Upload
mary-mcevoy-carroll
View
143
Download
0
Embed Size (px)
DESCRIPTION
As LTE adoption grows, network sharing strategies enable faster, broader and more effective participation by mobile broadband operators in new and existing markets. Shared networks, however, are at greater risk of breach or service disruption and must be protected at all points of vulnerability.
Citation preview
© 2014 Stoke
Securing the Shared Network
| Proprietary and Confidential
Stoke Inc
© 2014 Stoke 2
The LTE Security Framework
S9
S1-C
Internet
S1-U S5/S8
S6A
Gx
Gz/Gy
Other LTE Network
S11
RAN-Core Border
SEG
The border between RAN and Core (S1) requires protection against specific risks to critical infrastructure at that interface
Control Plane Functions- IKE- AAA- Routing
DRA
SBCIMS Core
SGW
MME
CSCF
Internet Border
Policy / Charging Control
SGi
Data Plane Functions- Forwarding- QoS- ACL- Packet Inspection
Device and Application
© 2014 Stoke
LTE Network Sharing Drivers
3
» Accelerates market entry, addresses growing consumer demand, stimulates competition
» Enables cost reduction and economies of scale, enabling service innovation, market price reduction, broader network coverage
| Proprietary and Confidential
Mobile operators in Australia, Sweden, Zimbabwe, Cameroon, Nigeria, Ghaa and Kenya have implemented LTE network sharing agreements
© 2014 Stoke
Greater Need for Security Gateway
4
» Operator LTE networks are vulnerable to security breaches because of flat IP architecture.» Untrusted and shared backhaul, if unsecured, exposes the EPC to
DoS attacks, eavesdropping, and data tampering.» Without IPsec security implementation, customers are exposed to
spam and data or identity theft.» More vulnerable small cells, increase opportunity for malicious access.
» In shared networks, any breach or disruption will impact multiple service providers, therefore impact / risk is greater» Any individual MVNO has less control over the other devices, users,
backhaul that can impact overall network.» Some regulators require IPsec in shared networks» For both competitive protection and subscriber security, MVNOs will
require their network provider to encrypt.
| Proprietary and Confidential
© 2014 Stoke 5
S9
S1-C
InternetS1-U
S5/S8
S6A
SGi
GxGz/Gy
Other LTE Network
S11
SPRAN-Core
Border
CSCF
MNOEPC
MME
SGW
MVNO 2EPC
S5/S8SGW
SGi
MVNO 1EPC
S5/S8SGW
CSCF
CSCF
SGi
S1-US1-U
MVNO 3EPC
S5/S8SGW
MBA
SGi
SGi
IPsec Gateway Secures the Shared Network
© 2014 Stoke
www.stoke.com
6| Proprietary and Confidential