Download - 4G Security White Paper
FIREWALL
APPLICATIONCONTROL
WIRELESS
ANTISPAM
FORTI FORTIOS
DLP
WAN OPTIMIZATION
ANTIVIRUS
IP
White Paper 4G Security
ASIC
APPLICATION CONTROL
WIRELESS DATABASE
ANTISPA VPN
FORTIOS
WEB FILTERIN
G
ROUTING
White Paper
4G Security
1. What is 4G and what is LTE
The need and the hunger for more bandwidth are growing rapidly.Fixed and Mobile network do increase speed indication of growth of speed versus time with mobile and fixed networks
The figure above shows
At the end of the mobile/wireless path you see the terminology LTE. LTE is short for Long Term Evolution. It comes from the fact that the 3GPP standardization body is defining more and more elements that builds together the new networks, concepts and archworld is adapting to these wireless architectures and concepts (eg usage of IMS in the TISPAN) Before we dive into this we must clarify a few things upfront.1st of all we must define the different names and acronymsconfusion while discussion the new technologies.What is LTE, SAE, EPS and EPC and what is the difference between them ?
• LTE stands for Long Term Evolution and is the new Radio Access Technology. It is the evolution of 2G Radio (GSM/GPRS Packet Radio Service) and 3G (WCDMA/HSPA
4G Security Whitepaper
4G and what is LTE – SAE – EPS – EPC
The need and the hunger for more bandwidth are growing rapidly. Fixed and Mobile network do increase speed dramatically. The picture below gives an indication of growth of speed versus time with mobile and fixed networks
The figure above shows the bandwidth increase over time
At the end of the mobile/wireless path you see the terminology LTE. LTE is short for Long Term
It comes from the fact that the 3GPP standardization body is defining more and more elements that builds together the new networks, concepts and architectures. Even the fixed and wireline world is adapting to these wireless architectures and concepts (eg usage of IMS in the TISPAN)
Before we dive into this we must clarify a few things upfront. of all we must define the different names and acronyms. Otherwise we would end up in a
confusion while discussion the new technologies. What is LTE, SAE, EPS and EPC and what is the difference between them ?
LTE stands for Long Term Evolution and is the new Radio Access Technology. It is the Radio (GSM/GPRS – Global System for Mobil Communication / General
Packet Radio Service) and 3G (WCDMA/HSPA – Wide Band CDMA / High Speed Packet
dramatically. The picture below gives an
the bandwidth increase over time.
At the end of the mobile/wireless path you see the terminology LTE. LTE is short for Long Term
It comes from the fact that the 3GPP standardization body is defining more and more elements itectures. Even the fixed and wireline
world is adapting to these wireless architectures and concepts (eg usage of IMS in the TISPAN)
. Otherwise we would end up in a
LTE stands for Long Term Evolution and is the new Radio Access Technology. It is the Global System for Mobil Communication / General
Wide Band CDMA / High Speed Packet
Access). It is therefore called as the 4G Radio Technology. It provides much faster bandwidth for radio cells as
The figure above shows
• SAE stands for System Architecture Evolution and is the name for the working group within the 3GPP. Its target is to work on the technical study and specifications towards an all-IP network. The work provided by this Architectural Group incorporates the overall 4G concept, incl. Radio and Core Networks. Its target was to simplify the network, make it more flexible, provides interworking with its course to make it much faster.
• EPC stands for Evolved Packet Core, and is defining the Core
independent of the radio access network assumptions of the different radio network are influencing the core. EPC work is including as well nonbetween different 3GPP (like GSM, WCDMA/HSPA and LTE) and nonradio-access technologies.
• EPS stands for Evolved Packet System. This includes LTE and EPC. It is the outcome of
the SAE working group and describing and specifying thnetwork. The documents describe not only 3GPP radioWCDMA/HSPA and LTE) it is including nonWiMAX, etc).
Access). It is therefore called as the 4G Radio Technology. It provides much faster bandwidth for radio cells as shown in the figure below
The figure above shows the mobile up/downstream bandwidth evolution
SAE stands for System Architecture Evolution and is the name for the working group within the 3GPP. Its target is to work on the technical study and specifications towards
IP network. The work provided by this Architectural Group incorporates the erall 4G concept, incl. Radio and Core Networks. Its target was to simplify the
network, make it more flexible, provides interworking with its predecessor course to make it much faster.
EPC stands for Evolved Packet Core, and is defining the Core network itself. It is independent of the radio access network – this is not totally true since some basic assumptions of the different radio network are influencing the core. EPC work is including as well non-3GPP radio technology and of course mobility prbetween different 3GPP (like GSM, WCDMA/HSPA and LTE) and non-
access technologies.
EPS stands for Evolved Packet System. This includes LTE and EPC. It is the outcome of the SAE working group and describing and specifying the new 4G radio and core network. The documents describe not only 3GPP radio-access technologies (like GSM, WCDMA/HSPA and LTE) it is including non-3GPP radio-access technologies (like WLAN,
Access). It is therefore called as the 4G Radio Technology. It provides much faster
the mobile up/downstream bandwidth evolution.
SAE stands for System Architecture Evolution and is the name for the working group within the 3GPP. Its target is to work on the technical study and specifications towards
IP network. The work provided by this Architectural Group incorporates the erall 4G concept, incl. Radio and Core Networks. Its target was to simplify the
predecessor and of
network itself. It is this is not totally true since some basic
assumptions of the different radio network are influencing the core. EPC work is 3GPP radio technology and of course mobility procedures
-3GPP (like WLAN)
EPS stands for Evolved Packet System. This includes LTE and EPC. It is the outcome of e new 4G radio and core access technologies (like GSM,
access technologies (like WLAN,
The figure above shows a Now that we know what are the acronyms stands for and what they cover the next questions are: “Why this new technology”, “Who needs 4G” and finally “Commercial implications of 4G”However, this goes beyond the purpose of this document, but bandwidth is aand 2G/3G is not fast enough for many applications, the world is moving on, more applications for mobile users, higher throughput, faster access, IPv6 capabilities, VoIP, IPTV, etc. Just to name a few topics that can be easily covered by L The eNodebs will be meshed for an optimization of the traffic while handovers as shown in the figure below. The interface between the eNodeBs are called X2, and the interface between eNodeBs and MME/S-GW are called S1 (
The figure above shows a 3G and a 4G network.
Now that we know what are the acronyms stands for and what they cover the next questions are: “Why this new technology”, “Who needs 4G” and finally “Commercial implications of 4G”However, this goes beyond the purpose of this document, but bandwidth is aand 2G/3G is not fast enough for many applications, the world is moving on, more applications for mobile users, higher throughput, faster access, IPv6 capabilities, VoIP, IPTV, etc. Just to name a few topics that can be easily covered by LTE/SAE or just the new 4G networks.
The eNodebs will be meshed for an optimization of the traffic while handovers as shown in the figure below. The interface between the eNodeBs are called X2, and the interface between
GW are called S1 (S1-MME and S1-SGW)
Now that we know what are the acronyms stands for and what they cover the next questions are: “Why this new technology”, “Who needs 4G” and finally “Commercial implications of 4G” However, this goes beyond the purpose of this document, but bandwidth is always increasing and 2G/3G is not fast enough for many applications, the world is moving on, more applications for mobile users, higher throughput, faster access, IPv6 capabilities, VoIP, IPTV, etc. Just to
TE/SAE or just the new 4G networks.
The eNodebs will be meshed for an optimization of the traffic while handovers as shown in the figure below. The interface between the eNodeBs are called X2, and the interface between
2. How 4G works
Mobile Radio evolution: Long Term Evolution (LTE) is boost and much better spectral efficiency to the successor between WiMAX and LTE. After quite some time it is now clear that LTE is the follow-on of UMTS (and its improvements) and now called 4G. preconditions to have a smooth migration from 2G/realized, but due to the constraints it was the best solution found.This was a key requirement and allows previous standards and LTE. LTE is the latest approved generation of the 3GPP standardsR10) do describe HNB (HomeNodeB for 3G), HeNB (Homeenhancements. HNB and H(e)NB are commonly known as Femtocellsspecifies an IP-only networkThese high data rates will enables new applications and services such as voice over IP, streaming multimedia, videoconferencing or even a highstep in the LTE development. While in previous standards (GSM and UMTS), VoIP was possible, and Circuit-Switched Voice was the standard way for placing calls, it has changed with the advent of LTE/SAE. VoIP is now the proposed standard way for placing calls. LTE speeds will be equivalent to what today’s user might see at home on a or fast cable modem. The LTE standard is designed to enable 1uplink over a wide area. While 1each user’s bandwidth will depend on how carriers deploy their network and available bandwidth. Supporting high rates and reducing Here are some highlights of the LTE standard:
• Peak data rate • Control-plane latency• Control-plane capacity
Long Term Evolution (LTE) is meaningful because it will bring up to a 40-times and much better spectral efficiency to mobile networks. After 3G a race was opened for
the successor between WiMAX and LTE. After quite some time it is now clear that LTE is the on of UMTS (and its improvements) and now called 4G. LTE was build around the
preconditions to have a smooth migration from 2G/2,5G and 3G into 4G. It is not completely realized, but due to the constraints it was the best solution found. This was a key requirement and allows seamless handoff and complete connectivity between previous standards and LTE.
generation of the 3GPP standards (Rel 8). Later generations (R9 and R10) do describe HNB (HomeNodeB for 3G), HeNB (Home-e-NodeB for 4G) and further enhancements. HNB and H(e)NB are commonly known as Femtocells. The LTE standard
only network supporting data rates up to 160/50 Mbps (downstream/upstream)These high data rates will enables new applications and services such as voice over IP, streaming multimedia, videoconferencing or even a high-speed cellular modem.
LTE development. While in previous standards (GSM and UMTS), VoIP was possible, Switched Voice was the standard way for placing calls, it has changed with the
advent of LTE/SAE. VoIP is now the proposed standard way for placing calls.
eeds will be equivalent to what today’s user might see at home on a newest DSL modem fast cable modem. The LTE standard is designed to enable 160 Mbps downlink and 50 Mbps
uplink over a wide area. While 160/50 Mbps is LTE’s theoretical top downlink/each user’s bandwidth will depend on how carriers deploy their network and available
and reducing power was a key design challenge.
Here are some highlights of the LTE standard:
latency plane capacity
times performance After 3G a race was opened for
the successor between WiMAX and LTE. After quite some time it is now clear that LTE is the was build around the
2,5G and 3G into 4G. It is not completely
seamless handoff and complete connectivity between
Later generations (R9 and and further
The LTE standard (downstream/upstream).
These high data rates will enables new applications and services such as voice over IP, speed cellular modem. VoIP is a major
LTE development. While in previous standards (GSM and UMTS), VoIP was possible, Switched Voice was the standard way for placing calls, it has changed with the
advent of LTE/SAE. VoIP is now the proposed standard way for placing calls.
newest DSL modem 0 Mbps downlink and 50 Mbps
downlink/uplink speed, each user’s bandwidth will depend on how carriers deploy their network and available
• Minimum 200 concurrent within the spectrum allocations
• User-plane latency • Important for the VoIP usage and the overall user experience is the latency of l
than 5 ms in unload condition• User throughput
• Downlink: 160MHz• Uplink: 50MHz
• Spectrum efficiency• Mobility
• Coverage • Throughput, spectrum efficiency and mobility targets above should be met for 5 km
cells, and with a
• Spectrum flexibility • Co-existence and Inter• Architecture and migration• Radio Resource Management requirements
• Enhanced support for end to end QoS• Efficient support for tra• Support of load sharing and policy management across different Radio Access
Technologies The picture below shows the network evolution and crossWCDMA, WLAN and LTE. It is obvious that 2G/3G, WCDMA the Circuit Switched world. In contrast 4G and non 3GPP (such as WLAN) do have only a connection to the IMS network, which in turn can convert VoIP intothe normal case.
The figure above shows a
concurrent users per cell should be supported in the active state spectrum allocations of up to 5 MHz
Important for the VoIP usage and the overall user experience is the latency of l
ms in unload condition for small IP packet
Downlink: 160MHz
Spectrum efficiency
Throughput, spectrum efficiency and mobility targets above should be met for 5 km cells, and with a slight degradation for 30 km cells.
existence and Inter-working with 3GPP Radio Access Technology (RAT)
Architecture and migration Radio Resource Management requirements
Enhanced support for end to end QoS Efficient support for transmission of higher layers Support of load sharing and policy management across different Radio Access
the network evolution and cross-site interworking with 2G/3G, WCDMA, WLAN and LTE. It is obvious that 2G/3G, WCDMA –GERAN and UTRANthe Circuit Switched world. In contrast 4G and non 3GPP (such as WLAN) do have only a connection to the IMS network, which in turn can convert VoIP into Circuit Switched. So VoIP is
shows an overview of different wireless technologies and their
attachment to the PSTN and the PDN.
users per cell should be supported in the active state
Important for the VoIP usage and the overall user experience is the latency of less
Throughput, spectrum efficiency and mobility targets above should be met for 5 km
working with 3GPP Radio Access Technology (RAT)
Support of load sharing and policy management across different Radio Access
site interworking with 2G/3G, GERAN and UTRAN- are connected to
the Circuit Switched world. In contrast 4G and non 3GPP (such as WLAN) do have only a Circuit Switched. So VoIP is
overview of different wireless technologies and their
The Evolution from 2G, 2,5G and 3G towards 4G4G is the natural evolution of 2G and 3G. Introducing 2G or GSM quite some time ago was a huge step. It gives the freedom to make calls while moving. It comes with less audio quality then we were know from the PSTN (toll quality speech connection, 64kbps, – once properly dimensioned, etc). With GSM it was different, voice quality was not as good as in PSTN, but we gained mobility, always reachable! GPRS was the next step, known a s 2,5G. It was introducing data traffic in a more sophisticomparing to 3G or even 4G it was as fast as snail. But we got data onto the 2G network. Radio Technology was not changing, it was just an update on how we can use the timeslots in the radio network more efficientchanges in the Radio Access Network technology). 2G networks consist out of
• ME (Mobile Equipment) • BTS (Base Station Transceiver)
between the ME and the operators network• BSC (Base Station Controller)
network thousands of BTS do exist, they need a hierarchy to be centrally controlled• TCE (Transcoding Equipment)
64kbps Codec G.711” • MSC (Mobile Switching Center)
from the PSTN, receives SS7 messages, analyze them and mthem
• VLR (Visiting Location Register) can be reached in this network and where reached
• HLR (Home Location Register) belonging to this network can be reached.
• EIR and AuC (Equipment Identification Register and Authentication Center) elements do identify the user equipment, the user and its credentials whether is his allowed to make calls
• GMSC (Gateway Mobile Switching Center) network to the PSTN )the Public Switched Telephone Network)
Additional elements for the upgrade towards the
• SGSN (Serving GPRS Support Node) network. It plays a key role in the mobility of users with its data applications.
The Evolution from 2G, 2,5G and 3G towards 4G 4G is the natural evolution of 2G and 3G. Introducing 2G or GSM quite some time ago was a huge step. It gives the freedom to make calls while moving. It comes with less audio quality then we were know from the PSTN (toll quality speech connection, 64kbps,
once properly dimensioned, etc). With GSM it was different, voice quality was not as good as in PSTN, but we gained mobility, always reachable! GPRS was the next step, known a s 2,5G. It was introducing data traffic in a more sophistic way. Speed was for this time quite high, comparing to 3G or even 4G it was as fast as snail. But we got data onto the 2G network. Radio Technology was not changing, it was just an update on how we can use the timeslots in the radio network more efficient, therefore only 2,5G (it is named 2,5G because there are no changes in the Radio Access Network technology).
ME (Mobile Equipment) - the user handset BTS (Base Station Transceiver) – the Radio Equipment terminating the Radio Lbetween the ME and the operators network BSC (Base Station Controller) – the logical unit controlling many BTS network thousands of BTS do exist, they need a hierarchy to be centrally controlledTCE (Transcoding Equipment) – a device transcoding Mobile Codecs into “the fixed 64kbps Codec G.711” – later on this functionality moved into the MSCMSC (Mobile Switching Center) – this device is controlling the BCS. It acts like a Switch from the PSTN, receives SS7 messages, analyze them and make decision where to route
VLR (Visiting Location Register) – basically a database hosting information which user can be reached in this network and where – which radio node is close
HLR (Home Location Register) - basically a database hosting information where a user belonging to this network can be reached. EIR and AuC (Equipment Identification Register and Authentication Center) elements do identify the user equipment, the user and its credentials whether is his
make calls GMSC (Gateway Mobile Switching Center) – this device is connecting the mobile network to the PSTN )the Public Switched Telephone Network)
The figure above shows a 2G network.
Additional elements for the upgrade towards the 2,5G network are the SGSN and the GGSNSGSN (Serving GPRS Support Node) – this element is similar to the MSC in the 2G core network. It plays a key role in the mobility of users with its data applications.
4G is the natural evolution of 2G and 3G. Introducing 2G or GSM quite some time ago was a huge step. It gives the freedom to make calls while moving. It comes with less audio quality then we were know from the PSTN (toll quality speech connection, 64kbps, almost no busy sign
once properly dimensioned, etc). With GSM it was different, voice quality was not as good as in PSTN, but we gained mobility, always reachable! GPRS was the next step, known a s 2,5G. It
c way. Speed was for this time quite high, comparing to 3G or even 4G it was as fast as snail. But we got data onto the 2G network. Radio Technology was not changing, it was just an update on how we can use the timeslots in the
, therefore only 2,5G (it is named 2,5G because there are no
the Radio Equipment terminating the Radio Link
the logical unit controlling many BTS – in an operator network thousands of BTS do exist, they need a hierarchy to be centrally controlled
ranscoding Mobile Codecs into “the fixed later on this functionality moved into the MSC
this device is controlling the BCS. It acts like a Switch ake decision where to route
basically a database hosting information which user which radio node is close - it can be
base hosting information where a user
EIR and AuC (Equipment Identification Register and Authentication Center) – this elements do identify the user equipment, the user and its credentials whether is his
this device is connecting the mobile
2,5G network are the SGSN and the GGSN this element is similar to the MSC in the 2G core
network. It plays a key role in the mobility of users with its data applications.
• GGSN (Gateway GPRS Support Node network. It acts as the anchor point for the mobility management of users with its data applications.
The figure above shows a 2G 3G is mainly known as UMTS (Universal Mobile Telephony System). reworked radio technology (UTRAN UMTS Terrestrial Radio Access Network). It still uses the 2G mobile network for voice communication, while updating the radio part. The task was that the core network shall be re-used. It brings much fasThe mobile core elements shown in the figure above (the 2G network with the MSC/GMSC, BTS, BSC, VLR, HLR, AuC and EIR, and for the 2,5G network with the SGSN and GGSN) are used again in the 3G mobile core network.
The figure above shows a 2G The 2G, 2,5G and 3G network is using the introduced new interfaces and reference points. As indicated in the picture above 2,5G was adding with the SGSN and the GGSN 2 new Core Nodes, while leaving the Radio Access Network –RAN- untouched (called GERAN). 3G was leaving the Core Nodes
GGSN (Gateway GPRS Support Node – this element is similar to the GMSC in the 2G network. It acts as the anchor point for the mobility management of users with its data
The figure above shows a 2G and 2,5G network.
3G is mainly known as UMTS (Universal Mobile Telephony System). It comes with a new reworked radio technology (UTRAN UMTS Terrestrial Radio Access Network). It still uses the 2G mobile network for voice communication, while updating the radio part. The task was that the
used. It brings much faster speed and higher throughput.The mobile core elements shown in the figure above (the 2G network with the MSC/GMSC, BTS, BSC, VLR, HLR, AuC and EIR, and for the 2,5G network with the SGSN and GGSN) are used again in the 3G mobile core network.
The figure above shows a 2G, 2,5 and 3G network.
The 2G, 2,5G and 3G network is using the same protocols between the nodes. introduced new interfaces and reference points. As indicated in the picture above 2,5G was adding with the SGSN and the GGSN 2 new Core Nodes, while leaving the Radio Access Network
untouched (called GERAN). 3G was leaving the Core Nodes untouched and changed the
similar to the GMSC in the 2G network. It acts as the anchor point for the mobility management of users with its data
It comes with a new reworked radio technology (UTRAN UMTS Terrestrial Radio Access Network). It still uses the 2G mobile network for voice communication, while updating the radio part. The task was that the
ter speed and higher throughput. The mobile core elements shown in the figure above (the 2G network with the MSC/GMSC, BTS, BSC, VLR, HLR, AuC and EIR, and for the 2,5G network with the SGSN and GGSN) are used again
protocols between the nodes. 2,5G and 3G introduced new interfaces and reference points. As indicated in the picture above 2,5G was adding with the SGSN and the GGSN 2 new Core Nodes, while leaving the Radio Access Network
untouched and changed the
Radio Access Network towards the UTRAN. This way the interfaces and reference points within the Core Networks did not changed. Only throughput was increased. The new 4G network is changing with the stepwise approach: with the steVoice is still circuit switched, while the new Data Network is packet switched. From 2.5G to 3G Voice stays the same (circuit switched), and new Data Network is again packet switched. Updates are required on the radio interfaces and mobiltowards 4G brings a major step. Voice is now packet switched (with the attached IMS network), the Data Network is using new core components as shown below.
In the radio network the 3G NodeB will be replaced at LTE with the eNodeB. The newly introduced MME (Mobility Management Entity), S(Packet Data Network Gateway) do replace the SGSN/GGSN architecture of the older 2,5G/3G.
The figure above shows
Radio Access Network towards the UTRAN. This way the interfaces and reference points within the Core Networks did not changed. Only throughput was increased.
The new 4G network is changing with the stepwise approach: with the step from 2G to 2,5G Voice is still circuit switched, while the new Data Network is packet switched. From 2.5G to 3G Voice stays the same (circuit switched), and new Data Network is again packet switched. Updates are required on the radio interfaces and mobile equipment. The update from 3G towards 4G brings a major step. Voice is now packet switched (with the attached IMS network), the Data Network is using new core components as shown below.
The figure above shows a 4G network.
In the radio network the 3G NodeB will be replaced at LTE with the eNodeB. The newly introduced MME (Mobility Management Entity), S-GW (Serving Gateway) and PDN GW (Packet Data Network Gateway) do replace the SGSN/GGSN architecture of the older 2,5G/3G.
The figure above shows the 3GPP evolution path from R6 to
Radio Access Network towards the UTRAN. This way the interfaces and reference points within
p from 2G to 2,5G Voice is still circuit switched, while the new Data Network is packet switched. From 2.5G to 3G Voice stays the same (circuit switched), and new Data Network is again packet switched.
e equipment. The update from 3G towards 4G brings a major step. Voice is now packet switched (with the attached IMS network),
In the radio network the 3G NodeB will be replaced at LTE with the eNodeB. GW (Serving Gateway) and PDN GW
(Packet Data Network Gateway) do replace the SGSN/GGSN architecture of the older 2,5G/3G.
the 3GPP evolution path from R6 to R8
A fundamental step in the 4G networking is the introduction of VoLTE. VoLTEa dedicated way of the VoIP technology. Based on IMS networking the Voice Communication is treated in the IMS Domain. The figure below indicates that over time the Operator adds network after network.
Starting from the 2G network with the GERAN and the Circuit Switched Network (2 networks) he migrates over to 2.5G still with GERAN, the Circuit Switched Network and a Packet Core Network (3 networks) the next evolution step was the introduction of the 3G time the Operator moves into network with UTRAN, the Circuit Switched Network and a Packet Core Networkintroduction of LTE and the parallel appearance of nonOperators owns 6 Networks Network and the IMS). When looking at OPEX it becomes obvious that for commercial reasons the amount of networks to operate must be decreased. FuCircuit Switched Network reached enddevelopment is done, etc. After some time the new network of the Operator will look like the following figure.
A fundamental step in the 4G networking is the introduction of VoLTE. VoLTEa dedicated way of the VoIP technology. Based on IMS networking the Voice Communication is treated in the IMS Domain. The figure below indicates that over time the Operator adds
Starting from the 2G network with the GERAN and the Circuit Switched Network (2 networks) he migrates over to 2.5G still with GERAN, the Circuit Switched Network and a Packet Core Network (3 networks) the next evolution step was the introduction of the 3G time the Operator moves into 4 (later after the switch-off of the GERAN network into 3)
RAN, the Circuit Switched Network and a Packet Core Networkintroduction of LTE and the parallel appearance of non-3GPP networks (such as WiFi) the Operators owns 6 Networks (3 RAN networks, the Circuit Switched Network, the Packet Core
. When looking at OPEX it becomes obvious that for commercial reasons the amount of networks to operate must be decreased. Further to that, the lifetime of the Circuit Switched Network reached end-of-life. Hardware components are not available, no
After some time the new network of the Operator will look like the following figure.
A fundamental step in the 4G networking is the introduction of VoLTE. VoLTE is Voice-over-LTE, a dedicated way of the VoIP technology. Based on IMS networking the Voice Communication is treated in the IMS Domain. The figure below indicates that over time the Operator adds
Starting from the 2G network with the GERAN and the Circuit Switched Network (2 networks) he migrates over to 2.5G still with GERAN, the Circuit Switched Network and a Packet Core Network (3 networks) the next evolution step was the introduction of the 3G network. At this
off of the GERAN network into 3) RAN, the Circuit Switched Network and a Packet Core Network. With the
ks (such as WiFi) the , the Circuit Switched Network, the Packet Core
. When looking at OPEX it becomes obvious that for commercial reasons rther to that, the lifetime of the
life. Hardware components are not available, no
After some time the new network of the Operator will look like the following figure.
The number of networks decreased to 2 RAN (LTE and WiFi) and 2 Core networks (evolved Packet Core and the IMS). This way OPEX saving can be achieved.However, the introduction of VoLTE is not an easy transition. At day 1 there is no complete coverage of LTE (base for VoLTFallBack). Another possible intermediate step as show below is the SRContinuation Communication).
A substantial effort while working on the new 4G standards was spend for integrating and interworking with the existing 2G, 2,5G and 3G networks. The concept was made such that interworking with non-3GPP radio technologies, such as WLAN and WiMAX, is po
tworks decreased to 2 RAN (LTE and WiFi) and 2 Core networks (evolved Packet Core and the IMS). This way OPEX saving can be achieved. However, the introduction of VoLTE is not an easy transition. At day 1 there is no complete coverage of LTE (base for VoLTE). During this time the fallback solution is CSFB (CircuitFallBack). Another possible intermediate step as show below is the SR-VCC (SingleContinuation Communication). There are all possible migration steps possible as shown below.
A substantial effort while working on the new 4G standards was spend for integrating and interworking with the existing 2G, 2,5G and 3G networks. The concept was made such that
3GPP radio technologies, such as WLAN and WiMAX, is po
tworks decreased to 2 RAN (LTE and WiFi) and 2 Core networks (evolved
However, the introduction of VoLTE is not an easy transition. At day 1 there is no complete E). During this time the fallback solution is CSFB (Circuit-Switch
VCC (Single-Radio Voice There are all possible migration steps possible as shown below.
A substantial effort while working on the new 4G standards was spend for integrating and interworking with the existing 2G, 2,5G and 3G networks. The concept was made such that
3GPP radio technologies, such as WLAN and WiMAX, is possible as well.
The figure above shows a
As can be seen in the picture above, all kind of RAN (Radio Access Technology) can be connected together. 2G is attached via the BTS/BSC towards the SGSN. 3G is attached via the SGSN or directly to the SMME. To make things more complex (there is always a trade off between feature richness and complexity) is that 4G is designed to work with other technologieindicated in the picture below (so called non
The figure above shows a 4G core network, with 2G and 3G RAN
As can be seen in the picture above, all kind of RAN (Radio Access Technology) can be connected together. 2G is attached via the BTS/BSC towards the SGSN. 3G is attached via the SGSN or directly to the S-GW. While 4G is connected straightforward to the S
To make things more complex (there is always a trade off between feature richness and complexity) is that 4G is designed to work with other technologies, such as WLAN, WiMAX as indicated in the picture below (so called non-3GPP Access.
, with 2G and 3G RAN.
As can be seen in the picture above, all kind of RAN (Radio Access Technology) can be connected together. 2G is attached via the BTS/BSC towards the SGSN. 3G is attached either
GW. While 4G is connected straightforward to the S-GW and
To make things more complex (there is always a trade off between feature richness and s, such as WLAN, WiMAX as
The figure above shows a 4G core network, non
More complexity Another level of complexity is added due to the fact that the capability of Handover and Roaming between different operators, between different Radio Access technologies (3GPP and non-3GPP) and different Mobile Core technologies (3G and 4G) are applicable.case would be crossing the border between France and Spain and switching from LTE with Operator A in Country X to UMTS with Operator B in Country Y. This gives a handful matrix options for interworking between the different RAN (Radio Accessdifferent CN (Core Networks). With a single user database that must be reachable from all sites. In the following figures the protocolMobility Management Entity GW – Serving Gateway - (for data traffic) is shown.
The figure above shows a 4G core network, non-3GPP Access Networks.
Another level of complexity is added due to the fact that the capability of Handover and Roaming between different operators, between different Radio Access technologies (3GPP and
3GPP) and different Mobile Core technologies (3G and 4G) are applicable.case would be crossing the border between France and Spain and switching from LTE with Operator A in Country X to UMTS with Operator B in Country Y. This gives a handful matrix options for interworking between the different RAN (Radio Access Network) technologies and different CN (Core Networks). With a single user database that must be reachable from all sites.
In the following figures the protocol stack between the UE – User Equipment Mobility Management Entity - (for signaling) and between the UE – User Equipment
(for data traffic) is shown.
3GPP Access Networks.
Another level of complexity is added due to the fact that the capability of Handover and Roaming between different operators, between different Radio Access technologies (3GPP and
3GPP) and different Mobile Core technologies (3G and 4G) are applicable. A typical use case would be crossing the border between France and Spain and switching from LTE with Operator A in Country X to UMTS with Operator B in Country Y. This gives a handful matrix
Network) technologies and different CN (Core Networks). With a single user database that must be reachable from all sites.
User Equipment - and the MME – User Equipment - and the S-
The figure above shows
The figure above shows
The figure above shows the protocol stack for Signaling
The figure above shows the protocol stack for Data Traffic
the protocol stack for Signaling.
the protocol stack for Data Traffic.
The figure above shows Obviously between the eNodeB and the MME runs the S1AP protocol to control the radio, and other important functions (call control and session management) on top of SCTP. Between the eNodeB and the S-GW runs the application protocol direct on top of the enhanced GTP protocol.
3. 4G Security
After many discussion about 4G Security one will see that many interpretation of “what is 4G Security” exists.
The figure above shows the protocol stack for Control Traffic
the eNodeB and the MME runs the S1AP protocol to control the radio, and other important functions (call control and session management) on top of SCTP. Between the
GW runs the application protocol direct on top of the enhanced GTP protocol.
After many discussion about 4G Security one will see that many interpretation of “what is 4G
the protocol stack for Control Traffic.
the eNodeB and the MME runs the S1AP protocol to control the radio, and other important functions (call control and session management) on top of SCTP. Between the
GW runs the application protocol direct on top of the enhanced GTP protocol.
After many discussion about 4G Security one will see that many interpretation of “what is 4G
In the figure above a few 4G Security domains are shown. The most important one (and most people talk about this) is the Mobile Backhauling. The second most important Security domain is the Evolved Packet Core Security. This deals with the protection of thSGW, PGW, HSS, etc). Another Security domain is the SGi interface, providing security from/to the public Internet. Further we have Roaming Security, IMS Security, WiFi Offloading Security and some more. Whenever Broadband is around, traffic generators. With the advent of Smartphones and Femtmanipulate end-devices in order to attack Carriers Networks at largebenefit of LTE will arise out the fact that users will plug in adaptors into Laptop/Notebooks/Netbooks to get a highLaptop/Notebooks/Netbooks will have a direct connection to the mobile network and malware on these devices can be send via the LTE highaware of this malfunction, but it looks like a huge mobile botnet. has to be protected in various ways and levels (from layer 1 to layer 7)security within the „LTE stack“ Information Security at 4G networks is based on:
� System Security � Application Security� Protocol Security � Platform Security � Security Primitives (eg Cryptography)
The 3GPP standardization has defined 5meets certain threats and accomplishes certain security objectives:
• Network access security (I):access to services, and which in particular plink.
• Network domain security (II):securely exchange signalling data, user data (between AN and SN and within AN), and protect against attacks on the wireline n
• User domain security (III):stations.
• Application domain security (IV):in the user and in the provider domain to securely exchange messages.
• Visibility and configurability of security (V):to inform himself whether a security featand provision of services should depend on the security feature.
In the figure above a few 4G Security domains are shown. The most important one (and most people talk about this) is the Mobile Backhauling. The second most important Security domain is the Evolved Packet Core Security. This deals with the protection of the Core elements (MME, SGW, PGW, HSS, etc). Another Security domain is the SGi interface, providing security from/to the public Internet. Further we have Roaming Security, IMS Security, WiFi Offloading Security
Whenever Broadband is around, it opens the door for intruders, hackers and other malicWith the advent of Smartphones and Femto/Pico-Cells hackers can infect or
devices in order to attack Carriers Networks at large. A broad usage and E will arise out the fact that users will plug in adaptors into
Laptop/Notebooks/Netbooks to get a high-speed connection while traveling. This way, Laptop/Notebooks/Netbooks will have a direct connection to the mobile network and malware
an be send via the LTE high-speed link to the mobile core. User might not be aware of this malfunction, but it looks like a huge mobile botnet. Thereforehas to be protected in various ways and levels (from layer 1 to layer 7) - different security within the „LTE stack“.
Information Security at 4G networks is based on:
Application Security
Security Primitives (eg Cryptography)
The 3GPP standardization has defined 5 security feature groups. Each of these meets certain threats and accomplishes certain security objectives:
Network access security (I): the set of security features that provide users with secure access to services, and which in particular protect against attacks on the (radio) access
Network domain security (II): the set of security features that enable nodes to securely exchange signalling data, user data (between AN and SN and within AN), and protect against attacks on the wireline network. User domain security (III): the set of security features that secure access to mobile
Application domain security (IV): the set of security features that enable applications in the user and in the provider domain to securely exchange messages.Visibility and configurability of security (V): the set of features that enables the user to inform himself whether a security feature is in operation or not and whether the use and provision of services should depend on the security feature.
In the figure above a few 4G Security domains are shown. The most important one (and most people talk about this) is the Mobile Backhauling. The second most important Security domain
e Core elements (MME, SGW, PGW, HSS, etc). Another Security domain is the SGi interface, providing security from/to the public Internet. Further we have Roaming Security, IMS Security, WiFi Offloading Security
it opens the door for intruders, hackers and other malicious Cells hackers can infect or . A broad usage and
speed connection while traveling. This way, Laptop/Notebooks/Netbooks will have a direct connection to the mobile network and malware
speed link to the mobile core. User might not be e Carrier Networks ifferent levels of
security feature groups. Each of these feature groups
the set of security features that provide users with secure rotect against attacks on the (radio) access
the set of security features that enable nodes to securely exchange signalling data, user data (between AN and SN and within AN), and
the set of security features that secure access to mobile
the set of security features that enable applications in the user and in the provider domain to securely exchange messages.
the set of features that enables the user ure is in operation or not and whether the use
The figure above shows
The 3GPP standardization about “Network Domain Security Architecture” is here the usage of IPSec Tunnels between internal and external equipment. IPSec transports all kind of traffic (due its flexibility). All kind means here TCP, SCTP, UDP, and it means good traffic and bad traffic (any kind of malware), which can trasince FW can not decrypt this traffic. The standards define the following:
• Security Gateways (SEGs) are entities on the borders of the IP security domains and will be used for securing native IP based protocols.communication over the Zasecurity domains.
• All NDS/IP traffic shall pass through a SEG before entering or leaving the security domain. Each security domain can have
• The security gateways shall be responsible for enforcing security policies for the interworking between networks. The security may include filtering policies and firewall functionality not required in this specification.
• SEGs are responsible for security sensitive operations and shall be physically secured. They shall offer capabilities for secure storage of longIKEv2 authentication.
The figure above shows the 3GPP security architecture
The 3GPP standardization about “Network Domain Security Architecture” is here the usage of IPSec Tunnels between internal and external equipment. IPSec transports all kind of traffic (due its flexibility). All kind means here TCP, SCTP, UDP, and it means good traffic and bad traffic (any kind of malware), which can travel along the path without being inspected, since FW can not decrypt this traffic.
The standards define the following: Security Gateways (SEGs) are entities on the borders of the IP security domains and will be used for securing native IP based protocols. The SEGs are defined to handle communication over the Za-interface, which is located between SEGs from different IP
All NDS/IP traffic shall pass through a SEG before entering or leaving the security domain. Each security domain can have one or more SEGs. The security gateways shall be responsible for enforcing security policies for the interworking between networks. The security may include filtering policies and firewall functionality not required in this specification.
sible for security sensitive operations and shall be physically secured. They shall offer capabilities for secure storage of long-term keys used for IKEv1 and IKEv2 authentication.
security architecture
The 3GPP standardization about “Network Domain Security Architecture” is here defining only the usage of IPSec Tunnels between internal and external equipment. IPSec transports all kind of traffic (due its flexibility). All kind means here TCP, SCTP, UDP, and it means good traffic
vel along the path without being inspected,
Security Gateways (SEGs) are entities on the borders of the IP security domains and will The SEGs are defined to handle
interface, which is located between SEGs from different IP
All NDS/IP traffic shall pass through a SEG before entering or leaving the security
The security gateways shall be responsible for enforcing security policies for the interworking between networks. The security may include filtering policies and firewall
sible for security sensitive operations and shall be physically secured. term keys used for IKEv1 and
The figure above shows a Protection of IP-based interfaces in EPS is implemented in accordance with recommendations outlinNetwork Domain IP-based (NDS/IP) interfaces. Security protection is provided at the network layer using IPSec security protocols as defined by the IETF in RFC 2401 [IPSec].
Security protocol Encapsulating security payload ESP (RFC 4303/2406) with support for RFC 4303 as Priority
Security mode Tunnel (mandatory)Transport (optional)
Encryption algorithms
Null (RFC 2410), 3DESblock size, AES
Authentication algorithm
HMAC-SHAto be su
Security association Single (mandatory)Bundle (optional)
However, in the 3GPP standards the security is more relying on purely IPSec between the different nodes. It is obvious when thinking about the location of eNodeBscan´t prevent from using IPSec as the network connection method between eNodeBs and the Core elements (MME, SGW, HSS, PCRF, PDNGW). A hacker can open the plain IP connection and insert easily a Switch – with a short inthe Switch the hacker could eavesdrop the complete network traffic (signaling, media and OAM traffic). Another step for the hacker would be then to insert special crafted packet to bring down the core elements (overloading)
The figure above shows a 3GPP network domain security approach
based interfaces in EPS is implemented in accordance with recommendations outlined in 33.210 [10], which define the security architecture for
based (NDS/IP) interfaces. Security protection is provided at the using IPSec security protocols as defined by the IETF in RFC 2401 [IPSec].
Encapsulating security payload ESP (RFC 4303/2406) with support for RFC 4303 as Priority
Tunnel (mandatory) Transport (optional)
Null (RFC 2410), 3DES-CBC (RFC 2405/2451) with 3x64-block size, AES-CBC (RFC 3602) with 128-bit key, 128-bit block size
SHA-1-96 (RFC 2404) with 160-bit key, 512-bit block size, Null is not to be supported
Single (mandatory) Bundle (optional)
However, in the 3GPP standards the security is more relying on purely IPSec between the
It is obvious when thinking about the location of eNodeBs that physical security is a must but can´t prevent from using IPSec as the network connection method between eNodeBs and the Core elements (MME, SGW, HSS, PCRF, PDNGW). A hacker can open the plain IP connection and
with a short interruption of the traffic. When connecting a computer to the Switch the hacker could eavesdrop the complete network traffic (signaling, media and OAM traffic). Another step for the hacker would be then to insert special crafted packet to bring
e elements (overloading).
domain security approach
based interfaces in EPS is implemented in accordance with the security architecture for
based (NDS/IP) interfaces. Security protection is provided at the using IPSec security protocols as defined by the IETF in RFC 2401 [IPSec].
Encapsulating security payload ESP (RFC 4303/2406) with support for RFC
-bit key, 64-bit bit block size
bit block size, Null is not
However, in the 3GPP standards the security is more relying on purely IPSec between the
that physical security is a must but can´t prevent from using IPSec as the network connection method between eNodeBs and the Core elements (MME, SGW, HSS, PCRF, PDNGW). A hacker can open the plain IP connection and
terruption of the traffic. When connecting a computer to the Switch the hacker could eavesdrop the complete network traffic (signaling, media and OAM traffic). Another step for the hacker would be then to insert special crafted packet to bring
Some eNodeBs are hard to hack … see pictures below
Some eNodeBs are easier to access … see pictures below
Some eNodeBs are easy to hack … see pictures below
Some eNodeBs are hard to hack … see pictures below
Some eNodeBs are easier to access … see pictures below
Some eNodeBs are easy to hack … see pictures below
For this reason it is recommended to use IPSec bet
Thru the usage of IPSec you can prevent hackers to eavesdrop and easily insert malicious crated packet, or easily generate a DOS attack by inserting millions of SCTP INIT packet, resulting in an overload situation Important is further to define the IPSec setup: how to connect the eNodeB with the SecGW (Security GW). On average every eNodeB is surrounded by 6 eNodeBs for coverage reasons as indicated in the figure below
For this reason it is recommended to use IPSec between the eNodeB and the Core Network
ec you can prevent hackers to eavesdrop and easily insert malicious crated packet, or easily generate a DOS attack by inserting millions of SCTP INIT packet, resulting in an overload situation for the MME.
Important is further to define the IPSec setup: how to connect the eNodeB with the SecGW (Security GW). On average every eNodeB is surrounded by 6 eNodeBs for coverage reasons as indicated in the figure below
ween the eNodeB and the Core Network
ec you can prevent hackers to eavesdrop and easily insert malicious crated packet, or easily generate a DOS attack by inserting millions of SCTP INIT packet,
Important is further to define the IPSec setup: how to connect the eNodeB with the SecGW (Security GW). On average every eNodeB is surrounded by 6 eNodeBs for coverage reasons as
The link of this (blue marked) eNodeB is composed of S1 and X2 traffic. In the simples case you have for every eNodeB one IPSec Tunnel
Resulting in a lower number of IPSec Tunnels. You can further divide the different traffic types and encapsulate in different IPSec Tunn
Resulting in a higher number of IPSec Tunnels. The S1 traffic is forwarded to the Core elements, while the X2 traffic is locally routed back as shown in the figure below
Additional IPSec tunnels, doubling the number are coming thru the fact of Redundancy and every eNodeB is connected with 2 SecGW. More IPSec tunnels per eNodeB results in greater complexity but give more freedom to the network design and architectur
ue marked) eNodeB is composed of S1 and X2 traffic. In the simples case you have for every eNodeB one IPSec Tunnel
Resulting in a lower number of IPSec Tunnels.
You can further divide the different traffic types and encapsulate in different IPSec Tunn
Resulting in a higher number of IPSec Tunnels.
The S1 traffic is forwarded to the Core elements, while the X2 traffic is locally routed back as
Additional IPSec tunnels, doubling the number are coming thru the fact of Redundancy and every eNodeB is connected with 2 SecGW.
More IPSec tunnels per eNodeB results in greater complexity but give more freedom to the network design and architecture team.
ue marked) eNodeB is composed of S1 and X2 traffic. In the simples case you
You can further divide the different traffic types and encapsulate in different IPSec Tunnels
The S1 traffic is forwarded to the Core elements, while the X2 traffic is locally routed back as
Additional IPSec tunnels, doubling the number are coming thru the fact of Redundancy – each
More IPSec tunnels per eNodeB results in greater complexity but give more freedom to the
Below a figure that comes close to real deployments Each eNodeB is connected in a redundant way, and we have 3 IPSec tunnels deployed. S1, X2 and OAM traffic are separated
Hereafter you find a short introduction about the overall setup and the core elements – including IPSec.
Below a figure that comes close to real deployments Each eNodeB is connected in a redundant way, and we have 3 IPSec tunnels deployed. S1, X2 and OAM traffic are separated
Hereafter you find a short introduction about the overall setup of security between the handset including IPSec.
Each eNodeB is connected in a redundant way, and we have 3 IPSec tunnels deployed. S1, X2
of security between the handset
A new definition of security within 4G requires all aspects covering all different layers.
Security at the different layers is a strong requirement.At the IP layer IPv4, IPv6, ICMP, IGMP, etc and routing protocols must be protected. Many concepts out the 3G networks shall be used in this case.At the TCP/UDP layer SCTP and GTP (runs on top of UDP) becomes mandatory. The support of IPSec is a key point, incl. the IKE variansupport most of the protocols in HW in order supporting the performance requirements and keep pace with the throughputAt the Applications layer packets must be inspected for malicious and harmful tall malware must be detected protecting end users, and the core network protection can be ensured. Hackers have proven that 4G networks are not secure already:UE do start to get connected as a first step over the Radio Interface, once cosecurity procedures will take place. Comparing the credentials stored in the USIM card with the credentials stored in the HSS.The figure below shows the procedure: an initial NAS message is send from the UE to the MME, which then sends a Diameter (over SCTP) Request to the HSS. Keys are derived and compared as indicated in the figure.
A new definition of security within 4G requires all aspects covering all different layers.
Security at the different layers is a strong requirement. IPv6, ICMP, IGMP, etc and routing protocols must be protected. Many
concepts out the 3G networks shall be used in this case. At the TCP/UDP layer SCTP and GTP (runs on top of UDP) becomes mandatory. The support of IPSec is a key point, incl. the IKE variants. The massive amount of traffic makes it essential to support most of the protocols in HW in order supporting the performance requirements and
throughput. At the Applications layer packets must be inspected for malicious and harmful tall malware must be detected protecting end users, and the core network protection can be
Hackers have proven that 4G networks are not secure already: UE do start to get connected as a first step over the Radio Interface, once cosecurity procedures will take place. Comparing the credentials stored in the USIM card with the credentials stored in the HSS. The figure below shows the procedure: an initial NAS message is send from the UE to the MME,
ter (over SCTP) Request to the HSS. Keys are derived and compared
A new definition of security within 4G requires all aspects covering all different layers.
IPv6, ICMP, IGMP, etc and routing protocols must be protected. Many
At the TCP/UDP layer SCTP and GTP (runs on top of UDP) becomes mandatory. The support of ts. The massive amount of traffic makes it essential to
support most of the protocols in HW in order supporting the performance requirements and
At the Applications layer packets must be inspected for malicious and harmful traffic. This way all malware must be detected protecting end users, and the core network protection can be
UE do start to get connected as a first step over the Radio Interface, once connected the security procedures will take place. Comparing the credentials stored in the USIM card with the
The figure below shows the procedure: an initial NAS message is send from the UE to the MME, ter (over SCTP) Request to the HSS. Keys are derived and compared –
However, in order to get this done the UE needs to connect first to the MME (thru the eNodeB).This is done as shown in the figure below:A NAS Attach Request is triggering the eNodeB to open a SCTP association with the MME. In case of misuse, the UE can be manipulated to sends ways too much traffic towards the eNodeB (which forwards the traffic to the MME) and can overload the MME processin
Remark: the UE are no smartphones as we think of today. Hackers do use evaluation boards or simple USB Dongle since they are easier to program and configure.
A more complete security architecture is required to solve the Security topics at the different nodes in the network, with the different protocols, and transported on applications (such as Worms, viruses, malware).
However, in order to get this done the UE needs to connect first to the MME (thru the eNodeB).This is done as shown in the figure below: A NAS Attach Request is triggering the eNodeB to open a SCTP association with the MME. In case of misuse, the UE can be manipulated to sends ways too much traffic towards the eNodeB (which forwards the traffic to the MME) and can overload the MME processin
Remark: the UE are no smartphones as we think of today. Hackers do use evaluation boards or simple USB Dongle since they are easier to program and configure.
complete security architecture is required to solve the Security topics at the different nodes in the network, with the different protocols, and transported on applications (such as
However, in order to get this done the UE needs to connect first to the MME (thru the eNodeB).
A NAS Attach Request is triggering the eNodeB to open a SCTP association with the MME. In case of misuse, the UE can be manipulated to sends ways too much traffic towards the eNodeB (which forwards the traffic to the MME) and can overload the MME processing power.
Remark: the UE are no smartphones as we think of today. Hackers do use evaluation boards or
complete security architecture is required to solve the Security topics at the different nodes in the network, with the different protocols, and transported on applications (such as
The outlook from all involved parties (core nesupplier, handset/end-user equipment supplier, etc) must be taken care for an evolution into IPv6, which will become eminence The ETSI Technical Specification requirements describes several types of attacks.
• Unauthorized access to sensitive data (violation of confidentiality)• Eavesdropping• Masquerading• Traffic analysis• Browsing • Leakage • Inference
• Unauthorized manipulation of sensitive data (Violation of integrity) • Manipulation of messages
• Disturbing or misusing network services (leading to denial of service or reduced availability)
• Intervention• Resource exhaustion• Misuse of privileges• Abuse of services
• Repudiation • Unauthorized access to services
• Intruders can access services by masquerading as users or network entities.• Users or network entities can get unauthorized access to services by misusing
their access rights. The weakest link in the chain is the user equipFirmware that can be installed is a key point. Another huge topic in the 4G Security domain is AAA((Authentication, Authorization and Accounting), including key hierarchy, key agreement procedures, user identity codevice confidentially, ciphering, and integrity protection. However, this is not covered in this paper Based on the fact that the interworking between
• different 3GPP radio technologies (3G and 4G)• different access technologies (WiMAX/WLAN• different providers (roaming)
The outlook from all involved parties (core network supplier, radio network supplier, content user equipment supplier, etc) must be taken care for an evolution into
eminence for mobile networks in the short future
The ETSI Technical Specification ETSI TS 121 133 (UMTS); 3G security; Security threats and describes several types of attacks.
Unauthorized access to sensitive data (violation of confidentiality) Eavesdropping Masquerading Traffic analysis
pulation of sensitive data (Violation of integrity) Manipulation of messages
Disturbing or misusing network services (leading to denial of service or reduced
Intervention Resource exhaustion Misuse of privileges Abuse of services
Unauthorized access to services Intruders can access services by masquerading as users or network entities.Users or network entities can get unauthorized access to services by misusing their access rights.
The weakest link in the chain is the user equipment. The trust level, that no malicious Firmware that can be installed is a key point.
Another huge topic in the 4G Security domain is AAA((Authentication, Authorization and Accounting), including key hierarchy, key agreement procedures, user identity codevice confidentially, ciphering, and integrity protection. However, this is not covered in this
Based on the fact that the interworking between 3GPP radio technologies (3G and 4G)
different access technologies (WiMAX/WLAN and 3GPP) different providers (roaming)
twork supplier, radio network supplier, content user equipment supplier, etc) must be taken care for an evolution into
121 133 (UMTS); 3G security; Security threats and
pulation of sensitive data (Violation of integrity)
Disturbing or misusing network services (leading to denial of service or reduced
Intruders can access services by masquerading as users or network entities. Users or network entities can get unauthorized access to services by misusing
ment. The trust level, that no malicious
Another huge topic in the 4G Security domain is AAA((Authentication, Authorization and Accounting), including key hierarchy, key agreement procedures, user identity confidentially, device confidentially, ciphering, and integrity protection. However, this is not covered in this
The figure above shows The installed base of 3G network must be connected to the newly 4G network. So interworking between the “old 3G” and the “new 4G” is essential.
The figure above shows the The carriers do move more and more into Carriers nontraffic freeing radio resources. In this case connected to the newly 4G network. So interworking between the “must be done.
The figure above shows the interworking between 3G and 4G
The installed base of 3G network must be connected to the newly 4G network. So interworking between the “old 3G” and the “new 4G” is essential.
re above shows the interworking between 3GPP and non-3GPP (WLAN, WiMAX, etc)
The carriers do move more and more into Carriers non-3GPP networking to offload from 3GPP traffic freeing radio resources. In this case the installed base of non-3G netwoconnected to the newly 4G network. So interworking between the “non-3GPP
interworking between 3G and 4G
The installed base of 3G network must be connected to the newly 4G network. So interworking
3GPP (WLAN, WiMAX, etc)
3GPP networking to offload from 3GPP 3G network must be
PP” and “3GPP”
The figure above shows the
The figure above shows the Out of the history we have learnt that roaming is one of the most important between carriers, sharing the radio access and some core network elements.As one can see from the figureRoaming is known since years (when introduced in 2G /GSM/ networks already)around the globe do use GTP Firewalls and SeGW to secure their connection points towards other carriers either directly or via the GRX (GPRS Exchange), described by thAssociation). With the introduction of 4G the GSMA has moved on from GRX towards the IPX (IP Packet Exchange) with enhanced features for 4G interconnect. In the 2 figures above once can clearly see that for the 2 cases you need either GTP & Diaare known since years with 2.5G/3G networks, so the update by using GTPv2 is a relatively small step. The Diameter is a new interface that comes into play and will add new concerns in
re above shows the roaming case / home-routed traffic
re above shows the roaming case / local-breakout traffic
Out of the history we have learnt that roaming is one of the most important between carriers, sharing the radio access and some core network elements.As one can see from the figures above the two roaming cases are an essential element.
known since years (when introduced in 2G /GSM/ networks already)around the globe do use GTP Firewalls and SeGW to secure their connection points towards other carriers either directly or via the GRX (GPRS Exchange), described by th
With the introduction of 4G the GSMA has moved on from GRX towards the IPX (IP Packet Exchange) with enhanced features for 4G interconnect. In the 2 figures above once can clearly see that for the 2 cases you need either GTP & Diameter or just a Diameter interface. GTP FWs are known since years with 2.5G/3G networks, so the update by using GTPv2 is a relatively small step. The Diameter is a new interface that comes into play and will add new concerns in
routed traffic
breakout traffic
Out of the history we have learnt that roaming is one of the most important security issues between carriers, sharing the radio access and some core network elements.
cases are an essential element. known since years (when introduced in 2G /GSM/ networks already). Mobile carrier
around the globe do use GTP Firewalls and SeGW to secure their connection points towards other carriers either directly or via the GRX (GPRS Exchange), described by the GSMA (GSM
With the introduction of 4G the GSMA has moved on from GRX towards the IPX (IP Packet Exchange) with enhanced features for 4G interconnect. In the 2 figures above once can clearly
meter or just a Diameter interface. GTP FWs are known since years with 2.5G/3G networks, so the update by using GTPv2 is a relatively small step. The Diameter is a new interface that comes into play and will add new concerns in
Carrier Security Groups. Eveit adds more concerns. Yet another concern here that Diameter will come with SCTP as the transport protocol of choice. However, clearly the Diameter interconnection shouts for a Diameter FThe interconnections towards other carriers (either direct, or via IPX/GRX) do need protection at the border. However, once making up the whole network diagram (as shown below) one can see some issues that are known as the security topics within the 4
The figure above shows a
1. Threat #1 o Attacks on an IP Level, DOS, DDOS, etc on the SGi interface
2. Threat #2 o Overbilling Attacks like in 3G on the SGi interface
3. Threat #3 o Attacks on
4. Threat #4 o Attacks based on SCTP/Diameter manipulating Database entries
5. Threat #5 o Attacks the NMS level manipulating settings and configurations
6. Threat #6 o Attacks the IP helping service level
protocols7. Threat #7
o Attacks based on SCTP/GTP from 4G Roaming Partners8. Threat #8
o Attacks based on GTP from 3G Roaming Partners
Carrier Security Groups. Even by analyzing the usage of Diameter (Database retrieval protocol) it adds more concerns. Yet another concern here that Diameter will come with SCTP as the transport protocol of choice.
However, clearly the Diameter interconnection shouts for a Diameter FW. The interconnections towards other carriers (either direct, or via IPX/GRX) do need protection
However, once making up the whole network diagram (as shown below) one can see some issues that are known as the security topics within the 4G Security Architecture.
The figure above shows a 4G network with possible attack scenarios
Attacks on an IP Level, DOS, DDOS, etc on the SGi interface
Overbilling Attacks like in 3G on the SGi interface
Attacks on open and insecure IP interfaces at the access (eNodeB)
Attacks based on SCTP/Diameter manipulating Database entries
Attacks the NMS level manipulating settings and configurations
Attacks the IP helping service level manipulating IP settings and base protocols
Attacks based on SCTP/GTP from 4G Roaming Partners
Attacks based on GTP from 3G Roaming Partners
n by analyzing the usage of Diameter (Database retrieval protocol) it adds more concerns. Yet another concern here that Diameter will come with SCTP as the
The interconnections towards other carriers (either direct, or via IPX/GRX) do need protection
However, once making up the whole network diagram (as shown below) one can see some G Security Architecture.
with possible attack scenarios
Attacks on an IP Level, DOS, DDOS, etc on the SGi interface
open and insecure IP interfaces at the access (eNodeB)
Attacks based on SCTP/Diameter manipulating Database entries
Attacks the NMS level manipulating settings and configurations
manipulating IP settings and base
9. Threat #9 o Attacks based on SCTP for manipulating MME functions
10. Threat #10 o Attacks based on
11. Threat #11 o Attacks the IMS level manipulating the VoLTE
12. Threat #12 o Attacks on a higher layers introducing all kind of malware
To mitigate this threats Operators must implement Security from the vis a basic rule in the design: Security is part of the architecture ! The implementation can be done in various steps. According to the possible sequence below is given: Step 1:
• SGi FW – Protecting from the Internet and Overbilling• Basic SecGW + FW• HSS FW – Securing the most important Network Element (APT)• NMS/OAM Security • IP Services Security
Attacks based on SCTP for manipulating MME functions
Attacks based on GTP for manipulating S-GW functions
Attacks the IMS level manipulating the VoLTE – IMS - VoIP network
Attacks on a higher layers introducing all kind of malware
To mitigate this threats Operators must implement Security from the very first moment and it is a basic rule in the design: Security is part of the architecture !
The implementation can be done in various steps. According to the priorities of the threats a possible sequence below is given:
Protecting from the Internet and Overbilling Basic SecGW + FW- Protecting from the Access
Securing the most important Network Element (APT)NMS/OAM Security – Protect the Central Management IP Services Security – Protection from misuse (eg DNS Tunnel
VoIP network
Attacks on a higher layers introducing all kind of malware
ery first moment and it
priorities of the threats a
Securing the most important Network Element (APT)
NS Tunneling)
Step 2: • Roaming Security
Step 3:
• Enhanced SecGW + FW + SCTP FW
Roaming Security – Protecting from the Roaming Partners
Enhanced SecGW + FW + SCTP FW – enhanced Protection from the Access
enhanced Protection from the Access
Step 4: • Enhanced SecGW + FW + GTP FW
Step 5:
• SIP/RTP FW for VoLTE
Enhanced SecGW + FW + GTP FW – enhanced Protection from the Access
SIP/RTP FW for VoLTE – Protection from/to the IMS Core Network
enhanced Protection from the Access
Protection from/to the IMS Core Network
Basic assumptions for the steps proposed above is that in Step 1 LTE is only offered to domestic users. In Step 2 Roaming (inbound and outbound) is activated. Step 3 is the dedicaprotection of the heart of the LTE systems: the MME will be protected. Step 4 is the dedicated protection of the User Traffic part of the LTE systems: the SGW will be protected. Step 5 is the final step for a protection from/to the IMS Voice domain.For a wise decision of the security elements it is helpful to decide for a product that can be enabled to perform all the described security function a single redesign must be taken for activating additional security features.As IPSec is a good tool to provide a secure transport between network elements it is proposed by the 3GPP to be used between eNodeBs and the Core Elements (MME, SGW).
The figure above shows the SEG (IPSec termination) within the eNodeB and as standalone device in the Packet Core. In the 3GPP Technical Specifications Tunnel Mode with ESP and IKEv2 is proposed. For a real world deployment it is important to understand the influence of “where are the SEG are located”. There is a Centralized Model vs the DecentraCentralized SEG are directly in front of the MME/SGW (same amount of SEG as MME/SGW locations). While in the Decentralized Modelfigures below show the 2 models:
Basic assumptions for the steps proposed above is that in Step 1 LTE is only offered to domestic users. In Step 2 Roaming (inbound and outbound) is activated. Step 3 is the dedicaprotection of the heart of the LTE systems: the MME will be protected. Step 4 is the dedicated protection of the User Traffic part of the LTE systems: the SGW will be protected. Step 5 is the final step for a protection from/to the IMS Voice domain.
r a wise decision of the security elements it is helpful to decide for a product that can be enabled to perform all the described security function a single node. This way no network redesign must be taken for activating additional security features.
Sec is a good tool to provide a secure transport between network elements it is proposed by the 3GPP to be used between eNodeBs and the Core Elements (MME, SGW).
The figure above shows the SEG (IPSec termination) within the eNodeB and as standalone ce in the Packet Core. In the 3GPP Technical Specifications Tunnel Mode with ESP and
IKEv2 is proposed. For a real world deployment it is important to understand the influence of “where are the SEG are located”. There is a Centralized Model vs the DecentraCentralized SEG are directly in front of the MME/SGW (same amount of SEG as MME/SGW locations). While in the Decentralized Model there are more SEG than MME/SGW locations. The figures below show the 2 models:
Decentralized Model for the SEG
Basic assumptions for the steps proposed above is that in Step 1 LTE is only offered to domestic users. In Step 2 Roaming (inbound and outbound) is activated. Step 3 is the dedicated protection of the heart of the LTE systems: the MME will be protected. Step 4 is the dedicated protection of the User Traffic part of the LTE systems: the SGW will be protected. Step 5 is the
r a wise decision of the security elements it is helpful to decide for a product that can be node. This way no network
Sec is a good tool to provide a secure transport between network elements it is proposed by the 3GPP to be used between eNodeBs and the Core Elements (MME, SGW).
The figure above shows the SEG (IPSec termination) within the eNodeB and as standalone
ce in the Packet Core. In the 3GPP Technical Specifications Tunnel Mode with ESP and IKEv2 is proposed. For a real world deployment it is important to understand the influence of “where are the SEG are located”. There is a Centralized Model vs the Decentralized Model. Centralized SEG are directly in front of the MME/SGW (same amount of SEG as MME/SGW
there are more SEG than MME/SGW locations. The
All of them must be addressed to overcome the threats, and to ensure proper and secure networking and interworking. All elements are quite critical and must be observed.
The figure above shows a
Centralized Model for the SEG
All of them must be addressed to overcome the threats, and to ensure proper and secure networking and interworking. All elements are quite critical and must be observed.
The figure above shows a 4G network with possible Firewall locations
All of them must be addressed to overcome the threats, and to ensure proper and secure networking and interworking. All elements are quite critical and must be observed.
with possible Firewall locations
As in the figure above it is clear that Security plays a major role in 4G networks. Due to the Virtualization of the Fortinet Firewalls the different functions can be accomplished by one HW FW. The functions are just sharRoaming partners (3G and 4G) and have a dedicated FW (Virtual Domains Partner with individual settings (as highlighted with b and c). Even further Virtualization is possible that other functions like the VoIP FW (as highlighted with h), and the Gi FW capabilities – on different layers with a and e). HW Acceleration Further to the rich capabilities the Fortinet 4G
• Packet Forwarding • Different processing architectures deliver widely differing results• FortiGate CPU is not used for the
features • Power
• More powerful processors generate• Typically ten times that required by an ASIC
• Thermal • With power comes heat, limiting the
The figure above shows the advantage of using ASIC technology / compared to common CPU As an example a Fortinet 3950B FW is able
• to handle more than 120 Gbps. For achieving higher capacity they can be easily clustered and concatenated to achieve higher performance figures.
• to handle more than 20 million concurrent sessions. For achieving more concurrent session capacity they can be easily clustered and concatenated to achieve higher performance figures
• to handle more than 250k new sessions per second. For achieving more new session per second capacity they can be easily clustered and concatenated to achieveperformance figures
As in the figure above it is clear that Security plays a major role in 4G networks. Due to the Virtualization of the Fortinet Firewalls the different functions can be accomplished by one HW FW. The functions are just shared. As an example it is possible to connect to many hundreds Roaming partners (3G and 4G) and have a dedicated FW (Virtual Domains – VDOMs) per Roaming Partner with individual settings (as highlighted with b and c). Even further Virtualization is
that other functions like the VoIP FW (as highlighted with h), and the Gi FW on different layers – can be combined in one physical Hardware (as highlighted
Further to the rich capabilities the Fortinet 4G Firewall is supporting HW acceleration
Different processing architectures deliver widely differing resultsFortiGate CPU is not used for the packet forwarding, freeing it for
More powerful processors generate require more power Typically ten times that required by an ASIC
With power comes heat, limiting the scalability of any CPU only based device
the advantage of using ASIC technology / compared to common CPU
Fortinet 3950B FW is able to handle more than 120 Gbps. For achieving higher capacity they can be easily clustered and concatenated to achieve higher performance figures. to handle more than 20 million concurrent sessions. For achieving more concurrent
ssion capacity they can be easily clustered and concatenated to achieve higher performance figures to handle more than 250k new sessions per second. For achieving more new session per second capacity they can be easily clustered and concatenated to achieveperformance figures
As in the figure above it is clear that Security plays a major role in 4G networks. Due to the Virtualization of the Fortinet Firewalls the different functions can be accomplished by one HW
ed. As an example it is possible to connect to many hundreds VDOMs) per Roaming
Partner with individual settings (as highlighted with b and c). Even further Virtualization is that other functions like the VoIP FW (as highlighted with h), and the Gi FW
can be combined in one physical Hardware (as highlighted
Firewall is supporting HW acceleration
Different processing architectures deliver widely differing results packet forwarding, freeing it for other
scalability of any CPU only based device
the advantage of using ASIC technology / compared to common CPU
to handle more than 120 Gbps. For achieving higher capacity they can be easily
to handle more than 20 million concurrent sessions. For achieving more concurrent ssion capacity they can be easily clustered and concatenated to achieve higher
to handle more than 250k new sessions per second. For achieving more new session per second capacity they can be easily clustered and concatenated to achieve higher
• to handle more than 50 Gbps of 3DES/AES (eg. IPSec) throughput. For achieving higher performance they can be easily clustered and concatenated to achieve higher performance figures
• to handle more than 19,6 Gbps of IPS throughputthey can be easily clustered and concatenated to achieve higher performance figures.
Once comparing this figure with the requirements one can see that a small number of such Firewalls can safe a complete carrier network Virtualization On top to the features described above the capabilities are further enriched by using virtualization This functionality is called Virtual Domains
• FW policies configurable per Virtual Domain (VDOM)• Allows individual configuration per • Overlapping address space within the same hardware platform• Multiple Public/Private peers• And much more
The figure above shows Virtual domains (VDOMs) are a method of dividing a units that function as multiple independent units. VDOMs can provide separate firewalland, in NAT/Route mode, completely separate configurations for routing andeach connected network or VDOMs let you split your physical FortiGate unit into multiple virtual units. The resultingbenefits range from limiting space and power requirements. Effectively you can split your mobile network by using VDOMs onto several VDOM and one physical HW device. Such as
• VDOM#3 is the SCTP FW, • VDOM#4 is the GTP FW, • VDOM#5 is the Diameter• VDOM#6 is the SIP FW, • VDOM#7 is the IPSec VPN termination,• etc
Or to divide your network into regions
• VDOM#3 is the East Region,
to handle more than 50 Gbps of 3DES/AES (eg. IPSec) throughput. For achieving higher performance they can be easily clustered and concatenated to achieve higher performance figures to handle more than 19,6 Gbps of IPS throughput. For achieving higher performance they can be easily clustered and concatenated to achieve higher performance figures.
Once comparing this figure with the requirements one can see that a small number of such Firewalls can safe a complete carrier network.
On top to the features described above the capabilities are further enriched by using
Virtual Domains FW policies configurable per Virtual Domain (VDOM) Allows individual configuration per external VoIP network interface Overlapping address space within the same hardware platform Multiple Public/Private peers
The figure above shows the advantage of using Virtualization
Virtual domains (VDOMs) are a method of dividing a FortiGate unit into two or more virtualunits that function as multiple independent units. VDOMs can provide separate firewalland, in NAT/Route mode, completely separate configurations for routing andeach connected network or organization. VDOMs let you split your physical FortiGate unit into multiple virtual units. The resultingbenefits range from limiting transparent mode ports to simplified administration, andspace and power requirements.
your mobile network by using VDOMs onto several VDOM and one
VDOM#3 is the SCTP FW, P FW,
Diameter FW, P FW,
IPSec VPN termination,
k into regions East Region,
to handle more than 50 Gbps of 3DES/AES (eg. IPSec) throughput. For achieving higher performance they can be easily clustered and concatenated to achieve higher
. For achieving higher performance they can be easily clustered and concatenated to achieve higher performance figures.
Once comparing this figure with the requirements one can see that a small number of such
On top to the features described above the capabilities are further enriched by using
the advantage of using Virtualization
FortiGate unit into two or more virtual units that function as multiple independent units. VDOMs can provide separate firewall policies and, in NAT/Route mode, completely separate configurations for routing and VPN services for
VDOMs let you split your physical FortiGate unit into multiple virtual units. The resulting ransparent mode ports to simplified administration, and reduced
your mobile network by using VDOMs onto several VDOM and one
• VDOM#4 is the West Region• VDOM#5 is the South Region• VDOM#6 is the North Region• VDOM#7 is the Major Capitol 1,• etc
or even a combination of the 2 above.
4. 4G Firewall Functions of the 4G FW Securing Protocols within 4G networks LTE is a substantial part of the business of mobile operators and it is important to keep this network up and running. This is true for many reasons• the outage creates a substantial loss of revenues• the outage comes to along w• it is a national interest that the telecommunication infrastructure is always available
How can we achieve this target ? Not only with one single item. It is a combination of many.
First and most important element is the network architecture, that the systems are built, designed and evaluated that outages are minimal, and not affecting the whole network, but only small regions.
The second element is clearly the policy on how to handle the netwhich element, how are patches, updates, changes, etc treated. Another element that comes along with policy is that equipment, and new elements (whether HW, SW, updates, etc) are always carefully tested and evaluated.
The third element is a network infrastructure and network service protection by means of Firewalls. These Firewalls must be LTE ready and protect the critical elements from attacks on every layer. But what means LTE ready ? supported and that the performance does not degrade the throughput and makeexperience weak. This way it is important that the relevant protocols are analyzed and checked against misuse, or just integrity to protect core elements.By looking at the different interfaces within LTE (which are all named Sx) one can see that a number of protocols are used to transport LTE. One is GTP. GTP is used in 2,5G and 3G on the Gn and Gp interface between the GGSN and the SGSN (Gn interface if SGSN is within the home network, and Gp interface if SGSN is within the visited network). In LTE GTP is used on the S3, S4, S5, S8, S10, S11 and the S16 interface. The number of interfaces using GTP has increased from 2 to 7. Another one is SCTP SCTP is used on the different S6x, STa, SWx, Gx, Rx, S9 and S13 interfaces between AAA involved nodes and the AAA Server and Policy Server.On top of that Diameter is used heavily in 3GPP networks (IMS IP Multimedia Subsystem) and 4G networks for Database retrieval.important. Yet another quite important protocol is IPSec with IKE. It is used on several interfaces to secure the traffic flow. According to the 3GPP TS33.210 standardization, between all elements required.
West Region, South Region, North Region, Major Capitol 1,
or even a combination of the 2 above.
Protocols within 4G networks
LTE is a substantial part of the business of mobile operators and it is important to keep this network up and running. This is true for many reasons
the outage creates a substantial loss of revenues the outage comes to along with a loss of creditability (with shareholders and end users)it is a national interest that the telecommunication infrastructure is always available
How can we achieve this target ? Not only with one single item. It is a combination of many.
most important element is the network architecture, that the systems are built, designed and evaluated that outages are minimal, and not affecting the whole network, but
The second element is clearly the policy on how to handle the network. Who has access to which element, how are patches, updates, changes, etc treated. Another element that comes along with policy is that equipment, and new elements (whether HW, SW, updates, etc) are always carefully tested and evaluated.
ment is a network infrastructure and network service protection by means of Firewalls. These Firewalls must be LTE ready and protect the critical elements from attacks on every layer. But what means LTE ready ? This indicates that the important protocols msupported and that the performance does not degrade the throughput and makeexperience weak. This way it is important that the relevant protocols are analyzed and checked against misuse, or just integrity to protect core elements. By looking at the different interfaces within LTE (which are all named Sx) one can see that a number of protocols are used to transport LTE. One is GTP. GTP is used in 2,5G and 3G on the Gn and Gp interface between the GGSN and the
GSN is within the home network, and Gp interface if SGSN is within the visited network). In LTE GTP is used on the S3, S4, S5, S8, S10, S11 and the S16 interface. The number of interfaces using GTP has increased from 2 to 7.
ed on the different S6x, STa, SWx, Gx, Rx, S9 and S13 interfaces between AAA involved nodes and the AAA Server and Policy Server. On top of that Diameter is used heavily in 3GPP networks (IMS IP Multimedia Subsystem) and 4G networks for Database retrieval. Protection of Diameter is protecting Databases and very
Yet another quite important protocol is IPSec with IKE. It is used on several interfaces to secure the traffic flow. According to the 3GPP TS33.210 standardization, between all elements to proper IPv4 and IPv6 communication a secure path is
LTE is a substantial part of the business of mobile operators and it is important to keep this
ith a loss of creditability (with shareholders and end users) it is a national interest that the telecommunication infrastructure is always available
How can we achieve this target ? Not only with one single item. It is a combination of many.
most important element is the network architecture, that the systems are built, designed and evaluated that outages are minimal, and not affecting the whole network, but
work. Who has access to which element, how are patches, updates, changes, etc treated. Another element that comes along with policy is that equipment, and new elements (whether HW, SW, updates, etc) are
ment is a network infrastructure and network service protection by means of Firewalls. These Firewalls must be LTE ready and protect the critical elements from attacks on
that the important protocols must be supported and that the performance does not degrade the throughput and makes the user experience weak. This way it is important that the relevant protocols are analyzed and
By looking at the different interfaces within LTE (which are all named Sx) one can see that a
One is GTP. GTP is used in 2,5G and 3G on the Gn and Gp interface between the GGSN and the GSN is within the home network, and Gp interface if SGSN is within the
visited network). In LTE GTP is used on the S3, S4, S5, S8, S10, S11 and the S16 interface. The
ed on the different S6x, STa, SWx, Gx, Rx, S9 and S13 interfaces between AAA
On top of that Diameter is used heavily in 3GPP networks (IMS IP Multimedia Subsystem) and 4G Protection of Diameter is protecting Databases and very
It is used on several interfaces to secure the traffic flow. According to the 3GPP TS33.210 to proper IPv4 and IPv6 communication a secure path is
Quite important is the performance and scalability of the product.Once introducing VoLTE the delay plays a substantial role. For the dimensioning the degradation of performance (throughput)
The figure above shows the degradation of different vendors. Dimensioning a network properly where the throughput depends greatly from the packet size becomes a nightmare. The difference between large packets (1514 byte) and small packetsof 6. For a proper network design you must be able to define upfront the average packet size and the distribution of how much small packets (eg 132 bytes for VoLTE) and large packets (browsing, email) is assumed.
5. Outlook
We have seen in the recent years what hackers and activist can do and perform large scale attacks. Further to this way of attacks we will see more political motivated attacks. As an example (by far not the only one report. Prior to that we will look at a quite old market study for comparison predicted” and “what do we see today”. What was predicted: The Market Study is the Gartner Study about Increase Vulnerability dated from January 13Herein you find statements like
….The aspects of cyberwarfare have been considered for years. Future cyberattacks couldtype as part of a larger campaignmilitary operation, has two components operations…
Quite important is the performance and scalability of the product. Once introducing VoLTE the delay plays a substantial role. For the dimensioning the degradation of performance (throughput) is important.
The figure above shows the degradation of different vendors. Dimensioning a network properly where the throughput depends greatly from the packet size becomes a nightmare. The difference between large packets (1514 byte) and small packets (64 byte) can be up to factor of 6. For a proper network design you must be able to define upfront the average packet size and the distribution of how much small packets (eg 132 bytes for VoLTE) and large packets (browsing, email) is assumed.
in the recent years what hackers and activist can do and perform large scale attacks. Further to this way of attacks we will see more political motivated attacks. As an example (by far not the only one – but good documented) we will delve into report. Prior to that we will look at a quite old market study for comparison predicted” and “what do we see today”.
The Market Study is the Gartner Study about Cyberwarfare: VoIP and Convergencedated from January 13th 2004.
Herein you find statements like ….The aspects of cyberwarfare have been considered for years. Future cyberattacks could constitute an entire war or an attack type as part of a larger campaign. Cyberwarfare, like any military operation, has two components — offensive and defensive
Once introducing VoLTE the delay plays a substantial role. For the dimensioning the
The figure above shows the degradation of different vendors. Dimensioning a network properly where the throughput depends greatly from the packet size becomes a nightmare. The
(64 byte) can be up to factor of 6. For a proper network design you must be able to define upfront the average packet size and the distribution of how much small packets (eg 132 bytes for VoLTE) and large packets
in the recent years what hackers and activist can do and perform large scale attacks. Further to this way of attacks we will see more political motivated attacks. As an
but good documented) we will delve into the Mandiant APT1 report. Prior to that we will look at a quite old market study for comparison of “what was
Cyberwarfare: VoIP and Convergence
….The aspects of cyberwarfare have been considered for years. constitute an entire war or an attack
Cyberwarfare, like any offensive and defensive
…The U.S. military complex continues work on Presid ential Directive 16, including developing the rules and to ols. United States is not the only governmecyberattacks. In the second quarter of 1995, Major General Wang Pufeng of The Chinese Army published a paper, “The Challenge of Information Warfare.” In this paper, Pufeng writes that the information era will touch off a revolution in mil
Even 18 years ago the Chinese Army started to work on Cyberwarfare. What do we see today : The Mandiant Report APT1
Is describing in its report the linkage of the Chinese Army and the Hacking Unit (261398)
…The U.S. military complex continues work on Presid ential Directive 16, including developing the rules and to ols. United States is not the only government thinking about
. In the second quarter of 1995, Major General Wang Pufeng of The Chinese Army published a paper, “The Challenge of Information Warfare.” In this paper, Pufeng writes that the information era will touch off a revolution in mil itary affairs …
Even 18 years ago the Chinese Army started to work on Cyberwarfare.
Is describing in its report the linkage of the Chinese Army and the Hacking Unit (2
…The U.S. military complex continues work on Presid ential Directive 16, including developing the rules and to ols. The
nt thinking about . In the second quarter of 1995, Major General Wang
Pufeng of The Chinese Army published a paper, “The Challenge of Information Warfare.” In this paper, Pufeng writes that the
itary affairs …
Is describing in its report the linkage of the Chinese Army and the Hacking Unit (2nd Bureau Unit
In this report you may find lots of details of how hacking is done nowadays. But how should this influence operators ?As a baseline, operators shallwell and have security in mind for starting the farchitecture. The most effective way of protecting networks and services is done through a dedicated network design, through proper security rules and uptools. When designing a secure network IPSec comes always across. IPSec is an excellent tool for designing secure communication and data exchange. But IPSec has limitation. It does not ensure that content is modified or compromised at Computers and Workstations. ThereIPSec ensure a safe and secure transport. For the proper content of the IPSec Tunnels a dedicated Firewall in front or after the IPSec Tunnel is required.This applies for all traffic of S1 and X2 interfaces at 4G networks, and it applies to all netwomanagement traffic (for all kind of networks).Network Management is anyhow very special, since an opponent can get full control over the network when compromising the Network Management Computers and Workstations.above with the APT1 report ofComputers and Workstations and the highest level of Security must be applied here. Operations of the Mobile Network can fall fully apart when a hacker has through APT control of the network.
Author: Rainer Baeder – [email protected]
report you may find lots of details of how hacking is done nowadays.
But how should this influence operators ? all act very sensitive, understand their network architecture very
have security in mind for starting the first assumption and designing the network
protecting networks and services is done through a dedicated network design, through proper security rules and up-to-date policies, and the usage of proper
designing a secure network IPSec comes always across. IPSec is an excellent tool for designing secure communication and data exchange. But IPSec has limitation. It does not ensure that content is modified or compromised at Computers and Workstations. ThereIPSec ensure a safe and secure transport. For the proper content of the IPSec Tunnels a dedicated Firewall in front or after the IPSec Tunnel is required. This applies for all traffic of S1 and X2 interfaces at 4G networks, and it applies to all netwomanagement traffic (for all kind of networks). Network Management is anyhow very special, since an opponent can get full control over the network when compromising the Network Management Computers and Workstations.above with the APT1 report of Mandiant Operators must be sensitive with Network Management Computers and Workstations and the highest level of Security must be applied here. Operations of the Mobile Network can fall fully apart when a hacker has through APT control of the
report you may find lots of details of how hacking is done nowadays.
sensitive, understand their network architecture very irst assumption and designing the network
protecting networks and services is done through a dedicated date policies, and the usage of proper
designing a secure network IPSec comes always across. IPSec is an excellent tool for designing secure communication and data exchange. But IPSec has limitation. It does not ensure that content is modified or compromised at Computers and Workstations. Therefore IPSec ensure a safe and secure transport. For the proper content of the IPSec Tunnels a
This applies for all traffic of S1 and X2 interfaces at 4G networks, and it applies to all network
Network Management is anyhow very special, since an opponent can get full control over the network when compromising the Network Management Computers and Workstations. As shown
Mandiant Operators must be sensitive with Network Management Computers and Workstations and the highest level of Security must be applied here. Operations of the Mobile Network can fall fully apart when a hacker has through APT control of the
Fortinet
Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and a market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2011 Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.
Fortinet's flagship FortiGate security appliances deliver ASICintegrates multiple layers of security designed to help protect athreats. Our broad product line of complementary solutions goes beyond UTM to help secure the extended enterprise - from endpoints, to the perimeter and the core, including databases and applications.
To date, Fortinet has shipped more than worldwide, including:
• 61 of the Global 100 • 8 of the top 10 Fortune companies in Americas
• 9 of the top 10 Fortune companies in EMEA • 9 of the top 10 Fortune companies in APAC • 7 of the top 10 Fortune telecommunications companies
• 9 of the top 10 Fortune banking companies • 9 of the top 10 Fortune defense/aerospace companies
A key differentiator, Fortinet's customFortiGate systems to detect and eliminate even complex, blended threats in real time without degrading network performance, while an extensive set of complementary management, analysis, database and endpoint protection solutions increases deployment flexibility, ascompliance with industry and government regulations, and reduces the operational costs of security management.
Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and a market leader in unified threat management (UTM). Our products and subscription services provide
performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2011 Fortune Global 100. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.
Fortinet's flagship FortiGate security appliances deliver ASIC-accelerated performance and integrates multiple layers of security designed to help protect against application and network threats. Our broad product line of complementary solutions goes beyond UTM to help secure
from endpoints, to the perimeter and the core, including databases
hipped more than 1,250,000 appliances to more than 1
61 of the Global 100 8 of the top 10 Fortune companies in Americas
9 of the top 10 Fortune companies in EMEA 9 of the top 10 Fortune companies in APAC
op 10 Fortune telecommunications companies
9 of the top 10 Fortune banking companies 9 of the top 10 Fortune defense/aerospace companies
A key differentiator, Fortinet's custom-built FortiASIC content and network processors enable systems to detect and eliminate even complex, blended threats in real time without
degrading network performance, while an extensive set of complementary management, analysis, database and endpoint protection solutions increases deployment flexibility, ascompliance with industry and government regulations, and reduces the operational costs of
Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and a market leader in unified threat management (UTM). Our products and subscription services provide
performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers
Fortune Global 100. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.
accelerated performance and gainst application and network
threats. Our broad product line of complementary solutions goes beyond UTM to help secure from endpoints, to the perimeter and the core, including databases
,000 appliances to more than 160,000 customers
built FortiASIC content and network processors enable systems to detect and eliminate even complex, blended threats in real time without
degrading network performance, while an extensive set of complementary management, analysis, database and endpoint protection solutions increases deployment flexibility, assists in compliance with industry and government regulations, and reduces the operational costs of