Stoke and Infonetics critical issues in optimizing and securing LTE traffic as LTE subscribers ramp up by the millions and operators ready their VoLTE services.
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Infonetics and Stoke webinar: Security at the speed of VoLTE
1. Security at the Speed of VoLTE
An Infonetics Research Webinar
Co-produced with Stoke
#VoLTE The Webinar Will Begin Shortly
2. #VoLTE
Security at the Speed of VoLTE
An Infonetics Research Webinar
Co-produced with Stoke
3. Today’s Speakers
3
JoAnne Emery
Event Director
Infonetics Research
(Moderator)
Dilip Pillaipakam
VP Product Management
and Marketing
Stoke
Stéphane Téral
Principal Analyst,
Mobile Infrastructure and
Carrier Economics
Infonetics Research
#VoLTE
7. Flat IP Architecture Is Vulnerable
‣ The direct route from eNodeBs (eNBs) to the evolved packet core
(EPC) opens the door for denial of service (DoS) attacks and
interception of user communications
‣ Accidental or deliberate DoS attacks against customers remain the
most common security threat
7
Source: Arbor Networks, Inc.; Worldwide Infrastructure Security Report Volume IX (3Q2013)
8. The LTE Security Framework
8
S9
S1-C
Internet
S1-U
S5/S8
S6A
SGi
Gx
Gz/Gy
Other LTE
Network
S11
RAN-Core
Border
IMS Core
SEG
Webinar Focus: RAN-Core (S1) Protection
CSCF
Internet
Border
Policy/ Charging
Control
Device and
Application
MME
SGW
9. LTE Security at the S1 Link – Emerging Trends
9
Challenge Requirements
Stronger Security
• 2048 bit key length
• PKI
Signaling Protection
• Protect core from exponential
rise in transactions
VoLTE Rollout
• Low latency transport
• Sub-1 second recovery
New Threat Vectors
• S1 protocol/state validation
• SCTP filtering
11. How Secure Is Your Network?
1111
“They had reason to think, insiders said, that their
private, internal networks were safe from prying eyes.”
“Simply having a ‘private’ line doesn't mean that
you're not actually on a party line with the NSA.”
12. Caught in the Storm
121212
Common themes
“Unforeseen…”
“Widespread”…
“Costly to repair…”…
…
13. Unique RAN – Core Challenges
131313
‣ Unsecured backhaul
‣ Rapidly increasing throughput
‣ High tunnel density
‣ Ultra-low latency
‣ Directly impacts subscriber QoE
MME
SGW
Office
Home
Outdoor
Metrocell
Small
Cells
4G LTE
EPC
MME
SGW
EPC
E2E Latency Budget = 100 ms
VoLTE:
Low Latency
Small Packets
14. Impact of IPsec and Smaller Packets
141414
0%
20%
40%
60%
80%
100%
1518 1460 1280 1024 768 512 384 256 128 96
Throughput:%ofLineRate
Packet Size (Bytes)
512
Bytes
Loss of
Capacity
%ofTotalPackets
%EncryptedThroughput
IPsec
Small
Packets
Increased
Latency
Source: Stoke analysis of cumulative packet size distribution
16. The LTE Security Framework
16
S9
S1-C
Internet
S1-U S5/S8
S6A
Gx
Gz/Gy
Other LTE
Network
S11
RAN-Core
Border
SEG
The border between RAN and Core (S1) requires protection
against specific risks to critical infrastructure at that interface
New Protection Functions
- Control + user plane visibility
- RAN awareness
- Deeper EPC protection
DRA
SBC
IMS
Core
SGW
MME
CSCF
Internet Border
Policy / Charging
Control
SGi
18. Use Case: Security During Rapid Growth
and Unpredictability
181818
1.1
19.0
41.0
1Q11 2Q11 3Q11 4Q11 1Q12 3Q12 4Q12 2Q13 3Q13 4Q13 2014 2015
‣ Rapid 9-month
expansion
• 0–5k base stations
• 1 million subscribers
‣ Keep up with
demand
• 20x subscriber
increase
• Increased usage
‣ Maintain competitive
edge
• Add VoLTE
• Increase speed
New
Devices
New
Apps
Operator Objective:
Security + High Throughput + Low Latency
New
Services
Subscribers (M)
Source: Asian operator network fact book, press releases, and annual reports
19. Office
Home
Outdoor
Metrocell
Small
Cells
Use Case: Signaling Overload
‣ Signaling Overload Threats
• Application initiated
• Compromised eNodeBs
• Natural disasters
‣ Prioritized Traffic
• Already connected subscribers
• Specific eNodeBs
SGW
4G LTE
EPCMillions of
Service
Requests
MME
Application
Update
Server
QoE: Prioritize
19
20. Use Case: Small Cell Security
‣ Unsophisticated home owners
‣ Unsecured locations
‣ Much higher tunnel density
‣ Higher throughput per tunnel
MME
SGW
Office
Home
Small
Cells
4G LTE
EPC
100,000s Tunnels
Millions of
Tunnels
20
26. In Summary
‣ Network security is of increasing importance and even
so-called “private” networks are at risk
‣ VoLTE offers new, unique challenges to operators
‣ Signaling storms have already caused costly outages
‣ Carriers need a dedicated security element to secure the
RAN and protect the EPC
26
28. Audience Q&A
28
JoAnne Emery
Event Director
joanne@infonetics.com
Infonetics Research
(Moderator)
Dilip Pillaipakam
VP Product Management
and Marketing
dpillaipakam@stoke.com
Stoke
Stéphane Téral
Principal Analyst,
Mobile Infrastructure and
Carrier Economics
stephane@infonetics.com
Infonetics Research
#VoLTE
29. Thank You
This webcast will be available on-demand for 90 days
For additional Infonetics events, visit
https://www.infonetics.com/infonetics-events/
#VoLTE