SlideShare une entreprise Scribd logo

Infonetics white paper: Security at the Speed of VoLTE

Mary McEvoy Carroll
Mary McEvoy Carroll

The mobile broadband industry’s rapid migration to LTE has opened the door to malicious and non-malicious threats as a result of fundamental vulnerabilities in the all-IP LTE architecture. Consequently, security must be a foundational element of LTE network deployments. As the adoption of IPsec encryption for transporting LTE traffic continues to grow significantly, there is increasing need for a security gateway. This white paper discusses the evolving threat landscape, the economics and performance requirements of security solutions, and the role of the security gateway in LTE networks as subscribers ramp up by the millions every quarter and VoLTE services start to emerge.

Technologie
1  sur  12
Télécharger pour lire hors ligne
I N F O N E T I C S R E S E A R C H W H I T E P A P E R Security at the Speed of VoLTE Infonetics Research White Paper Written by Principal Analyst Stéphane Téral February 2014
i Contents Executive Summary 1 The Need for Securing LTE Networks Has Never Been Greater 2 The world is moving to LTE at a fast and unstoppable pace 3 Exhibit 1: Worldwide LTE Subscriptions 3 And voice, still half of total mobile service revenue, is inevitably moving to LTE as well 4 Exhibit 2: Worldwide VoLTE Market Opportunity 4 This Developing LTE World Provides Hackers with a New Eldorado! 5 Exhibit 3: LTE Network Architecture 5 Meanwhile, potential threats to mobile networks are real and fully documented 6 Exhibit 4: Monthly ATLAS Peak Monitored Attack Sizes 6 Consequently, Security Must Be a Foundational Element of LTE Deployments 7 IPsec encryption is the key mechanism. . . 7 . . . but full IPsec introduces new considerations 7 Now IPsec is gaining momentum, setting the stage for security gateway implementations 8 Security Gateways Also Provide High VoLTE Network Performance and QoS Control 8 Focusing on the S1 interface provides the highest benefits 8 An S1-focused security gateway can process tiny VoLTE packets 9 And manage signaling storms 9 Bottom Line 9 About Infonetics Research 10
1 Executive Summary 2013 ended with more than 6.5 billion mobile subscribers worldwide, of which 175 million are LTE subscribers and 8 million VoLTE subscribers, most of them (90%) in South Korea. This faster than anticipated migration to LTE opens the door to malicious (e.g., hacking) and non-malicious threats (e.g., signaling traffic storms). Good old PLMNs (public land mobile networks) are super secure because they have their own backhaul physical infrastructure with dedicated leased lines (T1s in the US, E1s in Europe; the majority of E1s in Europe were and still are on microwave), making the overall network extremely difficult to hack. Three fundamental factors are making LTE networks more vulnerable than old PLMNs: The flat IP architecture that directly links the cell site to the packet core The addition of small cells that further increases the number of potential access points The rising popularity of network sharing between several mobile operators Consequently, security must be a foundational element of LTE network deployments. Although IPsec encryption was defined as the key mechanism by the 3GPP and the NGMN Alliance, its optional implementation has resulted in sporadic deployments with less than 20% of mobile operators worldwide having it in their LTE network. The main caveats are the use of private backhaul considered “trusted” by the operator, an increased computational impact on eNodeBs, and a bigger overhead at Layer 1 transmission, which translate into additional costs. Though US and South Korean operators have been slow to embrace IPsec, European and Latin American mobile operators have made it a mandatory component of their LTE rollouts. As IPsec adoption for transporting LTE flows continues to grow significantly, the need for a security gateway, which has been considered optional by many operators, increases. As defined by 3GPP/S1 interface, its fundamental function is to perform authentication and encryption/decryption for the IPsec tunnel, and handle IKEv2 authentication to secure the delivery of voice and data services. Given the pace of LTE adoption worldwide, the security gateway needs to be highly scalable to manage hundreds of thousands of concurrent IPsec tunnels. And finally, the security gateway needs to be tactically deployed to do more than perform IPsec encryption and decryption. By placing it at the RAN-EPC edge, it needs to efficiently process small VoLTE packets—64 bytes—in networks that are generally optimized based on the median packet size of 512 bytes or IMIX distribution, and manage potential data-, application- or VoLTE-induced signaling storms. As a result, the security gateway provides both high security and QoS control to the LTE network. Traditional approaches such as firewalls aren’t the same as security gateways unless they meet a stringent set of criteria that meet the scalability, low latency, and security requirements of an exponentially growing data and voice network, a far different scenario from enterprise. © INFONETICS RESEARCH, INC. FEBRUARY 2014 “The security gateway provides both high security and QoS control to the LTE network.”
2 Introduction More than two decades of history in the mobile industry teach us that good old PLMNs (public land mobile networks) have been resilient and highly secured, based on the single fact that a major event has never occurred. All PLMN outages thus far have directly resulted from equipment failures and software bugs; none of them was linked to a malicious attack. As the world moves to LTE at a faster than anticipated pace, malicious and non-malicious threats are rising, because the flat IP, simplified LTE network architecture provides a new range of hacking opportunities and exposes the EPC (evolved packet core) to an onslaught of signaling traffic that used to be captured at the 3G RNC (radio network controller). In addition, voice services now starting to migrate to LTE (VoLTE) are characterized by very small packets for which current mobile networks are not fully optimized, and are also generating their share of signaling traffic. The good news is that there is a 3GPP remedy: IPsec and the security gateway, optional for “trusted” networks and left to mobile operators’ own consideration. And the bad news: given the assumed additional cost and complexity associated with IPsec implementation along with an LTE network rollout, IPsec is far from being mainstream. The situation is rapidly changing: more and more mobile operators make IPsec a mandatory component of their LTE rollout, creating the need for the security gateway. In this paper, we discuss the broader role the security gateway can play in LTE networks as LTE subscribers ramp up by the millions every quarter and VoLTE services start to emerge. By revisiting recent work released by the 3GPP and the NGMN Alliance, we argue that an S1-focused security gateway can not only perform IPsec encryption and decryption, its basic function, but can also process small VoLTE packets and protect the EPC from overwhelming signaling traffic. Put another way, the security gateway provides better VoLTE QoS control and protection of the EPC. The Need for Securing LTE Networks Has Never Been Greater So far so good, more than 6.5 billion people have been enjoying mobile communications services without experiencing a major hacker-induced mobile network outage. The major reason is those traditional 2G and 3G radio networks had their own backhaul physical infrastructure with dedicated leased lines (T1s in the US, E1s in Europe, mostly on microwave links), making the overall network extremely difficult to hack. But spying events do happen: the NSA is suspected of listening to the German Chancellor’s cell phone, and has been collecting data on nearly every US phone! All substantial reported mobile network outages were essentially caused by glitches in core networks (e.g., O2’s and Orange’s HLRs in 2012), and bugs in NodeB software (e.g., Telecom New Zealand in 2012) rather than hackers. Nonetheless, another substantial looming non malicious threat is coming from unexpected traffic surges generated by a large variety of events such as sports (e.g., FIFA World Cup, Super Bowl, Wimbledon tennis finals. . .), politics (e.g., presidential elections), and natural disasters (e.g., the Icelandic volcano eruption). As more and more mobile subscribers flock to shiny LTE networks, all of this is going to get worse! © INFONETICS RESEARCH, INC. FEBRUARY 2014 “An S1-focused security gateway can not only perform IPsec encryption and decryption, but can also process small VoLTE packets and protect the EPC from overwhelming signaling traffic.”
3© INFONETICS RESEARCH, INC. FEBRUARY 2014 The world is moving to LTE at a fast and unstoppable pace The ongoing migration to LTE is happening at a faster pace than what history taught us. Typically it takes 10 years to achieve full migration from one generation (2G) to the next (3G). For example, Japan was the first nation to launch commercial 3G W-CDMA in 2001 and had no 2G left in 2011. Looking at the LTE ramp up, it’s very likely that by 2016, most Japanese subscribers will be on LTE. Taking this new pattern into account, Infonetics Research forecast 755 million LTE subscribers by 2017 from 175 million in 2013. With more and more subscribers flocking LTE networks, voice services will inevitably move to LTE, with 2014 as the VoLTE ramp-up year. Infonetics Research predicts total global wireless subscribers will reach 7.4 billion by 2017, and LTE subscribers will account for just 10% of total mobile subscribers worldwide at that time. The subscriber forecast is directly derived from service providers’ LTE plans. As a result, early adopters in North America—such as Verizon Wireless with 42.7 million subscribers in the fourth quarter of 2013, up from 21.7 million in the same period a year ago—drive the forecast and will likely continue to maintain a significant share throughout given current uptake. Then, a strong ramp-up is expected from 2014 throughout 2017, dominated by Asia Pacific, mainly fueled by China. Exhibit 1: Worldwide LTE Subscriptions Source: Infonetics Research, 2G, 3G, 4G Mobile Infrastructure and Subscribers Market Size, Share and Forecasts, December 2013 0 100 200 300 400 500 600 700 800 North America EMEA Asia Pacific CALA 2012 2013 2014 2015 2016 20172011 Subscribers(inMillions)
4© INFONETICS RESEARCH, INC. FEBRUARY 2014 And voice, still half of total mobile service revenue, is inevitably moving to LTE as well Despite the onslaught of videos and apps crowding LTE networks, voice is not going away. But moving TDM mobile voice, a cash cow business that is still paying the bills and is delivered over one of the most cost-efficient telecom infrastructures, to a brand-new LTE infrastructure is a risky and complicated task. In the 12/12/13 2nd edition of Infonetics Research’s 2G, 3G, 4G Mobile Services and Subscribers: Voice, SMS/MMS, and Broadband biannual market size and forecasts report, total worldwide voice revenue, a $450-billion yearly business, would stay above 50% of total mobile services through 2016, and may decline in 2017. Mobile operators are looking to VoLTE as a profitable service differentiator and revenue stream but at the same time face challenges—the biggest one being the migration of the lucrative $500-billion per year traditional mobile voice business—in combining the unique requirements of VoLTE with protecting the network. Everyone agrees that a VoLTE service needs to have at least the same performance and quality as current circuit-switched voice services. By 2017, worldwide VoLTE subscribers are expected to top 138 million from 8 million in 2013, a 17X increase, and service revenue is expected to reach $2.7B, with a significant chunk, $1.6B, coming from Asia Pacific due to large subscriber numbers as developed economies wake up, despite lower ARPU than in North America. In fact, SK telecom, which was the first to launch commercial VoLTE in June 2012, reported that blended LTE ARPU increased from $35.81 in 1Q12 to $42.84 in 1Q13. What we don’t know yet is the VoLTE impact. Exhibit 2: Worldwide VoLTE Market Opportunity Source: Infonetics Research, Mobile VoIP and Subscribers Worldwide and Regional Market Size and Forecasts, June 2013 0 $0.5B $1B $1.5B $2B $2.5B $3B 0 30 60 90 120 150 Revenue(US$Billions) Subscribers(Millions) SubscribersRevenue 2012 2013 2014 2015 2016 2017
5 Exhibit 3: LTE Network Architecture Source: 3GPP © INFONETICS RESEARCH, INC. FEBRUARY 2014 This Developing LTE World Provides Hackers with a New Eldorado! Nowadays, there is not a single day without a major cyber-attack that breaks down the website of a major corporation, non- profit organization, or government agency. Hacking, which has so far stayed confined to wireline networks, is no longer a hobby but rather a growing big business. With the migration of hundreds of millions of mobile subscriptions to LTE over the next two decades, more and more people are using their mobile devices to go online for apps, videos, mobile banking, and accessing social networks and sensitive information. As a result, there is no question that the LTE network hacking opportunity will be substantial; the LTE architecture pushes more mobility function out to the cell sites, enabling hackers to disrupt subscribers and penetrate new data applications. Three fundamental factors are making LTE networks more vulnerable: Evolved Packet Core eNodeB eNodeB eNodeB X2 Interface S1 Interface 1. The flat LTE topology provides a direct route from eNodeBs (eNBs)—cell sites—to the serving gateway (SGW) in the evolved packet core (EPC), opening the door for denial of service (DoS) attacks and interception of user communications; in other words, there is no centralized intelligent controller, formally BSC and RNC, and the eNodeBs are interconnected via the X2 interface, and connected to the EPC through the S1 interface 2. The addition of small cells or “mini eNodeBs” in the form of microcells, picocells, femtocells, and metrocells. as well as remote radio heads to boost existing capacity will further increase the challenge of physically protecting the resulting heterogeneous network against criminal activity 3. The rising popularity of network sharing that allows several mobile operators to use the same cell site to save cost
6© INFONETICS RESEARCH, INC. FEBRUARY 2014 “The number of large attacks increased massively in 2013: up more than eight times the number in 2012.” Meanwhile, potential threats to mobile networks are real and fully documented There are many standards and documents that describe the attacks and risks in telecommunications networks. As a reference, the security framework defined by the ITU-T X.800/X.805 recommendations shows a threats model summed up as follows: Destruction of information or network resources (e.g., Denial of Service) Unauthorized tampering of an asset Theft, removal or loss of information and resources Eavesdropping or unauthorized access to an asset Network breakdown or outage Arbor Networks’ Worldwide Infrastructure Security Report Volume IX (3Q2013) indicates that accidental or deliberate denial of service (DDoS) attacks against customers still remain the most commonly experienced security threat. There is no end in sight; even worse, the size of the attacks is swelling. Exhibit 4 shows data collected by the Arbor ATLAS system that gathers statistics from 290+ Peakflow SP customers around the world. These statistics include anonymized details of the DDoS attacks monitored by Arbor Networks survey participants. The largest verified, monitored attack in 2013 was 245Gbps, versus 100Gbps in 2013. The number of large attacks monitored by ATLAS (defined as being over 20Gbps) increased massively in 2013—up more than eight times the number in 2012. Exhibit 4: Monthly ATLAS Peak Monitored Attack Sizes Source: Arbor Networks, Inc.
7© INFONETICS RESEARCH, INC. FEBRUARY 2014 Consequently, Security Must Be a Foundational Element of LTE Deployments No matter how extensive the network, today no operator owns the entire end-to-end communications chain. And as in the IP world no one can be trusted, the all-IP flat architecture of LTE networks requires new types of protection because some 2G and 3G functions that initially were performed in the controller—BSC and RNC, respectively—have moved to the eNodeB. The backhaul needs to be all IP as well, which raises another issue: shared transport network infrastructure for the potential coexistence of fixed and mobile services on the same packet network. And finally, the presence of the X2 interface that supports direct handover among the vicinity eNodeBs, involves stronger security requirements on the nodes. IPsec encryption is the key mechanism. . . Security issues in LTE networks have already been addressed by both the 3GPP and the NGMN, which made recommendations that are left to mobile operators themselves to adopt or not. Three hierarchical scenarios are proposed, starting from an unprotected trusted network, meaning in total absence of IPsec and just leveraging existing mechanisms available in packet core networks. The second scenario uses IPsec for protecting the LTE control traffic (S1-C, X2-C), often considered as the most sensible for the service continuity. And in the third scenario, full IPsec protection is proposed for both control and user traffic. . . . but full IPsec introduces new considerations The main advantage of full IPsec protection is clearly the protection offered to all of the traffic with no distinction but the main caveat is the potential for increased computational impact on eNB and a bigger overhead at L1 transmission and perceived operational complexity. As a result, mobile operators have been reluctant to implement IPsec, especially if they consider their networks and backhaul “trusted.” It’s interesting that US and South Korean service providers, early LTE adopters together accounting for more than 50% of worldwide LTE subscribers, have been slow to embrace the need for IPsec, whereas their European counterparts—led by Deutsche Telekom—are adopting IPsec at a fast pace. It’s only in 2013 that Europe’s Big 5 (Deutsche Telekom, Orange, Telefónica, Telecom Italia, and Vodafone) started significant LTE deployments, almost four years after Japan, South Korea, and the US, but they made IPsec a chief requirement, despite the additional cost. Conversely, time-to-market was so important in the US and South Korea that mobile operators preferred to tackle the issue later. There was also a common belief that the networks were sufficiently closed to be adequately secured, but the requirement for various alternative backhaul strategies (e.g., the use of small cells, wireless hand off, and roaming services) effectively introduced a number of entry points for potential threats. Infonetics Research’s Carrier WiFi Equipment market share, size, and forecast report (November 15, 2013) indicates that $8.5 billion is to be spent on carrier WiFi equipment over the next 5 years, and operators are looking to consumer femtocells to increase ARPU via new apps and services. Meanwhile, Japan’s NTT DOCOMO saw the issue differently and was successful in deploying IPsec and achieving time-to-market at the same time.
8© INFONETICS RESEARCH, INC. FEBRUARY 2014 Now IPsec is gaining momentum, setting the stage for security gateway implementations With more than 260 commercial LTE networks up and running across the globe, more and more mobile operators are implementing IPsec. However, Infonetics Research’s quarterly LTE deployment tracker, a part of the 2G, 3G, 4G Mobile Infrastructure and Subscribers report, indicates only 20% of mobile operators worldwide had deployed IPsec in their LTE network by the end of 2013. As IPsec adoption for transporting LTE flows continues to grow significantly, the need for a security gateway, which has been considered optional by many operators, increases. As defined by 3GPP/S1 interface, its fundamental function is to perform authentication and encryption/decryption for the IPsec tunnel, and handle IKEv2 authentication to secure the delivery of voice and data services. Given the pace of LTE adoption worldwide, the security gateway needs to be highly scalable to manage hundreds of thousands of concurrent IPsec tunnels. In the meantime, the very few mobile operators that deployed a security gateway in the first place while constructing their LTE networks are clearly seeing the benefits of high security, particularly in non- controlled backhaul environments, and expect better QoS control when launching VoLTE. Security Gateways Also Provide High VoLTE Network Performance and QoS Control Jitter-free and latency-free traffic are the chief stringent VoLTE requirements that can be met by prioritizing and optimizing voice traffic, a function that can be offered by a robust security gateway. The mobile Internet is a very unique world: it is set it apart from typical enterprise network traffic by the required exponential level of scalability and traffic volume processing, the ability to adapt to signaling issues, chatty apps, and network outages creating thousands of reconnection attempts and other events. In addition to performing IPsec, a security gateway can also manage IP sessions and do IP charging functions and policy enforcement although these are not primary functions; some of these functions may have already been implemented in the core networks—the IMS core for instance. And of course introducing a security gateway in an LTE network should not degrade network performances, starting with latency that is the most important requirement for real-time traffic such as voice. In its February 2012 Security in LTE Backhauling paper, the NGMN Alliance made the case for security gateway implementations beyond the simple need for securing the transport of LTE flows and listed the effects of the security gateway, which are directly linked to its position in the network, given the overall network topology, and required scalability, and performance. The extreme and unlikely option would consist in placing the security gateway close to the eNodeB and focusing on the X2 interface, which in turn would lead to a vast array of security gateways, a costly and ineffective proposition. The opposite option places the security gateway just in front of the EPC, directly connected either to the MME or the S/P-GW, or in an intermediate aggregation center, depending on the operator network topology. In this case, one redundant security gateway can support hundreds of thousands of eNodeBs or HeNodeBs, significantly reducing the equipment needed. That way, the security gateway protects and manages efficiently the S1 wide open area that opens the door to the most sensitive part of the network; specifically, it can process small VoLTE packets, and manage potential signaling storms.
9© INFONETICS RESEARCH, INC. FEBRUARY 2014 As an illustration of the potential signaling damage an S1-focused security gateway can shield, research from the UK’s University of Surrey provides a baseline for calculating MME/SGW/PGW signaling load increase: a macrocell with radius of 1km and 64 users. As the cell size decreases the number of achievable handovers, the signaling load due to mobility events increases significantly. For instance, 10 times more signaling load to the MME/SGW/PGW when cell radius reduces to 100m. An S1-focused security gateway can process tiny VoLTE packets As long as the security gateway delivers line rate performance that sustains throughput levels at core network aggregation points regardless of packet size, it will treat a VoLTE packet the same way as any other packets. In RFC 2544, IETF recommends that seven standard frame sizes (e.g., 64, 128, 256, 512, 1024, 1280 and 1518 byte) be tested multiple times, for a specified length of time. This is because all these frame sizes are used in the network and so the results for each must be known. However, most networks are optimized based on the median packet size of 512 bytes and are not ready to meet the performance requirements for VoLTE, because voice packets are less than 100 bytes. For example, the Adaptive Multirate Wideband (AMR- WB) voice codec has a low transmission rate of 23.85Kbps and a packet size of 64 bytes. And manage signaling storms As the security gateway sits in front of the packet core, it can filter and manage the signaling traffic it reaches the core—the MME and the HLR/HSS—and causes a major outage. Early LTE adopters such as SK telecom, KT and Verizon Wireless have made no secrets of the tremendous amount of signaling traffic that hit their core networks. In 3G, this traffic stormed the RNC, which eventually collapsed as seen in the AT&T network back in 2007 after the introduction of the iPhone. Over-the-top applications are very well known for their overwhelming signaling effects on mobile networks that are triggered by the simple need to maintain active sessions, even more so for VoIP services. VoLTE services require additional signaling for setting up a dedicated GBR (guaranteed bit rate) bearer to fulfill the QoS requirement. Although the resulting signaling traffic is expected to have minimal impact on core networks when compared to the existing OTT signaling tsunami, the impact is not yet known because of the low starting subscriber numbers; it could be significant due to the events IMS-based VoLTE architecture generates. Bottom Line Back in the 3G days, mostly around 2007, discussions about the role of a security gateway in the packet core network led to many debates and various schools of thoughts that basically left it stuck on the vendor’s shelf. Today, the situation is dramatically different: the rapid migration to LTE is making the IP flat architecture look like an appealing hacking platform and exposes the EPC to a never seen onslaught of signaling traffic that used to be caught by the RNC. Consequently, the need for a security gateway that can effectively manage hundreds of thousands of concurrent IPsec tunnels, process tiny VoLTE packets, and filter signaling traffic—all without negatively affecting the overall performances of the network—has never been greater.
I N F O N E T I C S R E S E A R C H W H I T E P A P E R © INFONETICS RESEARCH, INC. FEBRUARY 2014 White Paper Author Stéphane Téral Principal Analyst, Mobile Infrastructure and Carrier Economics Infonetics Research stephane@infonetics.com +1 408.583.3371 Commissioned by Stoke to educate the industry about security gateways, this paper was written autonomously by analyst Stéphane Téral based on Infonetics’ independent mobile and security research. About Infonetics Research Infonetics Research is an international market research and consulting analyst firm serving the communications industry since 1990. A leader in defining and tracking emerging and established technologies in all world regions, Infonetics helps clients plan, strategize, and compete more effectively. Report Reprints and Custom Research To learn about distributing excerpts from Infonetics reports or to learn about custom research opportunities, please contact: North America (West), Asia Pacific Larry Howard, Vice President, larry@infonetics.com, +1 408.583.3335 North America (East, Midwest, Texas), Latin America Scott Coyne, Senior Account Director, scott@infonetics.com, +1 408.583.3395 Europe, Middle East, Africa, India, Singapore George Stojsavljevic, Senior Account Director, george@infonetics.com, +44 755.488.1623 Japan, South Korea, China, Taiwan http://www.infonetics.com/contact.asp 695 TECHNOLOGY PARKWAY SUITE 200 CAMPBELL, CALIFORNIA 95008 TEL 408.583.0011 FAX 408.583.0031 www.infonetics.com S I L I C O N V A L L E Y – B O S T O N M E T R O – L O N D O N – A M S T E R D A M – S H A N G H A I – T O K Y O

Recommandé

A Review of Low Power Wide Area Technology in Licensed and Unlicensed Spectru...
A Review of Low Power Wide Area Technology in Licensed and Unlicensed Spectru...A Review of Low Power Wide Area Technology in Licensed and Unlicensed Spectru...
A Review of Low Power Wide Area Technology in Licensed and Unlicensed Spectru...journalBEEI
 
Characteristics of the 6 wireless protocols
Characteristics of the 6 wireless protocolsCharacteristics of the 6 wireless protocols
Characteristics of the 6 wireless protocolsAntenna Manufacturer Coco
 
4g security presentation
4g security presentation4g security presentation
4g security presentationKyle Ly
 
Private LTE - White Paper
Private LTE - White PaperPrivate LTE - White Paper
Private LTE - White PaperST Engineering iDirect
 
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...Lindsey Landolfi
 
Lte security solution white paper(20130207)
Lte security solution white paper(20130207)Lte security solution white paper(20130207)
Lte security solution white paper(20130207)Mohamed Tharwat Waheed
 
Bluetooth- A wireless technology
Bluetooth- A wireless technologyBluetooth- A wireless technology
Bluetooth- A wireless technologyNeha Jella
 
Bluetooth
BluetoothBluetooth
BluetoothHina Saxena
 

Recommandé

A Review of Low Power Wide Area Technology in Licensed and Unlicensed Spectru...
A Review of Low Power Wide Area Technology in Licensed and Unlicensed Spectru...A Review of Low Power Wide Area Technology in Licensed and Unlicensed Spectru...
A Review of Low Power Wide Area Technology in Licensed and Unlicensed Spectru...journalBEEI
 
Characteristics of the 6 wireless protocols
Characteristics of the 6 wireless protocolsCharacteristics of the 6 wireless protocols
Characteristics of the 6 wireless protocolsAntenna Manufacturer Coco
 
4g security presentation
4g security presentation4g security presentation
4g security presentationKyle Ly
 
Private LTE - White Paper
Private LTE - White PaperPrivate LTE - White Paper
Private LTE - White PaperST Engineering iDirect
 
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...Lindsey Landolfi
 
Lte security solution white paper(20130207)
Lte security solution white paper(20130207)Lte security solution white paper(20130207)
Lte security solution white paper(20130207)Mohamed Tharwat Waheed
 
Bluetooth- A wireless technology
Bluetooth- A wireless technologyBluetooth- A wireless technology
Bluetooth- A wireless technologyNeha Jella
 
Bluetooth
BluetoothBluetooth
BluetoothHina Saxena
 
Lte security concepts and design considerations
Lte security concepts and design considerationsLte security concepts and design considerations
Lte security concepts and design considerationsMary McEvoy Carroll
 
TOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBED
TOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBEDTOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBED
TOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBEDijngnjournal
 
Bluetooth
Bluetooth Bluetooth
Bluetooth Amber Memon
 
Bluetooth
BluetoothBluetooth
BluetoothAnamika Garg
 
IT WRITING SAMPLES PORTFOLIO
IT WRITING SAMPLES PORTFOLIOIT WRITING SAMPLES PORTFOLIO
IT WRITING SAMPLES PORTFOLIOSerena Rinaldi Lambiase
 
5G Technology
5G Technology5G Technology
5G TechnologySaurabh Nambiar
 
Bluetooth
BluetoothBluetooth
BluetoothSarah Saqib
 
Bluetooth, RFID and WiMAX Technologies
Bluetooth, RFID and WiMAX TechnologiesBluetooth, RFID and WiMAX Technologies
Bluetooth, RFID and WiMAX TechnologiesMukesh Chinta
 
Lifi technology presentation
Lifi technology presentation Lifi technology presentation
Lifi technology presentation ShivPatel206800
 
A Brief Review on Wireless Networks
A Brief Review on Wireless NetworksA Brief Review on Wireless Networks
A Brief Review on Wireless NetworksIRJET Journal
 
Future of Wireless Technology
Future of Wireless TechnologyFuture of Wireless Technology
Future of Wireless TechnologyNisha Menon K
 
Emerging Wireless (4 G Lte M2M Cognitive Radios) Technologies Patent and Stan...
Emerging Wireless (4 G Lte M2M Cognitive Radios) Technologies Patent and Stan...Emerging Wireless (4 G Lte M2M Cognitive Radios) Technologies Patent and Stan...
Emerging Wireless (4 G Lte M2M Cognitive Radios) Technologies Patent and Stan...Alex G. Lee, Ph.D. Esq. CLP
 
4G recommendation
4G recommendation4G recommendation
4G recommendationJesus Valencia Lavao
 
A Review on Wireless Technologies
A Review on Wireless TechnologiesA Review on Wireless Technologies
A Review on Wireless TechnologiesIRJET Journal
 
What is LTE?
What is LTE?What is LTE?
What is LTE?Antenna Manufacturer Coco
 
WIRELESS TECHNOLOGY-Bluetooth
WIRELESS TECHNOLOGY-Bluetooth WIRELESS TECHNOLOGY-Bluetooth
WIRELESS TECHNOLOGY-Bluetooth Sana Alvi
 
Telecommunications, the internet, and wireless technology
Telecommunications, the internet, and wireless technologyTelecommunications, the internet, and wireless technology
Telecommunications, the internet, and wireless technologyProf. Othman Alsalloum
 
LTE-M vs NB-IoT
LTE-M vs NB-IoTLTE-M vs NB-IoT
LTE-M vs NB-IoTAntenna Manufacturer Coco
 
factsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlfactsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlSylvain Maret
 
Bluetooth technology
Bluetooth technologyBluetooth technology
Bluetooth technologyDeevena Dayaal
 
C:\Documents And Settings\Kthibodeau\Desktop\Sales And T Rx Share Brands And ...
C:\Documents And Settings\Kthibodeau\Desktop\Sales And T Rx Share Brands And ...C:\Documents And Settings\Kthibodeau\Desktop\Sales And T Rx Share Brands And ...
C:\Documents And Settings\Kthibodeau\Desktop\Sales And T Rx Share Brands And ...IMS Health
 
A quick wrap up of presentations at ims world forum issue 1
A quick wrap up of presentations at ims world forum issue 1A quick wrap up of presentations at ims world forum issue 1
A quick wrap up of presentations at ims world forum issue 1Alan Quayle
 

Contenu connexe

Tendances

Lte security concepts and design considerations
Lte security concepts and design considerationsLte security concepts and design considerations
Lte security concepts and design considerationsMary McEvoy Carroll
 
TOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBED
TOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBEDTOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBED
TOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBEDijngnjournal
 
Bluetooth, RFID and WiMAX Technologies
Bluetooth, RFID and WiMAX TechnologiesBluetooth, RFID and WiMAX Technologies
Bluetooth, RFID and WiMAX TechnologiesMukesh Chinta
 
Lifi technology presentation
Lifi technology presentation Lifi technology presentation
Lifi technology presentation ShivPatel206800
 
A Brief Review on Wireless Networks
A Brief Review on Wireless NetworksA Brief Review on Wireless Networks
A Brief Review on Wireless NetworksIRJET Journal
 
Future of Wireless Technology
Future of Wireless TechnologyFuture of Wireless Technology
Future of Wireless TechnologyNisha Menon K
 
Emerging Wireless (4 G Lte M2M Cognitive Radios) Technologies Patent and Stan...
Emerging Wireless (4 G Lte M2M Cognitive Radios) Technologies Patent and Stan...Emerging Wireless (4 G Lte M2M Cognitive Radios) Technologies Patent and Stan...
Emerging Wireless (4 G Lte M2M Cognitive Radios) Technologies Patent and Stan...Alex G. Lee, Ph.D. Esq. CLP
 
A Review on Wireless Technologies
A Review on Wireless TechnologiesA Review on Wireless Technologies
A Review on Wireless TechnologiesIRJET Journal
 
WIRELESS TECHNOLOGY-Bluetooth
WIRELESS TECHNOLOGY-Bluetooth WIRELESS TECHNOLOGY-Bluetooth
WIRELESS TECHNOLOGY-Bluetooth Sana Alvi
 
Telecommunications, the internet, and wireless technology
Telecommunications, the internet, and wireless technologyTelecommunications, the internet, and wireless technology
Telecommunications, the internet, and wireless technologyProf. Othman Alsalloum
 
factsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlfactsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlSylvain Maret
 

Tendances (20)

Lte security concepts and design considerations
Lte security concepts and design considerationsLte security concepts and design considerations
Lte security concepts and design considerations
 
TOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBED
TOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBEDTOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBED
TOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBED
 
Bluetooth
Bluetooth Bluetooth
Bluetooth
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
IT WRITING SAMPLES PORTFOLIO
IT WRITING SAMPLES PORTFOLIOIT WRITING SAMPLES PORTFOLIO
IT WRITING SAMPLES PORTFOLIO
 
5G Technology
5G Technology5G Technology
5G Technology
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
Bluetooth, RFID and WiMAX Technologies
Bluetooth, RFID and WiMAX TechnologiesBluetooth, RFID and WiMAX Technologies
Bluetooth, RFID and WiMAX Technologies
 
Lifi technology presentation
Lifi technology presentation Lifi technology presentation
Lifi technology presentation
 
A Brief Review on Wireless Networks
A Brief Review on Wireless NetworksA Brief Review on Wireless Networks
A Brief Review on Wireless Networks
 
Future of Wireless Technology
Future of Wireless TechnologyFuture of Wireless Technology
Future of Wireless Technology
 
Emerging Wireless (4 G Lte M2M Cognitive Radios) Technologies Patent and Stan...
Emerging Wireless (4 G Lte M2M Cognitive Radios) Technologies Patent and Stan...Emerging Wireless (4 G Lte M2M Cognitive Radios) Technologies Patent and Stan...
Emerging Wireless (4 G Lte M2M Cognitive Radios) Technologies Patent and Stan...
 
4G recommendation
4G recommendation4G recommendation
4G recommendation
 
A Review on Wireless Technologies
A Review on Wireless TechnologiesA Review on Wireless Technologies
A Review on Wireless Technologies
 
What is LTE?
What is LTE?What is LTE?
What is LTE?
 
WIRELESS TECHNOLOGY-Bluetooth
WIRELESS TECHNOLOGY-Bluetooth WIRELESS TECHNOLOGY-Bluetooth
WIRELESS TECHNOLOGY-Bluetooth
 
Telecommunications, the internet, and wireless technology
Telecommunications, the internet, and wireless technologyTelecommunications, the internet, and wireless technology
Telecommunications, the internet, and wireless technology
 
LTE-M vs NB-IoT
LTE-M vs NB-IoTLTE-M vs NB-IoT
LTE-M vs NB-IoT
 
factsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlfactsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vl
 
Bluetooth technology
Bluetooth technologyBluetooth technology
Bluetooth technology
 

En vedette

C:\Documents And Settings\Kthibodeau\Desktop\Sales And T Rx Share Brands And ...
C:\Documents And Settings\Kthibodeau\Desktop\Sales And T Rx Share Brands And ...C:\Documents And Settings\Kthibodeau\Desktop\Sales And T Rx Share Brands And ...
C:\Documents And Settings\Kthibodeau\Desktop\Sales And T Rx Share Brands And ...IMS Health
 
A quick wrap up of presentations at ims world forum issue 1
A quick wrap up of presentations at ims world forum issue 1A quick wrap up of presentations at ims world forum issue 1
A quick wrap up of presentations at ims world forum issue 1Alan Quayle
 
Session 6 Tp 6
Session 6 Tp 6Session 6 Tp 6
Session 6 Tp 6githe26200
 
DPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukDPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukIntel
 
Fundarc-Comm-WiFi_calling
Fundarc-Comm-WiFi_callingFundarc-Comm-WiFi_calling
Fundarc-Comm-WiFi_callingSaurabh Verma
 
Best Practices for Network Security Management
Best Practices for Network Security Management Best Practices for Network Security Management
Best Practices for Network Security Management Skybox Security
 
WebRTC standards update (April 2014)
WebRTC standards update (April 2014)WebRTC standards update (April 2014)
WebRTC standards update (April 2014)Victor Pascual Ávila
 
WiFi-integration into EPC
WiFi-integration into EPCWiFi-integration into EPC
WiFi-integration into EPCFranz Edler
 
Distributed Antenna Systems and Compact Base Stations: When to Use Which?
Distributed Antenna Systems and Compact Base Stations: When to Use Which?Distributed Antenna Systems and Compact Base Stations: When to Use Which?
Distributed Antenna Systems and Compact Base Stations: When to Use Which?Frank Rayal
 
Understanding Wi-Fi offload
Understanding Wi-Fi offloadUnderstanding Wi-Fi offload
Understanding Wi-Fi offloadKenan Masic
 
Internet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolInternet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolNetwax Lab
 
VoLTE Service Monitoring - VoLTE Voice Call
VoLTE Service Monitoring - VoLTE Voice CallVoLTE Service Monitoring - VoLTE Voice Call
VoLTE Service Monitoring - VoLTE Voice CallJose Gonzalez
 

En vedette (20)

C:\Documents And Settings\Kthibodeau\Desktop\Sales And T Rx Share Brands And ...
C:\Documents And Settings\Kthibodeau\Desktop\Sales And T Rx Share Brands And ...C:\Documents And Settings\Kthibodeau\Desktop\Sales And T Rx Share Brands And ...
C:\Documents And Settings\Kthibodeau\Desktop\Sales And T Rx Share Brands And ...
 
A quick wrap up of presentations at ims world forum issue 1
A quick wrap up of presentations at ims world forum issue 1A quick wrap up of presentations at ims world forum issue 1
A quick wrap up of presentations at ims world forum issue 1
 
IMS Service Rev. 2015
IMS Service Rev. 2015IMS Service Rev. 2015
IMS Service Rev. 2015
 
IMS framework On Labs
IMS framework On LabsIMS framework On Labs
IMS framework On Labs
 
Session 6 Tp 6
Session 6 Tp 6Session 6 Tp 6
Session 6 Tp 6
 
IMS Signaling Details
IMS Signaling DetailsIMS Signaling Details
IMS Signaling Details
 
Xcap
XcapXcap
Xcap
 
DPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukDPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii Tkachuk
 
Fundarc-Comm-WiFi_calling
Fundarc-Comm-WiFi_callingFundarc-Comm-WiFi_calling
Fundarc-Comm-WiFi_calling
 
Best Practices for Network Security Management
Best Practices for Network Security Management Best Practices for Network Security Management
Best Practices for Network Security Management
 
BICSI Wireless DAS Update
BICSI Wireless DAS UpdateBICSI Wireless DAS Update
BICSI Wireless DAS Update
 
WebRTC standards update (April 2014)
WebRTC standards update (April 2014)WebRTC standards update (April 2014)
WebRTC standards update (April 2014)
 
WiFi-integration into EPC
WiFi-integration into EPCWiFi-integration into EPC
WiFi-integration into EPC
 
Distributed Antenna Systems and Compact Base Stations: When to Use Which?
Distributed Antenna Systems and Compact Base Stations: When to Use Which?Distributed Antenna Systems and Compact Base Stations: When to Use Which?
Distributed Antenna Systems and Compact Base Stations: When to Use Which?
 
Understanding Wi-Fi offload
Understanding Wi-Fi offloadUnderstanding Wi-Fi offload
Understanding Wi-Fi offload
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
Internet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolInternet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) Protocol
 
VoLTE Testing Explained
VoLTE Testing ExplainedVoLTE Testing Explained
VoLTE Testing Explained
 
VoLTE Service Monitoring - VoLTE Voice Call
VoLTE Service Monitoring - VoLTE Voice CallVoLTE Service Monitoring - VoLTE Voice Call
VoLTE Service Monitoring - VoLTE Voice Call
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 

Similaire à Infonetics white paper: Security at the Speed of VoLTE

Security lte environment_cook_zuong
Security lte environment_cook_zuongSecurity lte environment_cook_zuong
Security lte environment_cook_zuongHoanPeterDuongPronou
 
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachScaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachF5 Networks
 
Conectividad inalámbrica para Internet de las cosas(Telecomunicaciones)
Conectividad inalámbrica para Internet de las cosas(Telecomunicaciones)Conectividad inalámbrica para Internet de las cosas(Telecomunicaciones)
Conectividad inalámbrica para Internet de las cosas(Telecomunicaciones)SANTIAGO PABLO ALBERTO
 
Towards Future 4G Mobile Networks: A Real-World IMS Testbed
Towards Future 4G Mobile Networks: A Real-World IMS TestbedTowards Future 4G Mobile Networks: A Real-World IMS Testbed
Towards Future 4G Mobile Networks: A Real-World IMS Testbedjosephjonse
 
Rach congestion in vehicular
Rach congestion in vehicularRach congestion in vehicular
Rach congestion in vehicularijwmn
 
LTE_Inbuilding_SWP
LTE_Inbuilding_SWPLTE_Inbuilding_SWP
LTE_Inbuilding_SWPBen O'Nolan
 
Paving the path to Narrowband 5G with LTE Internet of Things
Paving the path to Narrowband 5G with LTE Internet of ThingsPaving the path to Narrowband 5G with LTE Internet of Things
Paving the path to Narrowband 5G with LTE Internet of ThingsQualcomm Research
 
4G Wireless Technology
4G Wireless Technology4G Wireless Technology
4G Wireless Technologyijtsrd
 
Ims architecture white_paper
Ims architecture white_paperIms architecture white_paper
Ims architecture white_paperPrashant Sengar
 
Ims architecture white_paper
Ims architecture white_paperIms architecture white_paper
Ims architecture white_paperDivyansh Gupta
 
Ims architecture white_paper
Ims architecture white_paperIms architecture white_paper
Ims architecture white_paperHema Makani
 
Td lte whitepaper-low-res_online
Td lte whitepaper-low-res_onlineTd lte whitepaper-low-res_online
Td lte whitepaper-low-res_onlineHuseyin Turker
 
TECHNIQUES FOR OFFLOADING LTE EVOLVED PACKET CORE TRAFFIC USING OPENFLOW: A C...
TECHNIQUES FOR OFFLOADING LTE EVOLVED PACKET CORE TRAFFIC USING OPENFLOW: A C...TECHNIQUES FOR OFFLOADING LTE EVOLVED PACKET CORE TRAFFIC USING OPENFLOW: A C...
TECHNIQUES FOR OFFLOADING LTE EVOLVED PACKET CORE TRAFFIC USING OPENFLOW: A C...IJCNCJournal
 
Infonetics and Stoke webinar: Security at the speed of VoLTE
Infonetics and Stoke webinar: Security at the speed of VoLTEInfonetics and Stoke webinar: Security at the speed of VoLTE
Infonetics and Stoke webinar: Security at the speed of VoLTEMary McEvoy Carroll
 

Similaire à Infonetics white paper: Security at the Speed of VoLTE (20)

Security lte environment_cook_zuong
Security lte environment_cook_zuongSecurity lte environment_cook_zuong
Security lte environment_cook_zuong
 
LTE-M and NB-IoT Relationships
LTE-M and NB-IoT RelationshipsLTE-M and NB-IoT Relationships
LTE-M and NB-IoT Relationships
 
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachScaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
 
A GUIDE TO MOBILE IOT
A GUIDE TO MOBILE IOTA GUIDE TO MOBILE IOT
A GUIDE TO MOBILE IOT
 
Conectividad inalámbrica para Internet de las cosas(Telecomunicaciones)
Conectividad inalámbrica para Internet de las cosas(Telecomunicaciones)Conectividad inalámbrica para Internet de las cosas(Telecomunicaciones)
Conectividad inalámbrica para Internet de las cosas(Telecomunicaciones)
 
Towards Future 4G Mobile Networks: A Real-World IMS Testbed
Towards Future 4G Mobile Networks: A Real-World IMS TestbedTowards Future 4G Mobile Networks: A Real-World IMS Testbed
Towards Future 4G Mobile Networks: A Real-World IMS Testbed
 
Rach congestion in vehicular
Rach congestion in vehicularRach congestion in vehicular
Rach congestion in vehicular
 
LTE_Inbuilding_SWP
LTE_Inbuilding_SWPLTE_Inbuilding_SWP
LTE_Inbuilding_SWP
 
NB-IoT vs Lora.pdf
NB-IoT vs Lora.pdfNB-IoT vs Lora.pdf
NB-IoT vs Lora.pdf
 
NB-IoT vs Lora.pdf
NB-IoT vs Lora.pdfNB-IoT vs Lora.pdf
NB-IoT vs Lora.pdf
 
Paving the path to Narrowband 5G with LTE Internet of Things
Paving the path to Narrowband 5G with LTE Internet of ThingsPaving the path to Narrowband 5G with LTE Internet of Things
Paving the path to Narrowband 5G with LTE Internet of Things
 
Report on 4 g
Report on 4 gReport on 4 g
Report on 4 g
 
4G Wireless Technology
4G Wireless Technology4G Wireless Technology
4G Wireless Technology
 
NB-IoT and 5G
NB-IoT and 5GNB-IoT and 5G
NB-IoT and 5G
 
Ims architecture white_paper
Ims architecture white_paperIms architecture white_paper
Ims architecture white_paper
 
Ims architecture white_paper
Ims architecture white_paperIms architecture white_paper
Ims architecture white_paper
 
Ims architecture white_paper
Ims architecture white_paperIms architecture white_paper
Ims architecture white_paper
 
Td lte whitepaper-low-res_online
Td lte whitepaper-low-res_onlineTd lte whitepaper-low-res_online
Td lte whitepaper-low-res_online
 
TECHNIQUES FOR OFFLOADING LTE EVOLVED PACKET CORE TRAFFIC USING OPENFLOW: A C...
TECHNIQUES FOR OFFLOADING LTE EVOLVED PACKET CORE TRAFFIC USING OPENFLOW: A C...TECHNIQUES FOR OFFLOADING LTE EVOLVED PACKET CORE TRAFFIC USING OPENFLOW: A C...
TECHNIQUES FOR OFFLOADING LTE EVOLVED PACKET CORE TRAFFIC USING OPENFLOW: A C...
 
Infonetics and Stoke webinar: Security at the speed of VoLTE
Infonetics and Stoke webinar: Security at the speed of VoLTEInfonetics and Stoke webinar: Security at the speed of VoLTE
Infonetics and Stoke webinar: Security at the speed of VoLTE
 

Plus de Mary McEvoy Carroll

Hadoop top 20 influencers of 2015
Hadoop top 20 influencers of 2015Hadoop top 20 influencers of 2015
Hadoop top 20 influencers of 2015Mary McEvoy Carroll
 
Machine learning's 2015 top influencers
Machine learning's 2015 top influencersMachine learning's 2015 top influencers
Machine learning's 2015 top influencersMary McEvoy Carroll
 
What is the connected retail environment?
What is the connected retail environment?What is the connected retail environment?
What is the connected retail environment?Mary McEvoy Carroll
 
A guided tour to the internet of things in the sim connected world
A guided tour to the internet of things in the sim connected worldA guided tour to the internet of things in the sim connected world
A guided tour to the internet of things in the sim connected worldMary McEvoy Carroll
 
Connectem VCM powered by VMware - partner brief
Connectem VCM powered by VMware - partner briefConnectem VCM powered by VMware - partner brief
Connectem VCM powered by VMware - partner briefMary McEvoy Carroll
 
Top5 protectiondomains infographic_final
Top5 protectiondomains infographic_finalTop5 protectiondomains infographic_final
Top5 protectiondomains infographic_finalMary McEvoy Carroll
 
Securing the LTE Core: the Road to NFV
Securing the LTE Core: the Road to NFVSecuring the LTE Core: the Road to NFV
Securing the LTE Core: the Road to NFVMary McEvoy Carroll
 
Secure from GO: Design considerations for the integration of security into L...
Secure from GO: Design considerations for the integration of security into L...Secure from GO: Design considerations for the integration of security into L...
Secure from GO: Design considerations for the integration of security into L...Mary McEvoy Carroll
 
Secure from go: Stoke Guide to Securing LTE Networks from Day 1
Secure from go: Stoke Guide to Securing LTE Networks from Day 1Secure from go: Stoke Guide to Securing LTE Networks from Day 1
Secure from go: Stoke Guide to Securing LTE Networks from Day 1Mary McEvoy Carroll
 

Plus de Mary McEvoy Carroll (13)

Hadoop top 20 influencers of 2015
Hadoop top 20 influencers of 2015Hadoop top 20 influencers of 2015
Hadoop top 20 influencers of 2015
 
Machine learning's 2015 top influencers
Machine learning's 2015 top influencersMachine learning's 2015 top influencers
Machine learning's 2015 top influencers
 
What is the connected retail environment?
What is the connected retail environment?What is the connected retail environment?
What is the connected retail environment?
 
A guided tour to the internet of things in the sim connected world
A guided tour to the internet of things in the sim connected worldA guided tour to the internet of things in the sim connected world
A guided tour to the internet of things in the sim connected world
 
Connectem VCM powered by VMware - partner brief
Connectem VCM powered by VMware - partner briefConnectem VCM powered by VMware - partner brief
Connectem VCM powered by VMware - partner brief
 
Latency considerations in_lte
Latency considerations in_lteLatency considerations in_lte
Latency considerations in_lte
 
Securing the shared network
Securing the shared networkSecuring the shared network
Securing the shared network
 
Top5 protectiondomains infographic_final
Top5 protectiondomains infographic_finalTop5 protectiondomains infographic_final
Top5 protectiondomains infographic_final
 
Sec conf london_v07
Sec conf london_v07Sec conf london_v07
Sec conf london_v07
 
Securing the LTE Core: the Road to NFV
Securing the LTE Core: the Road to NFVSecuring the LTE Core: the Road to NFV
Securing the LTE Core: the Road to NFV
 
Secure from GO: Design considerations for the integration of security into L...
Secure from GO: Design considerations for the integration of security into L...Secure from GO: Design considerations for the integration of security into L...
Secure from GO: Design considerations for the integration of security into L...
 
Secure from go: Stoke Guide to Securing LTE Networks from Day 1
Secure from go: Stoke Guide to Securing LTE Networks from Day 1Secure from go: Stoke Guide to Securing LTE Networks from Day 1
Secure from go: Stoke Guide to Securing LTE Networks from Day 1
 
Lte transport requirements
Lte transport requirementsLte transport requirements
Lte transport requirements
 

Dernier

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 

Dernier (20)

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 

Infonetics white paper: Security at the Speed of VoLTE

  • 1. I N F O N E T I C S R E S E A R C H W H I T E P A P E R Security at the Speed of VoLTE Infonetics Research White Paper Written by Principal Analyst Stéphane Téral February 2014
  • 2. i Contents Executive Summary 1 The Need for Securing LTE Networks Has Never Been Greater 2 The world is moving to LTE at a fast and unstoppable pace 3 Exhibit 1: Worldwide LTE Subscriptions 3 And voice, still half of total mobile service revenue, is inevitably moving to LTE as well 4 Exhibit 2: Worldwide VoLTE Market Opportunity 4 This Developing LTE World Provides Hackers with a New Eldorado! 5 Exhibit 3: LTE Network Architecture 5 Meanwhile, potential threats to mobile networks are real and fully documented 6 Exhibit 4: Monthly ATLAS Peak Monitored Attack Sizes 6 Consequently, Security Must Be a Foundational Element of LTE Deployments 7 IPsec encryption is the key mechanism. . . 7 . . . but full IPsec introduces new considerations 7 Now IPsec is gaining momentum, setting the stage for security gateway implementations 8 Security Gateways Also Provide High VoLTE Network Performance and QoS Control 8 Focusing on the S1 interface provides the highest benefits 8 An S1-focused security gateway can process tiny VoLTE packets 9 And manage signaling storms 9 Bottom Line 9 About Infonetics Research 10
  • 3. 1 Executive Summary 2013 ended with more than 6.5 billion mobile subscribers worldwide, of which 175 million are LTE subscribers and 8 million VoLTE subscribers, most of them (90%) in South Korea. This faster than anticipated migration to LTE opens the door to malicious (e.g., hacking) and non-malicious threats (e.g., signaling traffic storms). Good old PLMNs (public land mobile networks) are super secure because they have their own backhaul physical infrastructure with dedicated leased lines (T1s in the US, E1s in Europe; the majority of E1s in Europe were and still are on microwave), making the overall network extremely difficult to hack. Three fundamental factors are making LTE networks more vulnerable than old PLMNs: The flat IP architecture that directly links the cell site to the packet core The addition of small cells that further increases the number of potential access points The rising popularity of network sharing between several mobile operators Consequently, security must be a foundational element of LTE network deployments. Although IPsec encryption was defined as the key mechanism by the 3GPP and the NGMN Alliance, its optional implementation has resulted in sporadic deployments with less than 20% of mobile operators worldwide having it in their LTE network. The main caveats are the use of private backhaul considered “trusted” by the operator, an increased computational impact on eNodeBs, and a bigger overhead at Layer 1 transmission, which translate into additional costs. Though US and South Korean operators have been slow to embrace IPsec, European and Latin American mobile operators have made it a mandatory component of their LTE rollouts. As IPsec adoption for transporting LTE flows continues to grow significantly, the need for a security gateway, which has been considered optional by many operators, increases. As defined by 3GPP/S1 interface, its fundamental function is to perform authentication and encryption/decryption for the IPsec tunnel, and handle IKEv2 authentication to secure the delivery of voice and data services. Given the pace of LTE adoption worldwide, the security gateway needs to be highly scalable to manage hundreds of thousands of concurrent IPsec tunnels. And finally, the security gateway needs to be tactically deployed to do more than perform IPsec encryption and decryption. By placing it at the RAN-EPC edge, it needs to efficiently process small VoLTE packets—64 bytes—in networks that are generally optimized based on the median packet size of 512 bytes or IMIX distribution, and manage potential data-, application- or VoLTE-induced signaling storms. As a result, the security gateway provides both high security and QoS control to the LTE network. Traditional approaches such as firewalls aren’t the same as security gateways unless they meet a stringent set of criteria that meet the scalability, low latency, and security requirements of an exponentially growing data and voice network, a far different scenario from enterprise. © INFONETICS RESEARCH, INC. FEBRUARY 2014 “The security gateway provides both high security and QoS control to the LTE network.”
  • 4. 2 Introduction More than two decades of history in the mobile industry teach us that good old PLMNs (public land mobile networks) have been resilient and highly secured, based on the single fact that a major event has never occurred. All PLMN outages thus far have directly resulted from equipment failures and software bugs; none of them was linked to a malicious attack. As the world moves to LTE at a faster than anticipated pace, malicious and non-malicious threats are rising, because the flat IP, simplified LTE network architecture provides a new range of hacking opportunities and exposes the EPC (evolved packet core) to an onslaught of signaling traffic that used to be captured at the 3G RNC (radio network controller). In addition, voice services now starting to migrate to LTE (VoLTE) are characterized by very small packets for which current mobile networks are not fully optimized, and are also generating their share of signaling traffic. The good news is that there is a 3GPP remedy: IPsec and the security gateway, optional for “trusted” networks and left to mobile operators’ own consideration. And the bad news: given the assumed additional cost and complexity associated with IPsec implementation along with an LTE network rollout, IPsec is far from being mainstream. The situation is rapidly changing: more and more mobile operators make IPsec a mandatory component of their LTE rollout, creating the need for the security gateway. In this paper, we discuss the broader role the security gateway can play in LTE networks as LTE subscribers ramp up by the millions every quarter and VoLTE services start to emerge. By revisiting recent work released by the 3GPP and the NGMN Alliance, we argue that an S1-focused security gateway can not only perform IPsec encryption and decryption, its basic function, but can also process small VoLTE packets and protect the EPC from overwhelming signaling traffic. Put another way, the security gateway provides better VoLTE QoS control and protection of the EPC. The Need for Securing LTE Networks Has Never Been Greater So far so good, more than 6.5 billion people have been enjoying mobile communications services without experiencing a major hacker-induced mobile network outage. The major reason is those traditional 2G and 3G radio networks had their own backhaul physical infrastructure with dedicated leased lines (T1s in the US, E1s in Europe, mostly on microwave links), making the overall network extremely difficult to hack. But spying events do happen: the NSA is suspected of listening to the German Chancellor’s cell phone, and has been collecting data on nearly every US phone! All substantial reported mobile network outages were essentially caused by glitches in core networks (e.g., O2’s and Orange’s HLRs in 2012), and bugs in NodeB software (e.g., Telecom New Zealand in 2012) rather than hackers. Nonetheless, another substantial looming non malicious threat is coming from unexpected traffic surges generated by a large variety of events such as sports (e.g., FIFA World Cup, Super Bowl, Wimbledon tennis finals. . .), politics (e.g., presidential elections), and natural disasters (e.g., the Icelandic volcano eruption). As more and more mobile subscribers flock to shiny LTE networks, all of this is going to get worse! © INFONETICS RESEARCH, INC. FEBRUARY 2014 “An S1-focused security gateway can not only perform IPsec encryption and decryption, but can also process small VoLTE packets and protect the EPC from overwhelming signaling traffic.”
  • 5. 3© INFONETICS RESEARCH, INC. FEBRUARY 2014 The world is moving to LTE at a fast and unstoppable pace The ongoing migration to LTE is happening at a faster pace than what history taught us. Typically it takes 10 years to achieve full migration from one generation (2G) to the next (3G). For example, Japan was the first nation to launch commercial 3G W-CDMA in 2001 and had no 2G left in 2011. Looking at the LTE ramp up, it’s very likely that by 2016, most Japanese subscribers will be on LTE. Taking this new pattern into account, Infonetics Research forecast 755 million LTE subscribers by 2017 from 175 million in 2013. With more and more subscribers flocking LTE networks, voice services will inevitably move to LTE, with 2014 as the VoLTE ramp-up year. Infonetics Research predicts total global wireless subscribers will reach 7.4 billion by 2017, and LTE subscribers will account for just 10% of total mobile subscribers worldwide at that time. The subscriber forecast is directly derived from service providers’ LTE plans. As a result, early adopters in North America—such as Verizon Wireless with 42.7 million subscribers in the fourth quarter of 2013, up from 21.7 million in the same period a year ago—drive the forecast and will likely continue to maintain a significant share throughout given current uptake. Then, a strong ramp-up is expected from 2014 throughout 2017, dominated by Asia Pacific, mainly fueled by China. Exhibit 1: Worldwide LTE Subscriptions Source: Infonetics Research, 2G, 3G, 4G Mobile Infrastructure and Subscribers Market Size, Share and Forecasts, December 2013 0 100 200 300 400 500 600 700 800 North America EMEA Asia Pacific CALA 2012 2013 2014 2015 2016 20172011 Subscribers(inMillions)
  • 6. 4© INFONETICS RESEARCH, INC. FEBRUARY 2014 And voice, still half of total mobile service revenue, is inevitably moving to LTE as well Despite the onslaught of videos and apps crowding LTE networks, voice is not going away. But moving TDM mobile voice, a cash cow business that is still paying the bills and is delivered over one of the most cost-efficient telecom infrastructures, to a brand-new LTE infrastructure is a risky and complicated task. In the 12/12/13 2nd edition of Infonetics Research’s 2G, 3G, 4G Mobile Services and Subscribers: Voice, SMS/MMS, and Broadband biannual market size and forecasts report, total worldwide voice revenue, a $450-billion yearly business, would stay above 50% of total mobile services through 2016, and may decline in 2017. Mobile operators are looking to VoLTE as a profitable service differentiator and revenue stream but at the same time face challenges—the biggest one being the migration of the lucrative $500-billion per year traditional mobile voice business—in combining the unique requirements of VoLTE with protecting the network. Everyone agrees that a VoLTE service needs to have at least the same performance and quality as current circuit-switched voice services. By 2017, worldwide VoLTE subscribers are expected to top 138 million from 8 million in 2013, a 17X increase, and service revenue is expected to reach $2.7B, with a significant chunk, $1.6B, coming from Asia Pacific due to large subscriber numbers as developed economies wake up, despite lower ARPU than in North America. In fact, SK telecom, which was the first to launch commercial VoLTE in June 2012, reported that blended LTE ARPU increased from $35.81 in 1Q12 to $42.84 in 1Q13. What we don’t know yet is the VoLTE impact. Exhibit 2: Worldwide VoLTE Market Opportunity Source: Infonetics Research, Mobile VoIP and Subscribers Worldwide and Regional Market Size and Forecasts, June 2013 0 $0.5B $1B $1.5B $2B $2.5B $3B 0 30 60 90 120 150 Revenue(US$Billions) Subscribers(Millions) SubscribersRevenue 2012 2013 2014 2015 2016 2017
  • 7. 5 Exhibit 3: LTE Network Architecture Source: 3GPP © INFONETICS RESEARCH, INC. FEBRUARY 2014 This Developing LTE World Provides Hackers with a New Eldorado! Nowadays, there is not a single day without a major cyber-attack that breaks down the website of a major corporation, non- profit organization, or government agency. Hacking, which has so far stayed confined to wireline networks, is no longer a hobby but rather a growing big business. With the migration of hundreds of millions of mobile subscriptions to LTE over the next two decades, more and more people are using their mobile devices to go online for apps, videos, mobile banking, and accessing social networks and sensitive information. As a result, there is no question that the LTE network hacking opportunity will be substantial; the LTE architecture pushes more mobility function out to the cell sites, enabling hackers to disrupt subscribers and penetrate new data applications. Three fundamental factors are making LTE networks more vulnerable: Evolved Packet Core eNodeB eNodeB eNodeB X2 Interface S1 Interface 1. The flat LTE topology provides a direct route from eNodeBs (eNBs)—cell sites—to the serving gateway (SGW) in the evolved packet core (EPC), opening the door for denial of service (DoS) attacks and interception of user communications; in other words, there is no centralized intelligent controller, formally BSC and RNC, and the eNodeBs are interconnected via the X2 interface, and connected to the EPC through the S1 interface 2. The addition of small cells or “mini eNodeBs” in the form of microcells, picocells, femtocells, and metrocells. as well as remote radio heads to boost existing capacity will further increase the challenge of physically protecting the resulting heterogeneous network against criminal activity 3. The rising popularity of network sharing that allows several mobile operators to use the same cell site to save cost
  • 8. 6© INFONETICS RESEARCH, INC. FEBRUARY 2014 “The number of large attacks increased massively in 2013: up more than eight times the number in 2012.” Meanwhile, potential threats to mobile networks are real and fully documented There are many standards and documents that describe the attacks and risks in telecommunications networks. As a reference, the security framework defined by the ITU-T X.800/X.805 recommendations shows a threats model summed up as follows: Destruction of information or network resources (e.g., Denial of Service) Unauthorized tampering of an asset Theft, removal or loss of information and resources Eavesdropping or unauthorized access to an asset Network breakdown or outage Arbor Networks’ Worldwide Infrastructure Security Report Volume IX (3Q2013) indicates that accidental or deliberate denial of service (DDoS) attacks against customers still remain the most commonly experienced security threat. There is no end in sight; even worse, the size of the attacks is swelling. Exhibit 4 shows data collected by the Arbor ATLAS system that gathers statistics from 290+ Peakflow SP customers around the world. These statistics include anonymized details of the DDoS attacks monitored by Arbor Networks survey participants. The largest verified, monitored attack in 2013 was 245Gbps, versus 100Gbps in 2013. The number of large attacks monitored by ATLAS (defined as being over 20Gbps) increased massively in 2013—up more than eight times the number in 2012. Exhibit 4: Monthly ATLAS Peak Monitored Attack Sizes Source: Arbor Networks, Inc.
  • 9. 7© INFONETICS RESEARCH, INC. FEBRUARY 2014 Consequently, Security Must Be a Foundational Element of LTE Deployments No matter how extensive the network, today no operator owns the entire end-to-end communications chain. And as in the IP world no one can be trusted, the all-IP flat architecture of LTE networks requires new types of protection because some 2G and 3G functions that initially were performed in the controller—BSC and RNC, respectively—have moved to the eNodeB. The backhaul needs to be all IP as well, which raises another issue: shared transport network infrastructure for the potential coexistence of fixed and mobile services on the same packet network. And finally, the presence of the X2 interface that supports direct handover among the vicinity eNodeBs, involves stronger security requirements on the nodes. IPsec encryption is the key mechanism. . . Security issues in LTE networks have already been addressed by both the 3GPP and the NGMN, which made recommendations that are left to mobile operators themselves to adopt or not. Three hierarchical scenarios are proposed, starting from an unprotected trusted network, meaning in total absence of IPsec and just leveraging existing mechanisms available in packet core networks. The second scenario uses IPsec for protecting the LTE control traffic (S1-C, X2-C), often considered as the most sensible for the service continuity. And in the third scenario, full IPsec protection is proposed for both control and user traffic. . . . but full IPsec introduces new considerations The main advantage of full IPsec protection is clearly the protection offered to all of the traffic with no distinction but the main caveat is the potential for increased computational impact on eNB and a bigger overhead at L1 transmission and perceived operational complexity. As a result, mobile operators have been reluctant to implement IPsec, especially if they consider their networks and backhaul “trusted.” It’s interesting that US and South Korean service providers, early LTE adopters together accounting for more than 50% of worldwide LTE subscribers, have been slow to embrace the need for IPsec, whereas their European counterparts—led by Deutsche Telekom—are adopting IPsec at a fast pace. It’s only in 2013 that Europe’s Big 5 (Deutsche Telekom, Orange, Telefónica, Telecom Italia, and Vodafone) started significant LTE deployments, almost four years after Japan, South Korea, and the US, but they made IPsec a chief requirement, despite the additional cost. Conversely, time-to-market was so important in the US and South Korea that mobile operators preferred to tackle the issue later. There was also a common belief that the networks were sufficiently closed to be adequately secured, but the requirement for various alternative backhaul strategies (e.g., the use of small cells, wireless hand off, and roaming services) effectively introduced a number of entry points for potential threats. Infonetics Research’s Carrier WiFi Equipment market share, size, and forecast report (November 15, 2013) indicates that $8.5 billion is to be spent on carrier WiFi equipment over the next 5 years, and operators are looking to consumer femtocells to increase ARPU via new apps and services. Meanwhile, Japan’s NTT DOCOMO saw the issue differently and was successful in deploying IPsec and achieving time-to-market at the same time.
  • 10. 8© INFONETICS RESEARCH, INC. FEBRUARY 2014 Now IPsec is gaining momentum, setting the stage for security gateway implementations With more than 260 commercial LTE networks up and running across the globe, more and more mobile operators are implementing IPsec. However, Infonetics Research’s quarterly LTE deployment tracker, a part of the 2G, 3G, 4G Mobile Infrastructure and Subscribers report, indicates only 20% of mobile operators worldwide had deployed IPsec in their LTE network by the end of 2013. As IPsec adoption for transporting LTE flows continues to grow significantly, the need for a security gateway, which has been considered optional by many operators, increases. As defined by 3GPP/S1 interface, its fundamental function is to perform authentication and encryption/decryption for the IPsec tunnel, and handle IKEv2 authentication to secure the delivery of voice and data services. Given the pace of LTE adoption worldwide, the security gateway needs to be highly scalable to manage hundreds of thousands of concurrent IPsec tunnels. In the meantime, the very few mobile operators that deployed a security gateway in the first place while constructing their LTE networks are clearly seeing the benefits of high security, particularly in non- controlled backhaul environments, and expect better QoS control when launching VoLTE. Security Gateways Also Provide High VoLTE Network Performance and QoS Control Jitter-free and latency-free traffic are the chief stringent VoLTE requirements that can be met by prioritizing and optimizing voice traffic, a function that can be offered by a robust security gateway. The mobile Internet is a very unique world: it is set it apart from typical enterprise network traffic by the required exponential level of scalability and traffic volume processing, the ability to adapt to signaling issues, chatty apps, and network outages creating thousands of reconnection attempts and other events. In addition to performing IPsec, a security gateway can also manage IP sessions and do IP charging functions and policy enforcement although these are not primary functions; some of these functions may have already been implemented in the core networks—the IMS core for instance. And of course introducing a security gateway in an LTE network should not degrade network performances, starting with latency that is the most important requirement for real-time traffic such as voice. In its February 2012 Security in LTE Backhauling paper, the NGMN Alliance made the case for security gateway implementations beyond the simple need for securing the transport of LTE flows and listed the effects of the security gateway, which are directly linked to its position in the network, given the overall network topology, and required scalability, and performance. The extreme and unlikely option would consist in placing the security gateway close to the eNodeB and focusing on the X2 interface, which in turn would lead to a vast array of security gateways, a costly and ineffective proposition. The opposite option places the security gateway just in front of the EPC, directly connected either to the MME or the S/P-GW, or in an intermediate aggregation center, depending on the operator network topology. In this case, one redundant security gateway can support hundreds of thousands of eNodeBs or HeNodeBs, significantly reducing the equipment needed. That way, the security gateway protects and manages efficiently the S1 wide open area that opens the door to the most sensitive part of the network; specifically, it can process small VoLTE packets, and manage potential signaling storms.
  • 11. 9© INFONETICS RESEARCH, INC. FEBRUARY 2014 As an illustration of the potential signaling damage an S1-focused security gateway can shield, research from the UK’s University of Surrey provides a baseline for calculating MME/SGW/PGW signaling load increase: a macrocell with radius of 1km and 64 users. As the cell size decreases the number of achievable handovers, the signaling load due to mobility events increases significantly. For instance, 10 times more signaling load to the MME/SGW/PGW when cell radius reduces to 100m. An S1-focused security gateway can process tiny VoLTE packets As long as the security gateway delivers line rate performance that sustains throughput levels at core network aggregation points regardless of packet size, it will treat a VoLTE packet the same way as any other packets. In RFC 2544, IETF recommends that seven standard frame sizes (e.g., 64, 128, 256, 512, 1024, 1280 and 1518 byte) be tested multiple times, for a specified length of time. This is because all these frame sizes are used in the network and so the results for each must be known. However, most networks are optimized based on the median packet size of 512 bytes and are not ready to meet the performance requirements for VoLTE, because voice packets are less than 100 bytes. For example, the Adaptive Multirate Wideband (AMR- WB) voice codec has a low transmission rate of 23.85Kbps and a packet size of 64 bytes. And manage signaling storms As the security gateway sits in front of the packet core, it can filter and manage the signaling traffic it reaches the core—the MME and the HLR/HSS—and causes a major outage. Early LTE adopters such as SK telecom, KT and Verizon Wireless have made no secrets of the tremendous amount of signaling traffic that hit their core networks. In 3G, this traffic stormed the RNC, which eventually collapsed as seen in the AT&T network back in 2007 after the introduction of the iPhone. Over-the-top applications are very well known for their overwhelming signaling effects on mobile networks that are triggered by the simple need to maintain active sessions, even more so for VoIP services. VoLTE services require additional signaling for setting up a dedicated GBR (guaranteed bit rate) bearer to fulfill the QoS requirement. Although the resulting signaling traffic is expected to have minimal impact on core networks when compared to the existing OTT signaling tsunami, the impact is not yet known because of the low starting subscriber numbers; it could be significant due to the events IMS-based VoLTE architecture generates. Bottom Line Back in the 3G days, mostly around 2007, discussions about the role of a security gateway in the packet core network led to many debates and various schools of thoughts that basically left it stuck on the vendor’s shelf. Today, the situation is dramatically different: the rapid migration to LTE is making the IP flat architecture look like an appealing hacking platform and exposes the EPC to a never seen onslaught of signaling traffic that used to be caught by the RNC. Consequently, the need for a security gateway that can effectively manage hundreds of thousands of concurrent IPsec tunnels, process tiny VoLTE packets, and filter signaling traffic—all without negatively affecting the overall performances of the network—has never been greater.
  • 12. I N F O N E T I C S R E S E A R C H W H I T E P A P E R © INFONETICS RESEARCH, INC. FEBRUARY 2014 White Paper Author Stéphane Téral Principal Analyst, Mobile Infrastructure and Carrier Economics Infonetics Research stephane@infonetics.com +1 408.583.3371 Commissioned by Stoke to educate the industry about security gateways, this paper was written autonomously by analyst Stéphane Téral based on Infonetics’ independent mobile and security research. About Infonetics Research Infonetics Research is an international market research and consulting analyst firm serving the communications industry since 1990. A leader in defining and tracking emerging and established technologies in all world regions, Infonetics helps clients plan, strategize, and compete more effectively. Report Reprints and Custom Research To learn about distributing excerpts from Infonetics reports or to learn about custom research opportunities, please contact: North America (West), Asia Pacific Larry Howard, Vice President, larry@infonetics.com, +1 408.583.3335 North America (East, Midwest, Texas), Latin America Scott Coyne, Senior Account Director, scott@infonetics.com, +1 408.583.3395 Europe, Middle East, Africa, India, Singapore George Stojsavljevic, Senior Account Director, george@infonetics.com, +44 755.488.1623 Japan, South Korea, China, Taiwan http://www.infonetics.com/contact.asp 695 TECHNOLOGY PARKWAY SUITE 200 CAMPBELL, CALIFORNIA 95008 TEL 408.583.0011 FAX 408.583.0031 www.infonetics.com S I L I C O N V A L L E Y – B O S T O N M E T R O – L O N D O N – A M S T E R D A M – S H A N G H A I – T O K Y O