SlideShare une entreprise Scribd logo

SeGW Whitepaper from Radisys

Shah Sheikh
Shah Sheikh

LTE NDS Security using SeGW from Radisys

1  sur  5
SECURING NEXT GENERATION MOBILE NETWORKS VERSION 1.0 | OCTOBER 2010 ABSTRACT: As IP based telecom networks are deployed, new security threats facing operators are inevitable. This paper reviews the new mobile access paradigms, examines the security challenges, and outlines CONTENTS the technical requirements for a new generation EXECUTIVE SUMMARY.. ............................................2 of security gateways. GROWING MOBILE DEMAND......................................2 EXPANDING MOBILE NETWORK CAPACITY.. ................2 SECURING MOBILE NETWORK BACKHAUL..................3 NETWORK SECURITY TECHNOLOGY REQUIREMENTS...3 LTE SECURITY GATEWAY SOLUTION.. .........................4 CONCLUSION...........................................................4 GLOSSARY..............................................................5 REFERENCES..........................................................5
RADISYS WHITEPAPER | SECURING NEXT GENERATION MOBILE NETWORKS EXECUTIVE SUMMARY 3500000 Mobile VoIP Exploding data traffic on mobile networks is 3500000 Mobile Gaming 4% creating congestion and putting unprecedented Mobile P2P 5% Mobile Web/Data 8% CONSUMER INTERNET TRAFFIC pressure on network operators to meet nearly insatiable 3000000 Mobile Video PETABYTES PER MONTH data demand. Most major worldwide mobile operators 17% have announced plans to migrate their networks to Long 2500000 Term Evolution (LTE), an all-IP network that will increase 2000000 broadband capacity to support up to ten times higher data rates and enable an abundance of new mobile 1500000 applications. In the near term, many operators are also 66% considering alternative “wireless offload” solutions 1000000 which route both voice and data traffic over the public Internet to relieve network congestion and improve 500000 coverage. In both situations, operators are exposed to inherent security threats and challenges familiar to 0 2010 2012 2014 enterprise IP networks. As cyber crime becomes more YEAR sophisticated and profitable, these attacks are occurring more frequently and with more severity and complexity. Figure 1. Cisco Global Mobile Data Traffic Forecast (Source: Cisco,2 2010) Mobile networks will have similar security requirements to enterprises, but on a much larger scale. This white paper will examine potential security challenges in both LTE infrastructure and wireless offload deployments, EXPANDING MOBILE introduce the relevant 3GPP standards, and present NETWORK CAPACITY solutions based on an LTE security gateway, or LTE SEG. In recent years, the convergence of telecom and IP networking, have driven new standards, technologies and GROWING MOBILE DEMAND platforms. Persistent growth of bandwidth hungry services and applications has driven the development of LTE, which The increase in demand for mobile bandwidth is supplies the bandwidth needed for these applications, undeniable. Nokia Siemens Networks reported that while lowering operating costs and simplifying network in 2008, their customers saw an increase in High management. LTE delivers four times more downlink Speed Packet Access (HSPA) data traffic of 5.7 times bandwidth and eight times more uplink bandwidth the previous year, and eleven customers saw a ten- than its predecessor, HSPA. It also provides better cell fold increase. “So we’re seeing a significant amount of performance, lower latency and higher Quality of Service stress on the network,” said Patrick Donegan, Senior (QoS), while supporting more users at Analyst, Heavy Reading.1 According to Cisco, mobile data a lower cost per byte. LTE will take many years to rollout traffic will double every year through 2014, increasing and become pervasive, however, and existing cellular approximately 40 times over the next five years (Figure networks are already becoming tapped out. 1). By 2014, seventeen percent of this data will be transmitted over the Internet, much of which will need With smartphones and other wireless devices becoming to be secured. IP has become the de facto transport, not increasingly popular, some operators are looking for near only for user traffic, but also for control within network term wireless offload and coverage solutions. A new study infrastructure. Security threats resulting from untrusted from ABI Research reports that about sixteen percent of network endpoints, shared facilities, and disgruntled data traffic is diverted from mobile networks today and employees are magnified in an all-IP environment. is expected to increase to forty-eight percent by 2015.3 Cisco estimates that by 2014, twenty-three percent of U.S. smartphone traffic could be offloaded through the public Internet, using wireless LANs and femtocells. Even higher percentages are forecasted for Western Europe and Russia. Wireless offload relieves pressure on 3G access networks, but introduces the need for security gateways. WWW.RADISYS.COM | 2
RADISYS WHITEPAPER | SECURING NEXT GENERATION MOBILE NETWORKS SECURING MOBILE NETWORK BACKHAUL lub Both LTE access and 3G wireless offload present new 3G Core Network Standard (Trusted) security challenges not encountered in traditional mobile 3G/4G Handset network backhaul, the infrastructure for connecting cell sites to the core network. Historically, backhaul employed UMA-Enabled Wireless dedicated T1 and unshared facilities between macro Dual Mode Femtocell Data Handset Offload cellsites and the core network base stations. LTE phases Up out TDM connected cell sites in favor of Ethernet and IP connections, and for both cost and bandwidth reasons, Public Internet LTE backhaul may leverage commercial broadband links. Wu (Untrusted) LTE networks have more small and distributed cell sites, WiFi Access SEG Point which are difficult and costly to physically protect against criminal activity. Operators are also increasingly sharing Figure 2. Wireless Offload cell sites to get around government limitations and use the best locations. The LTE architecture pushes more mobility function out to the cell sites, enabling hackers to disrupt subscribers and penetrate new data applications. LTE eNodeB And the flat LTE topology provides a direct route from SEG LTE Serving cell sites to the network core, creating the possibility 4G Gateway (SGW) S1 for Denial-of-Service (DoS) attacks and interception of user communications. All these factors drive new WiFi Access Point Backhaul To Packet security requirements in LTE. Network SEG I-WLAN Network 3G or Public Terminating Gateway Internet Wu (TTG) The security exposures in wireless offload applications Voice/Data are more obvious. WiFi access points and femtocells are Femtocell SEG connected over the public Internet and expose the core Femtocell 2G Gateway network to the full range of Internet attacks, including 3G Up address spoofing, identity theft, man-in-the-middle, and DoS. In addition to securing the wireless segment of a Firewall and Tunneling Technology connection with appropriate wireless security like WPA, Figure 3. Securing LTE Access and Wireless Offload Networks mobile devices require end-to-end security to the core network, and network gateways must be appropriately firewalled to protect the core network. The security topology for LTE Access and Wireless Offload networks Security Security is shown in Figure 3. Domain A Domain B NE NE A-1 B-1 Zb Zb NETWORK SECURITY TECHNOLOGY REQUIREMENTS Za Zb SEG A SEG B Zb A security gateway is required to secure the connections between network elements over an “untrusted” communications link. The link may be untrusted Zb Zb because the elements are owned by different operators NE NE A-2 B-2 and therefore reside in different security domains IKE “Connection” (Za interface), or because the elements are owned by ESP Security Association the same operator in the same security domain but are connected in a way that may lead to security breaches Figure 4. Securing LTE Networks because the interfaces are not protected (e.g. no use of Zb between internal elements). The elements may be part of the LTE backhaul network, like cell sites as shown in Figure 4. With IPsec, data is passed between (eNodeBs), or part of the enhanced packet core, the network elements in secure “tunnels” using a like Serving and Packet Gateways (S-GWY, P-GWY). protocol called Encapsulating Security Payload (ESP) which includes subscriber authentication, content The requirements for providing a secure connection integrity and data encryption. These tunnels are set between LTE network elements are specified in the 3GPP up using a protocol called Internet Key Exchange (IKE), Network Domain Security (NDS) standard. The primary which enables the elements to identify each other in requirement is to use Internet Protocol Security (IPsec), a trusted manner called a Security Association (SA). WWW.RADISYS.COM | 3
RADISYS WHITEPAPER | SECURING NEXT GENERATION MOBILE NETWORKS The requirements for providing a secure connection SGSN: Service GPRS GGSN: Gateway Support Node GPRS Support Node between a mobile device or femtocell in a wireless offload application share similarities to the NDS scenario. An IPsec tunnel is established between the mobile 3G device or femtocell using IKE; bidirectional security associations are established; and encrypted ESP data is transmitted (Figure 5). Data AAA HSS/ Offload HLR Gn LTE SECURITY Wm GATEWAY SOLUTION SEG An LTE Security Gateway, or LTE SEG, must meet the Internet Wu or Up technology requirements for both LTE and its wireless offload applications predecessors. It should provide very high performance IPsec tunneling and stateful firewall protection and be cost effective for a telecom equipment Figure 5. Securing Wireless Offload Applications manufacturer to deploy in an operator network. cost effectively integrate into the LTE network elements An LTE SEG should adhere to the 3GPP P-G standards in their portfolio. Like other telecom equipment, the LTE and provide high performance IPsec capability, with SEG should have a fault tolerant configuration option carrier-grade reliability and scalability for telecom and meet carrier requirements for high availability and networks. This requires supporting key IETF RFCs for serviceability. Many equipment manufacturers have ESP, IKE and Certificate Management Protocol (CMP) adopted the open, carrier grade Advanced Telecom as required by 3GPP LTE specifications 33.210 and Computing Architecture (ATCA) and would benefit 33.310. Ideally, an LTE SEG will process at least multi- from a blade solution that could be readily integrated Gbps of encrypted IPsec traffic and scale to much higher in spare slots of existing network elements, as well IPsec throughput to support massive amounts of IP as offered as a standalone solution. data from many LTE cell sites. Additionally, in wireless offload applications, a security gateway should secure large numbers of WiFi connected mobile devices and CONCLUSION femtocells and support various authentication schemes The explosion of mobile data applications has begun, appropriate for each device, e.g. reuse of SIM card in and worldwide mobile operators are planning to migrate mobile devices, support for both femtocell smart-card their networks to LTE. The new LTE networks will increase and certificate based schemes, and back-end RADIUS broadband capacity to support higher data rates, simplify support. Wireless offload applications such as I-WLAN network management, and lower transport costs. Whether and Home NodeB femtocells also require associating operators choose to move directly to LTE or enhance the user’s IPsec tunnel with the GTP connection to their current generation networks with wireless offload the packet core. applications, they must address the security issues Another important LTE SEG feature is a stateful firewall, associated with an all-IP network. The financial risk and which can process several million concurrent IP flows, reputation impact associated with any security breach with pre-defined and custom filters, consistency checks in the early stages of a network rollout are too big to and DoS prevention mechanisms. This requires 10G ignore. The 3GPP standards, including NDS, specify ways Ethernet ports and firewall services performed at line rate. to secure user data and protect network elements, but In addition to network security, an LTE SEG should ideally leave many implementation decisions up to the operators. feature static and dynamic Network Address Translation Network security is a major hurdle for LTE equipment (NAT), Virtual Routing (VLAN), DHCP services and traffic vendors because the scope of potential breaches is large, management. the technology is complex, and engineers with relevant security expertise are scarce and expensive. The best Because security technology is complex and engineers solution is a turnkey security gateway that is flexible and with relevant experience are scarce and expensive, most scalable and can be cost effectively integrated to make telecom equipment manufacturers would prefer to buy new network rollouts secure from a complete LTE SEG solution which they can easily and the outset. WWW.RADISYS.COM | 4
RADISYS WHITEPAPER | SECURING NEXT GENERATION MOBILE NETWORKS GLOSSARY: REFERENCES: The following Glossary is in the order of the acronyms Source: http://www.lightreading.com/video.asp?doc_ 1 appearing in the paper. id=174795. 3GPP: 3rd Generation Partnership Project Source: Cisco Visual Networking Index: Global 2 Mobile Data Traffic Forecast Update, 2009-2014 ATCA: Advanced Telecom Computing Architecture from February 9, 2010 found at http://www.cisco.com/ en/US/solutions/collateral/ns341/ns525/ns537/ns705/ CMP: Certificate Management Protocol ns827/white_paper_c11-520862.html. DoS: Denial-of-Service http://4g-wirelessevolution.tmcnet.com/channels/ 3 e NodeB: enhanced nodeB, LTE radio at a cellsite network-acceleration/articles/95417-wifi-femtocell- others-help-mobile-data-offloading-research.htm. ESP: Encapsulating Security Payload HSPA: High Speed Packet Access IETF: Internet Engineering Task Force IKE: Internet Key Exchange IP: Internet Protocol IPsec: Internet Protocol Security I-WLAN: Interworking-Wireless Local Area Network LTE: Long Term Evolution (one flavor of 4G) NAT: Network Address Translation NDS: Network Domain Security P-GWY: Packet Gateway QoS: Quality of Service S1-U: ser-plane (mobile) traffic between U LTE eNodeB (cellsites) Serving-Gateway (S-GWY) packet core elements SA: Security Association SEG: Security Gateway S-GWY: Serving Gateway T1: Data Circuit Running at 1.544 Mbit/s Line Rate TDM: Time Division Multiplexed WPA: Wireless Protected Access Corporate Headquarters 5445 NE Dawson Creek Drive Hillsboro, OR 97124 USA Phone: 503-615-1100 Fax: 503-615-1121 Toll-Free: 800-950-0044 www.radisys.com info@radisys.com ©2010 RadiSys Corporation. RadiSys is a registered trademark of RadiSys Corporation. Convedia is a registered trademark of RadiSys Corporation. *All other trademarks are the properties of their respective owners. 10-218-00 October 2010 WWW.RADISYS.COM | 5

Recommandé

What is Edge Computing and Why does it matter in IoT?
What is Edge Computing and Why does it matter in IoT?What is Edge Computing and Why does it matter in IoT?
What is Edge Computing and Why does it matter in IoT?Sameer Ahmed
 
Edge and Fog computing, a use-case prespective
Edge and Fog computing, a use-case prespectiveEdge and Fog computing, a use-case prespective
Edge and Fog computing, a use-case prespectiveChetan Kumar S
 
Michael enescu keynote chicago2014_from_cloud_to_fog_and_iot
Michael enescu keynote chicago2014_from_cloud_to_fog_and_iotMichael enescu keynote chicago2014_from_cloud_to_fog_and_iot
Michael enescu keynote chicago2014_from_cloud_to_fog_and_iotMichael Enescu
 
Offloading Computation to the Edge
Offloading Computation to the EdgeOffloading Computation to the Edge
Offloading Computation to the EdgeVittorio Scarano
 
Fog Computing Reality Check: Real World Applications and Architectures
Fog Computing Reality Check: Real World Applications and ArchitecturesFog Computing Reality Check: Real World Applications and Architectures
Fog Computing Reality Check: Real World Applications and ArchitecturesBiren Gandhi
 
Fog Computing and the Internet of Things
Fog Computing and the Internet of ThingsFog Computing and the Internet of Things
Fog Computing and the Internet of ThingsS.Mostafa Sayyedi
 
Sustainability and fog computing applications, advantages and challenges
Sustainability and fog computing applications, advantages and challengesSustainability and fog computing applications, advantages and challenges
Sustainability and fog computing applications, advantages and challengesAbdulMajidFarooqi
 
2014 Technology_Disruption_Forum_SmartThings
2014 Technology_Disruption_Forum_SmartThings2014 Technology_Disruption_Forum_SmartThings
2014 Technology_Disruption_Forum_SmartThingsCOMPUTEX TAIPEI
 

Recommandé

What is Edge Computing and Why does it matter in IoT?
What is Edge Computing and Why does it matter in IoT?What is Edge Computing and Why does it matter in IoT?
What is Edge Computing and Why does it matter in IoT?Sameer Ahmed
 
Edge and Fog computing, a use-case prespective
Edge and Fog computing, a use-case prespectiveEdge and Fog computing, a use-case prespective
Edge and Fog computing, a use-case prespectiveChetan Kumar S
 
Michael enescu keynote chicago2014_from_cloud_to_fog_and_iot
Michael enescu keynote chicago2014_from_cloud_to_fog_and_iotMichael enescu keynote chicago2014_from_cloud_to_fog_and_iot
Michael enescu keynote chicago2014_from_cloud_to_fog_and_iotMichael Enescu
 
Offloading Computation to the Edge
Offloading Computation to the EdgeOffloading Computation to the Edge
Offloading Computation to the EdgeVittorio Scarano
 
Fog Computing Reality Check: Real World Applications and Architectures
Fog Computing Reality Check: Real World Applications and ArchitecturesFog Computing Reality Check: Real World Applications and Architectures
Fog Computing Reality Check: Real World Applications and ArchitecturesBiren Gandhi
 
Fog Computing and the Internet of Things
Fog Computing and the Internet of ThingsFog Computing and the Internet of Things
Fog Computing and the Internet of ThingsS.Mostafa Sayyedi
 
Sustainability and fog computing applications, advantages and challenges
Sustainability and fog computing applications, advantages and challengesSustainability and fog computing applications, advantages and challenges
Sustainability and fog computing applications, advantages and challengesAbdulMajidFarooqi
 
2014 Technology_Disruption_Forum_SmartThings
2014 Technology_Disruption_Forum_SmartThings2014 Technology_Disruption_Forum_SmartThings
2014 Technology_Disruption_Forum_SmartThingsCOMPUTEX TAIPEI
 
Edge computing -by ChandraShekhar
Edge computing -by ChandraShekharEdge computing -by ChandraShekhar
Edge computing -by ChandraShekharChandraShekhar Patel
 
A Review: The Internet of Things Using Fog Computing
A Review: The Internet of Things Using Fog ComputingA Review: The Internet of Things Using Fog Computing
A Review: The Internet of Things Using Fog ComputingIRJET Journal
 
Get Cloud Resources to the IoT Edge with Fog Computing
Get Cloud Resources to the IoT Edge with Fog ComputingGet Cloud Resources to the IoT Edge with Fog Computing
Get Cloud Resources to the IoT Edge with Fog ComputingBiren Gandhi
 
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...DESMOND YUEN
 
Drones and Fog Computing - New Frontiers of IoT and Digital Transformation -...
Drones and Fog Computing - New Frontiers of IoT and Digital Transformation -...Drones and Fog Computing - New Frontiers of IoT and Digital Transformation -...
Drones and Fog Computing - New Frontiers of IoT and Digital Transformation -...Biren Gandhi
 
IEEE P1931.1, The Roof Computing
IEEE P1931.1, The Roof ComputingIEEE P1931.1, The Roof Computing
IEEE P1931.1, The Roof ComputingSyam Madanapalli
 
Introduction to Edge Computing using Google IoT
Introduction to Edge Computing using Google IoTIntroduction to Edge Computing using Google IoT
Introduction to Edge Computing using Google IoTVolodymyr Rudyi
 
IoT A Fog-Cloud Computing Model
IoT A Fog-Cloud Computing ModelIoT A Fog-Cloud Computing Model
IoT A Fog-Cloud Computing ModelAhmed Banafa
 
Fog computing in IoT
Fog computing in IoTFog computing in IoT
Fog computing in IoTsreelesh balan
 
Fog computing. Igor Tsybin
Fog computing. Igor TsybinFog computing. Igor Tsybin
Fog computing. Igor TsybinIgor Tsybin
 
Fog computing
Fog computingFog computing
Fog computingRishabh Kumar ☁️
 
5 Breakthrough Studies in Cloud Computing | Acefone
5 Breakthrough Studies in Cloud Computing | Acefone5 Breakthrough Studies in Cloud Computing | Acefone
5 Breakthrough Studies in Cloud Computing | AcefoneAISWARYA MOHAN
 
Fog computing
Fog computingFog computing
Fog computingValarmathi Srinivasan
 
fog computing
fog computingfog computing
fog computingMphasis
 
Introduction to Fog Computing
Introduction to Fog ComputingIntroduction to Fog Computing
Introduction to Fog ComputingEr. Ajay Sirsat
 
Fog
FogFog
FogVenkata Sai Teja Mangavalli
 
Security Issues of IoT with Fog
Security Issues of IoT with FogSecurity Issues of IoT with Fog
Security Issues of IoT with FogAchu Anna
 
Cloud of things (IoT + Cloud Computing)
Cloud of things (IoT + Cloud Computing)Cloud of things (IoT + Cloud Computing)
Cloud of things (IoT + Cloud Computing)Zakaria Hossain
 
Fog Computing
Fog ComputingFog Computing
Fog ComputingPachipulusu Giridhar
 
Industrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceIndustrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceMichelle Holley
 
Unified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerUnified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerSaikat Chaudhuri
 
The Creditsafe Commercial Credit Managment Suite
The Creditsafe Commercial Credit Managment Suite The Creditsafe Commercial Credit Managment Suite
The Creditsafe Commercial Credit Managment Suite CreditsafeUK
 

Contenu connexe

Tendances

A Review: The Internet of Things Using Fog Computing
A Review: The Internet of Things Using Fog ComputingA Review: The Internet of Things Using Fog Computing
A Review: The Internet of Things Using Fog ComputingIRJET Journal
 
Get Cloud Resources to the IoT Edge with Fog Computing
Get Cloud Resources to the IoT Edge with Fog ComputingGet Cloud Resources to the IoT Edge with Fog Computing
Get Cloud Resources to the IoT Edge with Fog ComputingBiren Gandhi
 
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...DESMOND YUEN
 
Drones and Fog Computing - New Frontiers of IoT and Digital Transformation -...
Drones and Fog Computing - New Frontiers of IoT and Digital Transformation -...Drones and Fog Computing - New Frontiers of IoT and Digital Transformation -...
Drones and Fog Computing - New Frontiers of IoT and Digital Transformation -...Biren Gandhi
 
IEEE P1931.1, The Roof Computing
IEEE P1931.1, The Roof ComputingIEEE P1931.1, The Roof Computing
IEEE P1931.1, The Roof ComputingSyam Madanapalli
 
Introduction to Edge Computing using Google IoT
Introduction to Edge Computing using Google IoTIntroduction to Edge Computing using Google IoT
Introduction to Edge Computing using Google IoTVolodymyr Rudyi
 
IoT A Fog-Cloud Computing Model
IoT A Fog-Cloud Computing ModelIoT A Fog-Cloud Computing Model
IoT A Fog-Cloud Computing ModelAhmed Banafa
 
Fog computing. Igor Tsybin
Fog computing. Igor TsybinFog computing. Igor Tsybin
Fog computing. Igor TsybinIgor Tsybin
 
5 Breakthrough Studies in Cloud Computing | Acefone
5 Breakthrough Studies in Cloud Computing | Acefone5 Breakthrough Studies in Cloud Computing | Acefone
5 Breakthrough Studies in Cloud Computing | AcefoneAISWARYA MOHAN
 
fog computing
fog computingfog computing
fog computingMphasis
 
Introduction to Fog Computing
Introduction to Fog ComputingIntroduction to Fog Computing
Introduction to Fog ComputingEr. Ajay Sirsat
 
Security Issues of IoT with Fog
Security Issues of IoT with FogSecurity Issues of IoT with Fog
Security Issues of IoT with FogAchu Anna
 
Cloud of things (IoT + Cloud Computing)
Cloud of things (IoT + Cloud Computing)Cloud of things (IoT + Cloud Computing)
Cloud of things (IoT + Cloud Computing)Zakaria Hossain
 
Industrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceIndustrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceMichelle Holley
 

Tendances (20)

Edge computing -by ChandraShekhar
Edge computing -by ChandraShekharEdge computing -by ChandraShekhar
Edge computing -by ChandraShekhar
 
A Review: The Internet of Things Using Fog Computing
A Review: The Internet of Things Using Fog ComputingA Review: The Internet of Things Using Fog Computing
A Review: The Internet of Things Using Fog Computing
 
Get Cloud Resources to the IoT Edge with Fog Computing
Get Cloud Resources to the IoT Edge with Fog ComputingGet Cloud Resources to the IoT Edge with Fog Computing
Get Cloud Resources to the IoT Edge with Fog Computing
 
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...
 
Drones and Fog Computing - New Frontiers of IoT and Digital Transformation -...
Drones and Fog Computing - New Frontiers of IoT and Digital Transformation -...Drones and Fog Computing - New Frontiers of IoT and Digital Transformation -...
Drones and Fog Computing - New Frontiers of IoT and Digital Transformation -...
 
IEEE P1931.1, The Roof Computing
IEEE P1931.1, The Roof ComputingIEEE P1931.1, The Roof Computing
IEEE P1931.1, The Roof Computing
 
Introduction to Edge Computing using Google IoT
Introduction to Edge Computing using Google IoTIntroduction to Edge Computing using Google IoT
Introduction to Edge Computing using Google IoT
 
IoT A Fog-Cloud Computing Model
IoT A Fog-Cloud Computing ModelIoT A Fog-Cloud Computing Model
IoT A Fog-Cloud Computing Model
 
Fog computing in IoT
Fog computing in IoTFog computing in IoT
Fog computing in IoT
 
Fog computing. Igor Tsybin
Fog computing. Igor TsybinFog computing. Igor Tsybin
Fog computing. Igor Tsybin
 
Fog computing
Fog computingFog computing
Fog computing
 
5 Breakthrough Studies in Cloud Computing | Acefone
5 Breakthrough Studies in Cloud Computing | Acefone5 Breakthrough Studies in Cloud Computing | Acefone
5 Breakthrough Studies in Cloud Computing | Acefone
 
Fog computing
Fog computingFog computing
Fog computing
 
fog computing
fog computingfog computing
fog computing
 
Introduction to Fog Computing
Introduction to Fog ComputingIntroduction to Fog Computing
Introduction to Fog Computing
 
Fog
FogFog
Fog
 
Security Issues of IoT with Fog
Security Issues of IoT with FogSecurity Issues of IoT with Fog
Security Issues of IoT with Fog
 
Cloud of things (IoT + Cloud Computing)
Cloud of things (IoT + Cloud Computing)Cloud of things (IoT + Cloud Computing)
Cloud of things (IoT + Cloud Computing)
 
Fog Computing
Fog ComputingFog Computing
Fog Computing
 
Industrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceIndustrial IoT and OT/IT Convergence
Industrial IoT and OT/IT Convergence
 

En vedette

Unified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerUnified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerSaikat Chaudhuri
 
The Creditsafe Commercial Credit Managment Suite
The Creditsafe Commercial Credit Managment Suite The Creditsafe Commercial Credit Managment Suite
The Creditsafe Commercial Credit Managment Suite CreditsafeUK
 
Gaurav Kumar Resume
Gaurav Kumar ResumeGaurav Kumar Resume
Gaurav Kumar ResumeGaurav kumar
 
Wb engineering
Wb engineeringWb engineering
Wb engineeringJason899
 
Coal mines bill, 2015, India
Coal mines bill, 2015, IndiaCoal mines bill, 2015, India
Coal mines bill, 2015, Indiaatul baride
 
Hyper-V Disaster Recovery Optimizing
Hyper-V Disaster Recovery OptimizingHyper-V Disaster Recovery Optimizing
Hyper-V Disaster Recovery OptimizingAhmad Firdaus
 
The munoz migration - geography family tree1
The munoz migration - geography family tree1The munoz migration - geography family tree1
The munoz migration - geography family tree1pmunoz01
 
Radisys Optimizing VAS for Greater Revenue Generation
Radisys Optimizing VAS for Greater Revenue GenerationRadisys Optimizing VAS for Greater Revenue Generation
Radisys Optimizing VAS for Greater Revenue GenerationRadisys Corporation
 
Spain 7 Getting Started
Spain 7 Getting StartedSpain 7 Getting Started
Spain 7 Getting StartedSUDIPTO BOSE
 
IBM X Force threat intelligence quarterly 1Q 2014
IBM X Force threat intelligence quarterly 1Q 2014IBM X Force threat intelligence quarterly 1Q 2014
IBM X Force threat intelligence quarterly 1Q 2014IBM Software India
 
IT Next January 2010 Issue
IT Next January 2010 IssueIT Next January 2010 Issue
IT Next January 2010 IssueShashwat DC
 
Kofax Virtual Hospital
Kofax Virtual HospitalKofax Virtual Hospital
Kofax Virtual HospitalMainstay
 
Training & Development at Jindal SAW Ltd
Training & Development at Jindal SAW LtdTraining & Development at Jindal SAW Ltd
Training & Development at Jindal SAW LtdPrateek Gahlot
 
Kofax Oil and Gas Solution
Kofax Oil and Gas SolutionKofax Oil and Gas Solution
Kofax Oil and Gas SolutionMainstay
 

En vedette (20)

Unified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerUnified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight Controller
 
The Creditsafe Commercial Credit Managment Suite
The Creditsafe Commercial Credit Managment Suite The Creditsafe Commercial Credit Managment Suite
The Creditsafe Commercial Credit Managment Suite
 
GetBetter
GetBetterGetBetter
GetBetter
 
Gaurav Kumar Resume
Gaurav Kumar ResumeGaurav Kumar Resume
Gaurav Kumar Resume
 
Wb engineering
Wb engineeringWb engineering
Wb engineering
 
GBNews_DEC09
GBNews_DEC09GBNews_DEC09
GBNews_DEC09
 
Coal mines bill, 2015, India
Coal mines bill, 2015, IndiaCoal mines bill, 2015, India
Coal mines bill, 2015, India
 
Hyper-V Disaster Recovery Optimizing
Hyper-V Disaster Recovery OptimizingHyper-V Disaster Recovery Optimizing
Hyper-V Disaster Recovery Optimizing
 
The munoz migration - geography family tree1
The munoz migration - geography family tree1The munoz migration - geography family tree1
The munoz migration - geography family tree1
 
ICMA Quarterly Report - FIRST QUARTER 2014
ICMA Quarterly Report - FIRST QUARTER 2014ICMA Quarterly Report - FIRST QUARTER 2014
ICMA Quarterly Report - FIRST QUARTER 2014
 
Radisys Optimizing VAS for Greater Revenue Generation
Radisys Optimizing VAS for Greater Revenue GenerationRadisys Optimizing VAS for Greater Revenue Generation
Radisys Optimizing VAS for Greater Revenue Generation
 
Spain 7 Getting Started
Spain 7 Getting StartedSpain 7 Getting Started
Spain 7 Getting Started
 
NREF Annual Report
NREF Annual ReportNREF Annual Report
NREF Annual Report
 
Rrgreenhandslof
RrgreenhandslofRrgreenhandslof
Rrgreenhandslof
 
IBM X Force threat intelligence quarterly 1Q 2014
IBM X Force threat intelligence quarterly 1Q 2014IBM X Force threat intelligence quarterly 1Q 2014
IBM X Force threat intelligence quarterly 1Q 2014
 
IT Next January 2010 Issue
IT Next January 2010 IssueIT Next January 2010 Issue
IT Next January 2010 Issue
 
EdgeBuilder : Overview
EdgeBuilder : OverviewEdgeBuilder : Overview
EdgeBuilder : Overview
 
Kofax Virtual Hospital
Kofax Virtual HospitalKofax Virtual Hospital
Kofax Virtual Hospital
 
Training & Development at Jindal SAW Ltd
Training & Development at Jindal SAW LtdTraining & Development at Jindal SAW Ltd
Training & Development at Jindal SAW Ltd
 
Kofax Oil and Gas Solution
Kofax Oil and Gas SolutionKofax Oil and Gas Solution
Kofax Oil and Gas Solution
 

Similaire à SeGW Whitepaper from Radisys

SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING MLSECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING MLIRJET Journal
 
How three wireless technologies will soon ignite the edge computing revolution
How three wireless technologies will soon ignite the edge computing revolutionHow three wireless technologies will soon ignite the edge computing revolution
How three wireless technologies will soon ignite the edge computing revolutionAbaram Network Solutions
 
5g-a-network-transformation-imperative
5g-a-network-transformation-imperative5g-a-network-transformation-imperative
5g-a-network-transformation-imperativeAmar Ravi
 
What Makes 5G Network Different - Digital Nasional Berhad
What Makes 5G Network Different - Digital Nasional BerhadWhat Makes 5G Network Different - Digital Nasional Berhad
What Makes 5G Network Different - Digital Nasional BerhadDigitalNational
 
Brief introduction-about-5 g-mobile-technologies
Brief introduction-about-5 g-mobile-technologiesBrief introduction-about-5 g-mobile-technologies
Brief introduction-about-5 g-mobile-technologiesritusara
 
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachScaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachF5 Networks
 
A fresh approach to remote IoT Connectivity by Podsystem
A fresh approach to remote IoT Connectivity by PodsystemA fresh approach to remote IoT Connectivity by Podsystem
A fresh approach to remote IoT Connectivity by Podsystempodsystem1
 
A fresh approach to remote IoT connectivity | by Podsystem
A fresh approach to remote IoT connectivity | by Podsystem A fresh approach to remote IoT connectivity | by Podsystem
A fresh approach to remote IoT connectivity | by Podsystem Kira Ugai
 
Wireless Infrastructure: Market Shares, Strategies, and Forecasts, Worldwide,...
Wireless Infrastructure: Market Shares, Strategies, and Forecasts, Worldwide,...Wireless Infrastructure: Market Shares, Strategies, and Forecasts, Worldwide,...
Wireless Infrastructure: Market Shares, Strategies, and Forecasts, Worldwide,...ReportLinker.com
 
Intelligence in the Internet of Things (IoT)
Intelligence in the Internet of Things (IoT)Intelligence in the Internet of Things (IoT)
Intelligence in the Internet of Things (IoT)Mychal McCabe
 
Nanotechnology in 5G Wireless Communication Network: An Approach
Nanotechnology in 5G Wireless Communication Network: An ApproachNanotechnology in 5G Wireless Communication Network: An Approach
Nanotechnology in 5G Wireless Communication Network: An ApproachIRJET Journal
 
Mobile spectrum and network evolution to 2025 slides coleago - 24 mar 21
Mobile spectrum and network evolution to 2025 slides coleago - 24 mar 21Mobile spectrum and network evolution to 2025 slides coleago - 24 mar 21
Mobile spectrum and network evolution to 2025 slides coleago - 24 mar 21Coleago Consulting
 
liaison-2019-09-30-itu-t-tsag-ietf-iab-ls-on-new-ip-shaping-future-network-at...
liaison-2019-09-30-itu-t-tsag-ietf-iab-ls-on-new-ip-shaping-future-network-at...liaison-2019-09-30-itu-t-tsag-ietf-iab-ls-on-new-ip-shaping-future-network-at...
liaison-2019-09-30-itu-t-tsag-ietf-iab-ls-on-new-ip-shaping-future-network-at...MohammadSwerki2
 
Gemalto Review: 5G Feature
Gemalto Review: 5G FeatureGemalto Review: 5G Feature
Gemalto Review: 5G FeatureNexus Publishing
 
5 g network white paper
5 g network white paper 5 g network white paper
5 g network white paper Ravi Sharma
 
Modern computer network technology
Modern computer network technologyModern computer network technology
Modern computer network technologyMH Shihab
 

Similaire à SeGW Whitepaper from Radisys (20)

SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING MLSECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
 
How three wireless technologies will soon ignite the edge computing revolution
How three wireless technologies will soon ignite the edge computing revolutionHow three wireless technologies will soon ignite the edge computing revolution
How three wireless technologies will soon ignite the edge computing revolution
 
5g-a-network-transformation-imperative
5g-a-network-transformation-imperative5g-a-network-transformation-imperative
5g-a-network-transformation-imperative
 
5G Network
5G Network5G Network
5G Network
 
What Makes 5G Network Different - Digital Nasional Berhad
What Makes 5G Network Different - Digital Nasional BerhadWhat Makes 5G Network Different - Digital Nasional Berhad
What Makes 5G Network Different - Digital Nasional Berhad
 
5G_Upload.docx
5G_Upload.docx5G_Upload.docx
5G_Upload.docx
 
Brief introduction-about-5 g-mobile-technologies
Brief introduction-about-5 g-mobile-technologiesBrief introduction-about-5 g-mobile-technologies
Brief introduction-about-5 g-mobile-technologies
 
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachScaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
 
A fresh approach to remote IoT Connectivity by Podsystem
A fresh approach to remote IoT Connectivity by PodsystemA fresh approach to remote IoT Connectivity by Podsystem
A fresh approach to remote IoT Connectivity by Podsystem
 
A fresh approach to remote IoT connectivity | by Podsystem
A fresh approach to remote IoT connectivity | by Podsystem A fresh approach to remote IoT connectivity | by Podsystem
A fresh approach to remote IoT connectivity | by Podsystem
 
Wireless Infrastructure: Market Shares, Strategies, and Forecasts, Worldwide,...
Wireless Infrastructure: Market Shares, Strategies, and Forecasts, Worldwide,...Wireless Infrastructure: Market Shares, Strategies, and Forecasts, Worldwide,...
Wireless Infrastructure: Market Shares, Strategies, and Forecasts, Worldwide,...
 
Cor review2018-a
Cor review2018-aCor review2018-a
Cor review2018-a
 
Quick Quote App Portfolio
Quick Quote App PortfolioQuick Quote App Portfolio
Quick Quote App Portfolio
 
Intelligence in the Internet of Things (IoT)
Intelligence in the Internet of Things (IoT)Intelligence in the Internet of Things (IoT)
Intelligence in the Internet of Things (IoT)
 
Nanotechnology in 5G Wireless Communication Network: An Approach
Nanotechnology in 5G Wireless Communication Network: An ApproachNanotechnology in 5G Wireless Communication Network: An Approach
Nanotechnology in 5G Wireless Communication Network: An Approach
 
Mobile spectrum and network evolution to 2025 slides coleago - 24 mar 21
Mobile spectrum and network evolution to 2025 slides coleago - 24 mar 21Mobile spectrum and network evolution to 2025 slides coleago - 24 mar 21
Mobile spectrum and network evolution to 2025 slides coleago - 24 mar 21
 
liaison-2019-09-30-itu-t-tsag-ietf-iab-ls-on-new-ip-shaping-future-network-at...
liaison-2019-09-30-itu-t-tsag-ietf-iab-ls-on-new-ip-shaping-future-network-at...liaison-2019-09-30-itu-t-tsag-ietf-iab-ls-on-new-ip-shaping-future-network-at...
liaison-2019-09-30-itu-t-tsag-ietf-iab-ls-on-new-ip-shaping-future-network-at...
 
Gemalto Review: 5G Feature
Gemalto Review: 5G FeatureGemalto Review: 5G Feature
Gemalto Review: 5G Feature
 
5 g network white paper
5 g network white paper 5 g network white paper
5 g network white paper
 
Modern computer network technology
Modern computer network technologyModern computer network technology
Modern computer network technology
 

Plus de Shah Sheikh

ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceShah Sheikh
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingShah Sheikh
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....Shah Sheikh
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...Shah Sheikh
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotShah Sheikh
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
 
DTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job WayDTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job WayShah Sheikh
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015Shah Sheikh
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting Shah Sheikh
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
 

Plus de Shah Sheikh (20)

ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company Presentation
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company Presentation
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration Testing
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
 
DTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job WayDTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job Way
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
 
DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 

SeGW Whitepaper from Radisys

  • 1. SECURING NEXT GENERATION MOBILE NETWORKS VERSION 1.0 | OCTOBER 2010 ABSTRACT: As IP based telecom networks are deployed, new security threats facing operators are inevitable. This paper reviews the new mobile access paradigms, examines the security challenges, and outlines CONTENTS the technical requirements for a new generation EXECUTIVE SUMMARY.. ............................................2 of security gateways. GROWING MOBILE DEMAND......................................2 EXPANDING MOBILE NETWORK CAPACITY.. ................2 SECURING MOBILE NETWORK BACKHAUL..................3 NETWORK SECURITY TECHNOLOGY REQUIREMENTS...3 LTE SECURITY GATEWAY SOLUTION.. .........................4 CONCLUSION...........................................................4 GLOSSARY..............................................................5 REFERENCES..........................................................5
  • 2. RADISYS WHITEPAPER | SECURING NEXT GENERATION MOBILE NETWORKS EXECUTIVE SUMMARY 3500000 Mobile VoIP Exploding data traffic on mobile networks is 3500000 Mobile Gaming 4% creating congestion and putting unprecedented Mobile P2P 5% Mobile Web/Data 8% CONSUMER INTERNET TRAFFIC pressure on network operators to meet nearly insatiable 3000000 Mobile Video PETABYTES PER MONTH data demand. Most major worldwide mobile operators 17% have announced plans to migrate their networks to Long 2500000 Term Evolution (LTE), an all-IP network that will increase 2000000 broadband capacity to support up to ten times higher data rates and enable an abundance of new mobile 1500000 applications. In the near term, many operators are also 66% considering alternative “wireless offload” solutions 1000000 which route both voice and data traffic over the public Internet to relieve network congestion and improve 500000 coverage. In both situations, operators are exposed to inherent security threats and challenges familiar to 0 2010 2012 2014 enterprise IP networks. As cyber crime becomes more YEAR sophisticated and profitable, these attacks are occurring more frequently and with more severity and complexity. Figure 1. Cisco Global Mobile Data Traffic Forecast (Source: Cisco,2 2010) Mobile networks will have similar security requirements to enterprises, but on a much larger scale. This white paper will examine potential security challenges in both LTE infrastructure and wireless offload deployments, EXPANDING MOBILE introduce the relevant 3GPP standards, and present NETWORK CAPACITY solutions based on an LTE security gateway, or LTE SEG. In recent years, the convergence of telecom and IP networking, have driven new standards, technologies and GROWING MOBILE DEMAND platforms. Persistent growth of bandwidth hungry services and applications has driven the development of LTE, which The increase in demand for mobile bandwidth is supplies the bandwidth needed for these applications, undeniable. Nokia Siemens Networks reported that while lowering operating costs and simplifying network in 2008, their customers saw an increase in High management. LTE delivers four times more downlink Speed Packet Access (HSPA) data traffic of 5.7 times bandwidth and eight times more uplink bandwidth the previous year, and eleven customers saw a ten- than its predecessor, HSPA. It also provides better cell fold increase. “So we’re seeing a significant amount of performance, lower latency and higher Quality of Service stress on the network,” said Patrick Donegan, Senior (QoS), while supporting more users at Analyst, Heavy Reading.1 According to Cisco, mobile data a lower cost per byte. LTE will take many years to rollout traffic will double every year through 2014, increasing and become pervasive, however, and existing cellular approximately 40 times over the next five years (Figure networks are already becoming tapped out. 1). By 2014, seventeen percent of this data will be transmitted over the Internet, much of which will need With smartphones and other wireless devices becoming to be secured. IP has become the de facto transport, not increasingly popular, some operators are looking for near only for user traffic, but also for control within network term wireless offload and coverage solutions. A new study infrastructure. Security threats resulting from untrusted from ABI Research reports that about sixteen percent of network endpoints, shared facilities, and disgruntled data traffic is diverted from mobile networks today and employees are magnified in an all-IP environment. is expected to increase to forty-eight percent by 2015.3 Cisco estimates that by 2014, twenty-three percent of U.S. smartphone traffic could be offloaded through the public Internet, using wireless LANs and femtocells. Even higher percentages are forecasted for Western Europe and Russia. Wireless offload relieves pressure on 3G access networks, but introduces the need for security gateways. WWW.RADISYS.COM | 2
  • 3. RADISYS WHITEPAPER | SECURING NEXT GENERATION MOBILE NETWORKS SECURING MOBILE NETWORK BACKHAUL lub Both LTE access and 3G wireless offload present new 3G Core Network Standard (Trusted) security challenges not encountered in traditional mobile 3G/4G Handset network backhaul, the infrastructure for connecting cell sites to the core network. Historically, backhaul employed UMA-Enabled Wireless dedicated T1 and unshared facilities between macro Dual Mode Femtocell Data Handset Offload cellsites and the core network base stations. LTE phases Up out TDM connected cell sites in favor of Ethernet and IP connections, and for both cost and bandwidth reasons, Public Internet LTE backhaul may leverage commercial broadband links. Wu (Untrusted) LTE networks have more small and distributed cell sites, WiFi Access SEG Point which are difficult and costly to physically protect against criminal activity. Operators are also increasingly sharing Figure 2. Wireless Offload cell sites to get around government limitations and use the best locations. The LTE architecture pushes more mobility function out to the cell sites, enabling hackers to disrupt subscribers and penetrate new data applications. LTE eNodeB And the flat LTE topology provides a direct route from SEG LTE Serving cell sites to the network core, creating the possibility 4G Gateway (SGW) S1 for Denial-of-Service (DoS) attacks and interception of user communications. All these factors drive new WiFi Access Point Backhaul To Packet security requirements in LTE. Network SEG I-WLAN Network 3G or Public Terminating Gateway Internet Wu (TTG) The security exposures in wireless offload applications Voice/Data are more obvious. WiFi access points and femtocells are Femtocell SEG connected over the public Internet and expose the core Femtocell 2G Gateway network to the full range of Internet attacks, including 3G Up address spoofing, identity theft, man-in-the-middle, and DoS. In addition to securing the wireless segment of a Firewall and Tunneling Technology connection with appropriate wireless security like WPA, Figure 3. Securing LTE Access and Wireless Offload Networks mobile devices require end-to-end security to the core network, and network gateways must be appropriately firewalled to protect the core network. The security topology for LTE Access and Wireless Offload networks Security Security is shown in Figure 3. Domain A Domain B NE NE A-1 B-1 Zb Zb NETWORK SECURITY TECHNOLOGY REQUIREMENTS Za Zb SEG A SEG B Zb A security gateway is required to secure the connections between network elements over an “untrusted” communications link. The link may be untrusted Zb Zb because the elements are owned by different operators NE NE A-2 B-2 and therefore reside in different security domains IKE “Connection” (Za interface), or because the elements are owned by ESP Security Association the same operator in the same security domain but are connected in a way that may lead to security breaches Figure 4. Securing LTE Networks because the interfaces are not protected (e.g. no use of Zb between internal elements). The elements may be part of the LTE backhaul network, like cell sites as shown in Figure 4. With IPsec, data is passed between (eNodeBs), or part of the enhanced packet core, the network elements in secure “tunnels” using a like Serving and Packet Gateways (S-GWY, P-GWY). protocol called Encapsulating Security Payload (ESP) which includes subscriber authentication, content The requirements for providing a secure connection integrity and data encryption. These tunnels are set between LTE network elements are specified in the 3GPP up using a protocol called Internet Key Exchange (IKE), Network Domain Security (NDS) standard. The primary which enables the elements to identify each other in requirement is to use Internet Protocol Security (IPsec), a trusted manner called a Security Association (SA). WWW.RADISYS.COM | 3
  • 4. RADISYS WHITEPAPER | SECURING NEXT GENERATION MOBILE NETWORKS The requirements for providing a secure connection SGSN: Service GPRS GGSN: Gateway Support Node GPRS Support Node between a mobile device or femtocell in a wireless offload application share similarities to the NDS scenario. An IPsec tunnel is established between the mobile 3G device or femtocell using IKE; bidirectional security associations are established; and encrypted ESP data is transmitted (Figure 5). Data AAA HSS/ Offload HLR Gn LTE SECURITY Wm GATEWAY SOLUTION SEG An LTE Security Gateway, or LTE SEG, must meet the Internet Wu or Up technology requirements for both LTE and its wireless offload applications predecessors. It should provide very high performance IPsec tunneling and stateful firewall protection and be cost effective for a telecom equipment Figure 5. Securing Wireless Offload Applications manufacturer to deploy in an operator network. cost effectively integrate into the LTE network elements An LTE SEG should adhere to the 3GPP P-G standards in their portfolio. Like other telecom equipment, the LTE and provide high performance IPsec capability, with SEG should have a fault tolerant configuration option carrier-grade reliability and scalability for telecom and meet carrier requirements for high availability and networks. This requires supporting key IETF RFCs for serviceability. Many equipment manufacturers have ESP, IKE and Certificate Management Protocol (CMP) adopted the open, carrier grade Advanced Telecom as required by 3GPP LTE specifications 33.210 and Computing Architecture (ATCA) and would benefit 33.310. Ideally, an LTE SEG will process at least multi- from a blade solution that could be readily integrated Gbps of encrypted IPsec traffic and scale to much higher in spare slots of existing network elements, as well IPsec throughput to support massive amounts of IP as offered as a standalone solution. data from many LTE cell sites. Additionally, in wireless offload applications, a security gateway should secure large numbers of WiFi connected mobile devices and CONCLUSION femtocells and support various authentication schemes The explosion of mobile data applications has begun, appropriate for each device, e.g. reuse of SIM card in and worldwide mobile operators are planning to migrate mobile devices, support for both femtocell smart-card their networks to LTE. The new LTE networks will increase and certificate based schemes, and back-end RADIUS broadband capacity to support higher data rates, simplify support. Wireless offload applications such as I-WLAN network management, and lower transport costs. Whether and Home NodeB femtocells also require associating operators choose to move directly to LTE or enhance the user’s IPsec tunnel with the GTP connection to their current generation networks with wireless offload the packet core. applications, they must address the security issues Another important LTE SEG feature is a stateful firewall, associated with an all-IP network. The financial risk and which can process several million concurrent IP flows, reputation impact associated with any security breach with pre-defined and custom filters, consistency checks in the early stages of a network rollout are too big to and DoS prevention mechanisms. This requires 10G ignore. The 3GPP standards, including NDS, specify ways Ethernet ports and firewall services performed at line rate. to secure user data and protect network elements, but In addition to network security, an LTE SEG should ideally leave many implementation decisions up to the operators. feature static and dynamic Network Address Translation Network security is a major hurdle for LTE equipment (NAT), Virtual Routing (VLAN), DHCP services and traffic vendors because the scope of potential breaches is large, management. the technology is complex, and engineers with relevant security expertise are scarce and expensive. The best Because security technology is complex and engineers solution is a turnkey security gateway that is flexible and with relevant experience are scarce and expensive, most scalable and can be cost effectively integrated to make telecom equipment manufacturers would prefer to buy new network rollouts secure from a complete LTE SEG solution which they can easily and the outset. WWW.RADISYS.COM | 4
  • 5. RADISYS WHITEPAPER | SECURING NEXT GENERATION MOBILE NETWORKS GLOSSARY: REFERENCES: The following Glossary is in the order of the acronyms Source: http://www.lightreading.com/video.asp?doc_ 1 appearing in the paper. id=174795. 3GPP: 3rd Generation Partnership Project Source: Cisco Visual Networking Index: Global 2 Mobile Data Traffic Forecast Update, 2009-2014 ATCA: Advanced Telecom Computing Architecture from February 9, 2010 found at http://www.cisco.com/ en/US/solutions/collateral/ns341/ns525/ns537/ns705/ CMP: Certificate Management Protocol ns827/white_paper_c11-520862.html. DoS: Denial-of-Service http://4g-wirelessevolution.tmcnet.com/channels/ 3 e NodeB: enhanced nodeB, LTE radio at a cellsite network-acceleration/articles/95417-wifi-femtocell- others-help-mobile-data-offloading-research.htm. ESP: Encapsulating Security Payload HSPA: High Speed Packet Access IETF: Internet Engineering Task Force IKE: Internet Key Exchange IP: Internet Protocol IPsec: Internet Protocol Security I-WLAN: Interworking-Wireless Local Area Network LTE: Long Term Evolution (one flavor of 4G) NAT: Network Address Translation NDS: Network Domain Security P-GWY: Packet Gateway QoS: Quality of Service S1-U: ser-plane (mobile) traffic between U LTE eNodeB (cellsites) Serving-Gateway (S-GWY) packet core elements SA: Security Association SEG: Security Gateway S-GWY: Serving Gateway T1: Data Circuit Running at 1.544 Mbit/s Line Rate TDM: Time Division Multiplexed WPA: Wireless Protected Access Corporate Headquarters 5445 NE Dawson Creek Drive Hillsboro, OR 97124 USA Phone: 503-615-1100 Fax: 503-615-1121 Toll-Free: 800-950-0044 www.radisys.com info@radisys.com ©2010 RadiSys Corporation. RadiSys is a registered trademark of RadiSys Corporation. Convedia is a registered trademark of RadiSys Corporation. *All other trademarks are the properties of their respective owners. 10-218-00 October 2010 WWW.RADISYS.COM | 5