
 
Edge / Far Edge: Convergent Access & Transport Infrastructure
Edge / Far Edge: Convergent Access & Transport InfrastructureEdge / Far Edge: Convergent Access & Transport Infrastructure
Edge / Far Edge: Convergent Access & Transport Infrastructure
 
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...
 
BRKCRS-2110.pdf
BRKCRS-2110.pdfBRKCRS-2110.pdf
BRKCRS-2110.pdf
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
 
Skt.2013.innovation technology for future convergence network
Skt.2013.innovation technology for future convergence networkSkt.2013.innovation technology for future convergence network
Skt.2013.innovation technology for future convergence network
 
CTIA 2010 Corporate Overview
CTIA 2010 Corporate OverviewCTIA 2010 Corporate Overview
CTIA 2010 Corporate Overview
 
Introduction to Segment Routing
Introduction to Segment RoutingIntroduction to Segment Routing
Introduction to Segment Routing
 
LTE Workshop
LTE WorkshopLTE Workshop
LTE Workshop
 
Cisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnhaCisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnha
 
Introducing Application Engineered Routing Powered by Segment Routing
Introducing Application Engineered Routing Powered by Segment RoutingIntroducing Application Engineered Routing Powered by Segment Routing
Introducing Application Engineered Routing Powered by Segment Routing
 
Cisco Prime for IP NGN
Cisco Prime for IP NGNCisco Prime for IP NGN
Cisco Prime for IP NGN
 
BRKIOT-2108.pdf
BRKIOT-2108.pdfBRKIOT-2108.pdf
BRKIOT-2108.pdf
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
 
MWC 2010 LTE
MWC 2010 LTEMWC 2010 LTE
MWC 2010 LTE
 
M2M関連状況 roll&core WG meeting in IETF86
M2M関連状況 roll&core WG meeting in IETF86M2M関連状況 roll&core WG meeting in IETF86
M2M関連状況 roll&core WG meeting in IETF86
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network Controller
 

More from AliAlwesabi

pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...AliAlwesabi
 
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...AliAlwesabi
 
pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...
pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...
pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...AliAlwesabi
 
pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...
pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...
pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...AliAlwesabi
 
lte-design-and-deployment-strategies-zeljko-savic.pdf
lte-design-and-deployment-strategies-zeljko-savic.pdflte-design-and-deployment-strategies-zeljko-savic.pdf
lte-design-and-deployment-strategies-zeljko-savic.pdfAliAlwesabi
 
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...AliAlwesabi
 
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdf
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdfeu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdf
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdfAliAlwesabi
 
CCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdf
CCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdfCCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdf
CCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdfAliAlwesabi
 
D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdf
D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdfD1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdf
D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdfAliAlwesabi
 
D2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdf
D2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdfD2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdf
D2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdfAliAlwesabi
 
CISSP -Access Control Domain knowlege.pdf
CISSP -Access Control Domain knowlege.pdfCISSP -Access Control Domain knowlege.pdf
CISSP -Access Control Domain knowlege.pdfAliAlwesabi
 
VPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasuresVPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasuresAliAlwesabi
 
zero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdfzero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdfAliAlwesabi
 
Foot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurityFoot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurityAliAlwesabi
 
Guide to Network Defense Router Security
Guide to Network Defense Router SecurityGuide to Network Defense Router Security
Guide to Network Defense Router SecurityAliAlwesabi
 
DNS Security Issues NES 554 for DNS Security
DNS Security Issues NES 554 for DNS SecurityDNS Security Issues NES 554 for DNS Security
DNS Security Issues NES 554 for DNS SecurityAliAlwesabi
 
Intrusion detection and prevention systems.pdf
Intrusion detection and prevention systems.pdfIntrusion detection and prevention systems.pdf
Intrusion detection and prevention systems.pdfAliAlwesabi
 
ISP Network Design workshops how to design networks
ISP Network Design workshops how to design networksISP Network Design workshops how to design networks
ISP Network Design workshops how to design networksAliAlwesabi
 

More from AliAlwesabi (18)

pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
 
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
 
pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...
pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...
pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...
 
pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...
pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...
pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...
 
lte-design-and-deployment-strategies-zeljko-savic.pdf
lte-design-and-deployment-strategies-zeljko-savic.pdflte-design-and-deployment-strategies-zeljko-savic.pdf
lte-design-and-deployment-strategies-zeljko-savic.pdf
 
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
 
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdf
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdfeu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdf
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdf
 
CCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdf
CCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdfCCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdf
CCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdf
 
D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdf
D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdfD1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdf
D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdf
 
D2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdf
D2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdfD2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdf
D2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdf
 
CISSP -Access Control Domain knowlege.pdf
CISSP -Access Control Domain knowlege.pdfCISSP -Access Control Domain knowlege.pdf
CISSP -Access Control Domain knowlege.pdf
 
VPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasuresVPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasures
 
zero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdfzero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdf
 
Foot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurityFoot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurity
 
Guide to Network Defense Router Security
Guide to Network Defense Router SecurityGuide to Network Defense Router Security
Guide to Network Defense Router Security
 
DNS Security Issues NES 554 for DNS Security
DNS Security Issues NES 554 for DNS SecurityDNS Security Issues NES 554 for DNS Security
DNS Security Issues NES 554 for DNS Security
 
Intrusion detection and prevention systems.pdf
Intrusion detection and prevention systems.pdfIntrusion detection and prevention systems.pdf
Intrusion detection and prevention systems.pdf
 
ISP Network Design workshops how to design networks
ISP Network Design workshops how to design networksISP Network Design workshops how to design networks
ISP Network Design workshops how to design networks
 

Recently uploaded

toefl ibt practice test module download_1
toefl ibt practice test module download_1toefl ibt practice test module download_1
toefl ibt practice test module download_1Aswar Amiruddin
 
Master SEO in 2024 The Complete Beginner's Guide
Master SEO in 2024 The Complete Beginner's GuideMaster SEO in 2024 The Complete Beginner's Guide
Master SEO in 2024 The Complete Beginner's GuideTechEasifyInfotech
 
Navigating the Tech Industry Journey GDSC UNIDEB
Navigating the Tech Industry Journey GDSC UNIDEBNavigating the Tech Industry Journey GDSC UNIDEB
Navigating the Tech Industry Journey GDSC UNIDEBvaideheekore1
 
B. A. (Prog.) Political Science 6th Semester 2019.pdf
B. A. (Prog.) Political Science 6th Semester 2019.pdfB. A. (Prog.) Political Science 6th Semester 2019.pdf
B. A. (Prog.) Political Science 6th Semester 2019.pdfparaspiyush3
 
如何办理(Galway毕业证书)爱尔兰高威大学毕业证成绩单原件一模一样
如何办理(Galway毕业证书)爱尔兰高威大学毕业证成绩单原件一模一样如何办理(Galway毕业证书)爱尔兰高威大学毕业证成绩单原件一模一样
如何办理(Galway毕业证书)爱尔兰高威大学毕业证成绩单原件一模一样qyguxu
 
如何办理(CSU毕业证书)圣马科斯分校毕业证成绩单原件一模一样
如何办理(CSU毕业证书)圣马科斯分校毕业证成绩单原件一模一样如何办理(CSU毕业证书)圣马科斯分校毕业证成绩单原件一模一样
如何办理(CSU毕业证书)圣马科斯分校毕业证成绩单原件一模一样qyguxu
 
如何办理(UW毕业证书)滑铁卢大学毕业证成绩单原件一模一样
如何办理(UW毕业证书)滑铁卢大学毕业证成绩单原件一模一样如何办理(UW毕业证书)滑铁卢大学毕业证成绩单原件一模一样
如何办理(UW毕业证书)滑铁卢大学毕业证成绩单原件一模一样qyguxu
 
如何办理(Wintec毕业证书)怀卡托理工学院毕业证成绩单原件一模一样
如何办理(Wintec毕业证书)怀卡托理工学院毕业证成绩单原件一模一样如何办理(Wintec毕业证书)怀卡托理工学院毕业证成绩单原件一模一样
如何办理(Wintec毕业证书)怀卡托理工学院毕业证成绩单原件一模一样qyguxu
 
Job Hunting - pick over this fishbone for telephone interviews!.pptx
Job Hunting - pick over this fishbone for telephone interviews!.pptxJob Hunting - pick over this fishbone for telephone interviews!.pptx
Job Hunting - pick over this fishbone for telephone interviews!.pptxJon Stephenson
 
Ralph - Project Presentation Enhancing System Security at Acme Flight Solutio...
Ralph - Project Presentation Enhancing System Security at Acme Flight Solutio...Ralph - Project Presentation Enhancing System Security at Acme Flight Solutio...
Ralph - Project Presentation Enhancing System Security at Acme Flight Solutio...MasterG
 
Genaihelloallstudyjamheregetstartedwithai
GenaihelloallstudyjamheregetstartedwithaiGenaihelloallstudyjamheregetstartedwithai
Genaihelloallstudyjamheregetstartedwithaijoceko6768
 
BLAHALIFHKSDFOILEWKHJSFDNLDSKFN,DLFKNFMELKFJAERPIOAL
BLAHALIFHKSDFOILEWKHJSFDNLDSKFN,DLFKNFMELKFJAERPIOALBLAHALIFHKSDFOILEWKHJSFDNLDSKFN,DLFKNFMELKFJAERPIOAL
BLAHALIFHKSDFOILEWKHJSFDNLDSKFN,DLFKNFMELKFJAERPIOALCaitlinCummins3
 
WIOA Program Info Session | PMI Silver Spring Chapter | May 17, 2024
WIOA Program Info Session | PMI Silver Spring Chapter | May 17, 2024WIOA Program Info Session | PMI Silver Spring Chapter | May 17, 2024
WIOA Program Info Session | PMI Silver Spring Chapter | May 17, 2024Hector Del Castillo, CPM, CPMM
 
5CL-ADBA,5cladba, the best supplier in China
5CL-ADBA,5cladba, the best supplier in China5CL-ADBA,5cladba, the best supplier in China
5CL-ADBA,5cladba, the best supplier in Chinaamy56318795
 
unit-5-final-cn-unit-5-notes-important-questions.pdf
unit-5-final-cn-unit-5-notes-important-questions.pdfunit-5-final-cn-unit-5-notes-important-questions.pdf
unit-5-final-cn-unit-5-notes-important-questions.pdfradheeshyam1176
 
如何办理(UoA毕业证书)奥克兰大学毕业证成绩单原件一模一样
如何办理(UoA毕业证书)奥克兰大学毕业证成绩单原件一模一样如何办理(UoA毕业证书)奥克兰大学毕业证成绩单原件一模一样
如何办理(UoA毕业证书)奥克兰大学毕业证成绩单原件一模一样qyguxu
 
如何办理(UNTEC毕业证书)新西兰联合理工学院毕业证成绩单原件一模一样
如何办理(UNTEC毕业证书)新西兰联合理工学院毕业证成绩单原件一模一样如何办理(UNTEC毕业证书)新西兰联合理工学院毕业证成绩单原件一模一样
如何办理(UNTEC毕业证书)新西兰联合理工学院毕业证成绩单原件一模一样qyguxu
 
Kathleen McBride ONLINE General Resume 2024.pdf
Kathleen McBride ONLINE General Resume 2024.pdfKathleen McBride ONLINE General Resume 2024.pdf
Kathleen McBride ONLINE General Resume 2024.pdfKathleenMcBride8
 
如何办理(EUR毕业证书)鹿特丹伊拉斯姆斯大学毕业证成绩单原件一模一样
如何办理(EUR毕业证书)鹿特丹伊拉斯姆斯大学毕业证成绩单原件一模一样如何办理(EUR毕业证书)鹿特丹伊拉斯姆斯大学毕业证成绩单原件一模一样
如何办理(EUR毕业证书)鹿特丹伊拉斯姆斯大学毕业证成绩单原件一模一样qyguxu
 
如何办理(PITT毕业证书)匹兹堡大学毕业证成绩单原件一模一样
如何办理(PITT毕业证书)匹兹堡大学毕业证成绩单原件一模一样如何办理(PITT毕业证书)匹兹堡大学毕业证成绩单原件一模一样
如何办理(PITT毕业证书)匹兹堡大学毕业证成绩单原件一模一样qyguxu
 

Recently uploaded (20)

toefl ibt practice test module download_1
toefl ibt practice test module download_1toefl ibt practice test module download_1
toefl ibt practice test module download_1
 
Master SEO in 2024 The Complete Beginner's Guide
Master SEO in 2024 The Complete Beginner's GuideMaster SEO in 2024 The Complete Beginner's Guide
Master SEO in 2024 The Complete Beginner's Guide
 
Navigating the Tech Industry Journey GDSC UNIDEB
Navigating the Tech Industry Journey GDSC UNIDEBNavigating the Tech Industry Journey GDSC UNIDEB
Navigating the Tech Industry Journey GDSC UNIDEB
 
B. A. (Prog.) Political Science 6th Semester 2019.pdf
B. A. (Prog.) Political Science 6th Semester 2019.pdfB. A. (Prog.) Political Science 6th Semester 2019.pdf
B. A. (Prog.) Political Science 6th Semester 2019.pdf
 
如何办理(Galway毕业证书)爱尔兰高威大学毕业证成绩单原件一模一样
如何办理(Galway毕业证书)爱尔兰高威大学毕业证成绩单原件一模一样如何办理(Galway毕业证书)爱尔兰高威大学毕业证成绩单原件一模一样
如何办理(Galway毕业证书)爱尔兰高威大学毕业证成绩单原件一模一样
 
如何办理(CSU毕业证书)圣马科斯分校毕业证成绩单原件一模一样
如何办理(CSU毕业证书)圣马科斯分校毕业证成绩单原件一模一样如何办理(CSU毕业证书)圣马科斯分校毕业证成绩单原件一模一样
如何办理(CSU毕业证书)圣马科斯分校毕业证成绩单原件一模一样
 
如何办理(UW毕业证书)滑铁卢大学毕业证成绩单原件一模一样
如何办理(UW毕业证书)滑铁卢大学毕业证成绩单原件一模一样如何办理(UW毕业证书)滑铁卢大学毕业证成绩单原件一模一样
如何办理(UW毕业证书)滑铁卢大学毕业证成绩单原件一模一样
 
如何办理(Wintec毕业证书)怀卡托理工学院毕业证成绩单原件一模一样
如何办理(Wintec毕业证书)怀卡托理工学院毕业证成绩单原件一模一样如何办理(Wintec毕业证书)怀卡托理工学院毕业证成绩单原件一模一样
如何办理(Wintec毕业证书)怀卡托理工学院毕业证成绩单原件一模一样
 
Job Hunting - pick over this fishbone for telephone interviews!.pptx
Job Hunting - pick over this fishbone for telephone interviews!.pptxJob Hunting - pick over this fishbone for telephone interviews!.pptx
Job Hunting - pick over this fishbone for telephone interviews!.pptx
 
Ralph - Project Presentation Enhancing System Security at Acme Flight Solutio...
Ralph - Project Presentation Enhancing System Security at Acme Flight Solutio...Ralph - Project Presentation Enhancing System Security at Acme Flight Solutio...
Ralph - Project Presentation Enhancing System Security at Acme Flight Solutio...
 
Genaihelloallstudyjamheregetstartedwithai
GenaihelloallstudyjamheregetstartedwithaiGenaihelloallstudyjamheregetstartedwithai
Genaihelloallstudyjamheregetstartedwithai
 
BLAHALIFHKSDFOILEWKHJSFDNLDSKFN,DLFKNFMELKFJAERPIOAL
BLAHALIFHKSDFOILEWKHJSFDNLDSKFN,DLFKNFMELKFJAERPIOALBLAHALIFHKSDFOILEWKHJSFDNLDSKFN,DLFKNFMELKFJAERPIOAL
BLAHALIFHKSDFOILEWKHJSFDNLDSKFN,DLFKNFMELKFJAERPIOAL
 
WIOA Program Info Session | PMI Silver Spring Chapter | May 17, 2024
WIOA Program Info Session | PMI Silver Spring Chapter | May 17, 2024WIOA Program Info Session | PMI Silver Spring Chapter | May 17, 2024
WIOA Program Info Session | PMI Silver Spring Chapter | May 17, 2024
 
5CL-ADBA,5cladba, the best supplier in China
5CL-ADBA,5cladba, the best supplier in China5CL-ADBA,5cladba, the best supplier in China
5CL-ADBA,5cladba, the best supplier in China
 
unit-5-final-cn-unit-5-notes-important-questions.pdf
unit-5-final-cn-unit-5-notes-important-questions.pdfunit-5-final-cn-unit-5-notes-important-questions.pdf
unit-5-final-cn-unit-5-notes-important-questions.pdf
 
如何办理(UoA毕业证书)奥克兰大学毕业证成绩单原件一模一样
如何办理(UoA毕业证书)奥克兰大学毕业证成绩单原件一模一样如何办理(UoA毕业证书)奥克兰大学毕业证成绩单原件一模一样
如何办理(UoA毕业证书)奥克兰大学毕业证成绩单原件一模一样
 
如何办理(UNTEC毕业证书)新西兰联合理工学院毕业证成绩单原件一模一样
如何办理(UNTEC毕业证书)新西兰联合理工学院毕业证成绩单原件一模一样如何办理(UNTEC毕业证书)新西兰联合理工学院毕业证成绩单原件一模一样
如何办理(UNTEC毕业证书)新西兰联合理工学院毕业证成绩单原件一模一样
 
Kathleen McBride ONLINE General Resume 2024.pdf
Kathleen McBride ONLINE General Resume 2024.pdfKathleen McBride ONLINE General Resume 2024.pdf
Kathleen McBride ONLINE General Resume 2024.pdf
 
如何办理(EUR毕业证书)鹿特丹伊拉斯姆斯大学毕业证成绩单原件一模一样
如何办理(EUR毕业证书)鹿特丹伊拉斯姆斯大学毕业证成绩单原件一模一样如何办理(EUR毕业证书)鹿特丹伊拉斯姆斯大学毕业证成绩单原件一模一样
如何办理(EUR毕业证书)鹿特丹伊拉斯姆斯大学毕业证成绩单原件一模一样
 
如何办理(PITT毕业证书)匹兹堡大学毕业证成绩单原件一模一样
如何办理(PITT毕业证书)匹兹堡大学毕业证成绩单原件一模一样如何办理(PITT毕业证书)匹兹堡大学毕业证成绩单原件一模一样
如何办理(PITT毕业证书)匹兹堡大学毕业证成绩单原件一模一样
 

Securing the LTE Core the Road to NFV 2014.pdf

  • 1. © 2014 Stoke Securing the LTE Core – the Road to NFV | Proprietary and Confidential Dilip Pillaipakam Vice President, Product Management and Marketing
  • 2. © 2014 Stoke The LTE Security Framework 2 S9 S1-C Internet S1-U S5/S8 S6A Gx Gz/Gy Other LTE Network S11 RAN-Core Border SEG The border between RAN and Core (S1) requires protection against specific risks to critical infrastructure at that interface Control Plane Functions - IKE - AAA - Routing DRA SBC IMS Core SGW MME CSCF Internet Border Policy / Charging Control SGi Data Plane Functions - Forwarding - QoS - ACL - Packet Inspection Device and Application
  • 3. © 2014 Stoke LTE Security at the S1 Link – Emerging Trends 3 Challenge Requirements Stronger Security • 2048 bit key length • PKI Signaling Protection - New Threat Vectors • Protect core - exponential transaction increase • S1 protocol/state validation VoLTE Rollout • Low latency transport • Sub-1 second recovery Elastic Deployment • Virtualized security gateway on COTS • SDN integration Scalable Small Cell Deployments • Dense session aggregation • Intelligent load balancing
  • 4. © 2014 Stoke Use Case: Macro and Small Cell Security 4 » Unsecured backhaul » Rapidly increasing throughput » High tunnel density » Ultra-low latency » Directly impacts subscriber QoE 4 4 MME SGW Office Home Outdoor Metrocell Small Cells 4G LTE EPC MME SGW EPC E2E Latency Budget = 100 ms VoLTE: Low Latency Small Packets
  • 5. © 2014 Stoke Office Home Outdoor Metrocell Small Cells Use Case: Signaling Overload » Signaling Overload Threats » Application initiated » Compromised eNodeBs » Natural disasters » Prioritized Traffic » Already connected subscribers » Specific eNodeBs SGW 4G LTE EPC Millions of Service Requests MME Application Update Server QoE: Prioritize 5
  • 6. © 2014 Stoke The LTE Security Framework vSEG Phase 1 6 S9 Internet S5/S8 S6A Gx Gz/Gy Other LTE Network S11 RAN-Core Border Control Plane Functions - IKE - AAA - Routing DRA SBC IMS Core SGW MME CSCF Internet Border Policy / Charging Control SGi Data Plane Functions - Forwarding - QoS - ACL - Inspections Device and Application » vSEG on COTS hardware on Linux » Similar deployment and operational model as today » Benefits: » Removes restriction of physical chassis » scale to very large number of line cards SEG v-SEG (DP) v-SEG (CP)
  • 7. © 2014 Stoke The LTE Security Framework vSEG Phase 2 7 Other LTE Network SGW MME DRA SBC CSCF Internet Border Policy / Charging Control Internet S1-C S1-U Internet V-EPC RAN-Core Border v-SEG (DP) v-SEG (CP) Security Gateway Cloud QoS Inspection ACLs IKE AAA Routing SEG Controller SDN Controller » Disaggregate control plane and data plane functions to scale each function independently. » Can be integrated with Operator's SDN infrastructure » Benefits » Fully elastic on-demand deployment » Capacity can be added dynamically by adding more service nodes » Scale some functions disproportionately
  • 8. © 2014 Stoke Conclusions 8 » Each domain of the LTE Security Framework provides protection against specific threats and therefore has unique functional and performance requirements » S1 Link has stringent performance and latency requirements » Purpose built platforms will remain the mainstay for next few years » Virtualization has benefits, but is not the answer for all use cases | Proprietary and Confidential