Heavy Reading Authentication as a Service WP.en Us

8/11/2019 Heavy Reading Authentication as a Service WP.en Us

1/10

White Paper

Authentication as a Service forLTE Base Stations

Prepared by

Patrick DoneganSenior Analyst, Hea vy Rea d ing

www.heavyreading.com

on behalf of

www.symantec.com

May 2012
http://www.heavyreading.com/http://www.heavyreading.com/http://www.symantec.com/http://www.symantec.com/http://www.symantec.com/http://www.heavyreading.com/


2/10

HEAVY READING | MAY 2012 | WHITE PAPER | AUTHENTICATION AS A SERVICE FOR LTE BASE STATIONS 2

New Network Security Challenges in LTEThe 3GPP network architecture changes in some fundamental ways in thetransition from 3G to LTE. And these changes have a major impact on the waysec urity is provided in the mobile network, including as regards authentication ofbase stations or eNodeBs in the network.

These changes in the LTE architecture and their security implications can besummarized as follows:

The RNC is no longer a dedicated node in LTE. Instead, its functions aredistributed between the Evolved Packet Core and the eNodeB. This increasesthe operator's exposure in LTE compared with 3G, since the 3GPP enc ryptionthat is instantiated in the end-user device now terminates in the eNodeB ra-ther than the RNC. From a security perspective, in LTE the 3GPP encryptionnow terminates at many sites at the edge of the mobile network, instead of ahandful of nodes located much deeper in the network.

Whereas 3G was originally designed with TDM backhaul in mind, LTE wasdesigned to be launched with IP/Ethernet backhaul. From a security point ofview, 3G was originally designed to be deployed with a highly secure back-haul technology, whereas LTE is required to be deployed with a backhaultechnology with known security vulnerabilities that are exploited and ex-tended by large numbers of hackers and attackers every day.

To keep up with the huge growth in mobile broadband data consumption,mobile operators recognize that in the coming years they will need to startsupplementing their mac ro and microcell layers with new public ac cess small

Figure 1: Authentication and Encryption in 3G and LTE Networks

Sou rc e: Hea vy Rea d ing


3/10


cells. Designed to be mounted on building walls, bus stops, lampposts and thelike, mobile operators envisage deploying four to eight or even more ofthese public ac cess small cells per mac ro cell. Precisely because the small celldeployment model assumes such easily accessible locations, these sites willinevitably be much more vulnerable to tampering and security breaches thanconventional macro and micro cells that have strong physical protectionagainst intrusion and unauthorized intervention.

As formally recognized by the Next Generation Mobile Network (NGMN) Alliancein its February 2012 White Paper on "Sec urity in LTE Backhauling," the primarythreats that arise in the context of the LTE network are:

Insider attacks abuse of administrator rights (eNodeB or Cell Site Gatewayaccess)

External attacks via networks from Internet or other PDN, from G PRS roamingexchange or other PLMN, from an external transport network or external non-3GPP access network

External attacks on physical access to the network on the radio interfaces,tampering with easily accessible (e.g., small cells), unauthorized physica laccess to network ports

Attacks from mobiles

To mitigate these security vulnerabilities in LTE, 3GPP provides for the use of IPsecauthentication and encryption between the eNodeB and the core network. This isdesigned to protect the integrity of user traffic and the network wherever theoperator considers the backhaul network to be what 3GPP defines as "untrusted."

Three years ago, when most operators first started contemplating LTE deploy-ments, it was common for them to resist the use of IPsec on the grounds that itwould add cost and complexity to the network. But Figure 2 shows how theposition of mobile operators has shifted over the last couple of years.

Figure 2: Adoption of IPsec for LTE

Que st ion: "For the f irst three ye a rs fol low ing the launc h of LTE, to w ha t extent d o yo u e xpe c t

tha t IPsec will be nee d ed b etw ee n the LTE c el l site a nd the LTE c ore?"

%OF ALL OPERATORS

SEPT.2011

MOBILE SECURITY

SURVEY

DEC.2010

BACKHAUL

SURVEY

All cell sites will need IPsec implemented 37% 20%

At least half of all cell sites will need IPsec implemented 11% 13%

A subset of cell sites will need IPsec implemented 12% 19%

IPsec willprobablynot be needed in the backhaul 15% 17%

IPsec willdefinitelynot be needed in the backhaul 5% 1%

It's still unc lear at this stage 20% 29%

Sou rc e: Hea vy Rea d ing ; n=83 (2010) a nd 84 (2011)


4/10


As shown in Figure 2, two separate surveys of more than 80 qualified network-oriented professionals carried out in December 2010 and then again in September2011 demonstrate growing acceptance of the need for IPsec to secure the LTEnetwork. 48 percent of respondents in September 2011 reckoned that IPsec will berequired at at least half of LTE cell sites, compared with just 33 percent in Decem-ber 2010. 37 percent reckoned it will be needed at all LTE cell sites in September2011, compared with just 20 percent nine months earlier.

Authentication of eNodeBs Using PKIAccording to 3GPP TS 33.310, where IPsec is deployed by the mobile operator thisprotocol necessarily provides the encryption of traffic between the eNodeB andthe core of the LTE network.

Where the authentication of the eNodeB is concerned, however, 3GPP provides achoice of model:

The first option is to use a manual, so-called "shared secret," authenticationmodel.This entails a field engineer manually entering a cryptographic key atthe cell site during the initial setup process. That pre-shared key will have beengenerated by the operator's own operations team. Once it is inputted at thenew cell site by the field engineer, it is recognized as legitimate and trustedand the eNodeB will duly be authenticated by the network.

The second option is to deploy Public Key Infrastructure (PKI)with IPsec , basedon the Internet Key Exchange Version 2 (IKEv2) and C ertificate ManagementProtocol Version 2 (CMPv2).

While most operators that have launched LTE so far have done so using themanual shared secret authentication model, there are good grounds for thinkingthat over time, operators will want to start adopting the PKI model.

The manual inputting of shared secret keys into each eNodeB by an operativewhile preserving its secrecy is prone to human error, and hence potentially

expensive from an opex perspective. Automating symmetric key manage-ment according to proprietary solutions is liable to be expensive, as well.

In the interests of security, shared secret keys should be changed regularly.Managing that program of key renewal without affecting operational stability,together with the nec essary site visits to c arry out c hanges, is also potentiallyexpensive from an opex perspective.

As previously pointed out, the introduction of public access small cells into thenetwork will result in an acceleration in the rate of deployment of cell sites inthe mobile network. As a result, the operational challenges of a manualshared sec ret key model will become increasingly acute as the operator looksto scale LTE capacity with growing subscriber and data traffic volumes.

The growth of machine-to-machine applications using LTE will grow the

number of end points in the network still further, amplifying the c hallengeposed by the growth in the number of cell sites.

As shown immediately below, the automated PKI authentication model asdefined by 3GPP introduces an additional layer of security into the authenti-cation process as compared with the manual shared secret model.


5/10


3GPP's Model for Certificate Enrollment in a PKI Environment

Figure 3 shows the basic 3GPP architecture for PKI-based authentication ofeNodeBs in LTE. A RAN vendor provides its own root certificate to the mobileoperator. That root certificate is then pre-installed in the mobile operator's Regis-tration Authority (RA) or Certification Authority (CA). That then serves as theprimary source of trust, enabling multiple certificates to be issued by the C A to the

eNodeB according to what is, in essence, a client-server model.

The two-way authentication is enabled by the vendor's own signed certificatebeing pre-installed in the eNodeB. Importantly, as mandated by 3GPP, theauthentication is supported by the use of the Certificate Management ProtocolVersion 2 or CMPv2, an Internet protocol used to manage the request anddistribution of X.509 digital certificates within a PKI solution.

Once authenticated the eNodeB is authorized to instantiate one or more IPsecencryption tunnels and send traffic across the network towards the core with IPsec

encryption where the traffic is unencrypted at the Security Gateway (SEG), in partenabled by the operator's own root certificate being pre-installed.

Enhancements to Existing PKI Systems Based on Internet Protocols

3GPP's approach to PKI draws entirely from existing Internet protocols. The mainway in which 3GPP's deployment model materially differs from most other PKIimplementations is that it is among the first to leverage the CMPv2 protoc ol, andamong the first to leverage one particular advanced feature of CMPv2. This is thecapability that C MPv2 has a c apability rendered mandatory by 3GPP for LTE touse two certificates, a Vendor Base Station Certificate and an Operator BaseStation Certificate, rather than just one, according to the model used in most PKIsystems up until now.

In the LTE environment, the mobile operator has its own certificate, much as anyenterprise running its own PKI would. In addition, however, the authenticationmechanism prescribed by 3GPP leverages the advanced features of CMPv2 torequire a second certificate. This is the RAN vendor's own certificate, which itassigns to the eNodeB during the manufacturing process. The vendor's certificateis then required to authenticate the initial request for the operator's certificate

Figure 3: Certificate Enrollment for eNodeBs in LTE

Sourc e : 3GPP TS 33.310


6/10


upon turning up each LTE eNodeB to commercial service for the very first time. Thisvendor certificate effectively replaces a One Time Password, which has to beentered manually in typical enterprise PKIs.

After the initial authentication of the eNodeB at the time of service turn-up, allsubsequent update certificates for that eNodeB are authenticated solely by theoperator's certificate according to traditional PKI models. Importantly, however,

the requirement for the second certificate to participate in the authentication atthe point of service turn-up provides a valuable additional layer of sec urity. Thisgoes above and beyond the security and automation provided by the manualshared secret model and above and beyond what is provided by most present-day PKI models in the enterprise environment.

From the perspective of designing and operating a CA for LTE authentication,relatively few changes should be required to render existing PKI equipment andsystem parameters compliant with 3GPP requirements for LTE. In addition tosupport for CMPv2, including the ability to enable a dual certificate signaturemodel at the initial point of service turn-up, two other enhancements to existingPKI systems are liable to be required to render them 3GPP-c ompliant:

Since base stations are objects rather than human operatives, the C A needsto be able to support eNodeB serial numbers in issuing certificates, rather thanthe user names of individual operatives, as has been typical with PKI systemsuntil now.

If an LTE eNodeB is legitimate, it can only have an IP address that comes fromwithin the mobile operator's own unique IP address range. Therefore, a CAneeds to be able to restrict issuing certificates to within that specified IP ad-dress range.

PKI Authentication: A Mobile Operator's Core Competency?

There is little in the changes of the LTE security architecture that would make amobile operator want to radically alter its present-day operating model so far asthe right-hand side of Figure 3 is conc erned. So whether the operator runs itsnetwork itself or outsources the operation of parts of the network to a vendorpartner the operator will deploy and manage its SEG and eNodeBs in much thesame way as it manages its 3G network infrastructure.

The same is not so true of the left-hand side of Figure 3, however. Designing,operating and maintaining a PKI solution with its own CA at the heart of it on thescale that is liable to be required for LTE represents a new security model com-pared with what most mobile operators are used to.

Moreover, there are a number of sec urity specialists that are experienc ed inoffering cloud-based certification services as a managed service and are tailoringtheir capabilities to the mobile operator sec tor to align with the emerging marketrequirements for LTE.

It is for this reason that when mobile operators come to roll out LTE, they need tolook carefully at the case for leasing authentication as a service from a leadingcloud-based provider, as well as the case for building their own PKI infrastructurefrom scratch.


7/10


Self-Build PKI Solutions for LTEPKI infrastructure is a relatively mature technology and has been widely deployedin enterprise and telco environments for many years. Some mobile operators mayeven have some experience of using it on the IT side of the house, for example forimproving WLAN sec urity with 802.1x, sec uring internal and external websites,

signing c ode and sensitive documents, and the like.

Until now, however, mobile operators have had no reason to deploy a PKIinfrastructure on the telco side of the house as a part of the sec urity infrastructurefor the cellular network infrastructure itself.

There is no reason at a ll why a mobile operator can't build its own PKI infrastruc-ture. If they take the view that as a part of their security solution it should not beoutsourced or that the act of outsourcing is itself a sec urity risk then providedthe operator invests enough capex and opex, there is nothing to stop the opera-tor going down the self-build route.

The following is a high-level perspec tive on the primary elements of a PKI solutionthat are needed to support an LTE deployment and the design and management

capabilities that are needed to support it.

The PKI equipment.This is pretty straightforward. The operator basically needsto invest in some standard server equipment and some PKI software togetherwith some hardware security modules. There's certainly nothing unduly taxingabout that capital outlay.

The design of the PKI data center facility. This gets trickier. Obviously, thisrequires real estate in the operator's facilities. A PKI infrastructure that supportsa service that is open to the general public, as a mobile operator does, alsoneeds to house the equipment in highly secure data center facilities thatshould conform to strict security auditing standards. In Europe, for example,these auditing standards are laid down in ETSI TS 101456. To begin with, manymobile operators won't have the in-house expertise to design such a facility ina manner that would pass an annual audit. That would therefore typically re-quire either hiring a full-time person or a short-term contractor, which intro-duc es projec t risk once the individual's contrac t has expired. Walls and doorsshould meet certain high-specification security standards in terms of thicknessand other quality and security criteria. And access control needs to be care-fully designed. One example is so-called "man-trap" doors, which are similar tothose sometimes installed in banks, so that only one person at a time can en-ter through each secure door, which c loses immediately behind them.

Operational headcount and processes. Depending on the level of sophistica-tion the operator wants to deploy, a PKI data center is likely to require staffingby anywhere from three to eight full-time employees. PKI policies and opera-tional processes need to be defined. Operational processes also need to behighly secure. This means, for example, that while it might be optimal from acost point of view to have the same individual be charged with a variety of

tasks in managing the PKI infrastructure, in fact sec urity requirements shouldprohibit certain combinations of tasks being assigned to the same person lestthat person then themselves become a security risk in their own right. Interope-rability between the PKI infrastructure and each release of the RAN vendor'seNodeBs and the SEG also needs to be managed.


8/10


With enough investment in facilities, people, equipment and processes, a mobileoperator should certainly be capable of running its own PKI infrastructure to a highstandard. But getting PKI sec urity right is decidedly non-trivial. There have, forexample, been instances of PKI CAs being shut down after security breachesresulting in the CA issuing fraudulent certificates.

Base Station Authentication as a ServiceIntegrated incumbent telecom operators as well as pure-play mobile operatorshave tended to reduce rather than increase headcount in recent years. Theyhave been and remain under pressure from a rebalancing of revenues fromvoice to data and the increasing challenges of keeping up with the growth indata traffic without materially exceeding sustainable levels of capex and opex.

Mobile operators continue to look to allocate limited human and capital re-sources into areas that will maximize cost savings or new revenues. And as they doso, every cost center is one that needs to be carefully evaluated according towhether it can most successfully be performed in-house or outsourced to thirdparties that can either offer concentrated expertise or scale or both in an areathat may be outside the operator's core competence.

There are several reasons for considering authentication of LTE network elementsas a potential candidate for outsourcing. To begin with, this is a model in whichthe operator's user traffic continues to remain entirely within the mobile operator'sdomain. So not only is it just control traffic that exits the mobile operator's networkto a managed service provider according to this model it's also a relatively smallproportion of the operator's control traffic.

The model is also based on mature PKI standards that are not only widely dep-loyed in telecom and IT markets worldwide but also adapted and embraced by3GPP. Moreover, there are a number of managed service providers such asSymantec that have track records in providing cloud-based authenticationservices at scale based on these standards, albeit not yet for mobile operators

rolling out LTE.

Let's begin with the cost of the infrastructure itself. A managed service providerselling authentication as a service should be able to leverage its facilities, its PKIinfrastructure and its specialized, skilled personnel a lot more cost-efficiently thanthe operator can by building out its own dedicated facilities and hiring its owndedicated people. This is particularly pertinent in the case of the marginal costassoc iated with security processes requiring that certain tasks be distributed acrossdifferent personnel, rather than concentrated in one person.

With a managed services approach, the up-to-the-minute PKI expertise is alsopermanently available to the mobile operator, whereas in a self-build model theseexperts might only be brought in for the initial setup phase and perhaps broughtback in again intermittently, according to a model which risks being less seamless

as well as potentially more expensive.

Given that it is designed to support several different mobile operators, a managedservice provider should be able to support an ongoing program of interoperabilitybetween its PKI infrastructure and different vendors' RAN and core infrastructure ata significantly lower cost than an operator can support investing in this capabilityby itself.


9/10


The SLAs for an LTE Authentication Model

For a mobile operator to have confidence in a managed service providerdelivering authentication as a service, the managed service provider needs to beable to c ommit to an SLA that meets the mobile operator's requirements exac tly.This means being highly attuned to the unique requirements of the LTE network.

First and foremost, mobile operators don't want "support" of the conventional kindwritten into an SLA for authentication as a service. They typically don't want to beable to send a question to a support team and be guaranteed a response withina specified number of hours. The mobile operator is typically not going to want to

receive a "trouble ticket." Rather, they are likely to want the managed serviceprovider itself to proactively monitor, manage and troubleshoot the PKI service.

The availability of the CA to the mobile operator needs to be nailed down in theSLA. This needs to be done not just in terms of specifying no more than a givenamount of hours of non-availability per month. At a more granular level, the SLAalso needs to specify that no one incident of non-availability will last longer than aspecified number of minutes. And no proportion of total allowable down-time willoccur during specified hours of the day when the operator is most likely to need tocarry out changes to the RAN infrastructure.

Processing time also needs to be defined. For example, when the mobile operatorsends a certificate request to the CA as the operator looks to turn up a neweNodeB to commercial service, the SLA needs to specify that it will receive a

response within a specified timeframe. The same processing times need to bedefined with respect to the maximum time allowed to pre-approve, revoke andvalidate c ertificates depending on the specific operator's requirements. Anotherarea requiring definition is the volume of transactions for example, the maximumdaily volume of certificates that the operator is entitled to as well as the frequencywith which they can be requested c onsecutively.

Figure 4: Process Flow in a PKI Managed Service Model for LTE

Sou rc e : S ma n t e c


10/10


ConclusionWith enc ryption and authentication terminating in the eNodeB, LTE presents newsec urity exposures for mobile operators. 3GPP has anticipated these and providesfor IPsec to defend against these new exposures.

Mobile operators increasingly recognize that while IPsec may only be an option in3GPP, it will increasingly be required as LTE is rolled out. The question of whetherthe authentication of each eNodeB should be done manually or automaticallyleveraging mature PKI standards is more or less a no-brainer. Over time, themanual shared sec ret model simply won't scale well.

The next question that operators will need to consider carefully is whether or not toinvest capex and opex in their own facilities and extra headcount to build up thissophisticated authentication capability in-house.

In days gone by, self-build would have typically been the first instinct of the mobileoperator's management team. But we are now in an era when mobile networkoperating margins will increasingly come under pressure, and when specialist andmanaged service providers can also offer cloud-based services such as network

authentication at potentially significantly lower cost. In this era, mobile operatorsneed to think very carefully about whether a self-build model still aligns with theirsecurity, revenue and margin goals or whether buying in base station authenti-cation as a service could start to look like a more c ompelling option.

About Symantec

Symantec is a global leader in providing security, storage and systems man-agement solutions to help our customers from consumers and small businesses tothe largest global organizations secure and manage their information andidentities independent of device. Symantec does this by bringing together leadingsoftware and cloud solutions that work seamlessly across multiple platforms, givingcustomers the freedom to use the devices of their choice and to access, storeand transmit information anytime, anywhere.

We ensure that sensitive data is protected through all phases of its use. Thisinformation-centric approach makes data protection more intelligent, policy-driven and easier to manage. By leveraging our already rich experience insecuring and managing information, Symantec has rounded out the portfolio byac quiring new capabilities, building new solutions, and integrating enc ryption andpolicy management capabilities to the authentication services.

Symantec has a strong focus on the c ommunication service provider industry. Withits solutions it protects 9 out of the 10 largest telec om companies worldwide.Symantec operates the largest and most comprehensive PKI solutions for enter-prises and service providers available on the market today, and has been doingso since 1995. More than 200 million device certificates have been issued to date.

Documents

Heavy Reading Authentication as a Service WP.en Us