mavenir: small cells security - overcoming deployment challenges

© 2015 Mavenir Systems Page |

NYSE:MVNR ©2014 Mavenir Systems

Small Cells Security Overcoming Deployment Challenges


5.1% of global GDP

by 2020 - GSMA

50X Increase in DDoS

Attack Size in Past Decade

It’s not my phone, It’s my Life!

Trends: Risks and Threats Growing

•  Mobile is a crucial personal, business and economic driver.

•  The threat landscape is growing stronger with more frequent attacks.

18/03/2015 2

Arbor Networks


Trend: Increased Focus on RAN-Core Border

18/03/2015 3

•  Increased volume and diversity of endpoints / cell sites

•  RAN-Core encryption is mandatory

•  Untrusted backhaul Network

•  Security Gateway (SEG) is a must have

•  Stronger authentication needed Ran-Core

Border

MME

SGW S1-U

S1-C

LTE RAN

Shared RAN

Macrocells

Small Cells

EPC

3G RAN

Hetnets

SEG


IEEE, Security Analysis of Handover Key Management in 4G LTE/SAE Networks, http://www.computer.org/csdl/trans/tm/2014/02/ttm2014020457-abs.html

SEG Requirements for Small Cell Deployments

•  Very High Session Density •  Signaling and Data Storm Mitigation •  Management and Provisioning Ease •  Low Latency •  Rapid Failover

50k Macrocells

3M Endpoints

18/03/2015 4


Stronger Authentication and Encryption

•  Carriers moving to certificates for stronger authentication

•  Shorter rekeying timers for more secure encryption (Rapid Rekeying)

•  Longer key sizes (1024 or 2048 bit key)

MME

SGW

SEG

LTE RAN

Macrocells

Small Cells

Certificate Authority

18/03/2015 5


S1, IKE, SCTP Shaping

Core

Signaling Overload Control •  D-DOS like storms will be quite common due to sheer number of end points

–  Power outages –  Natural disasters –  Misbehaving smartphone apps and Misconfigured/rogue small cells

•  Security Gateway •  Admission control and

traffic management –  Multiple levels of

protections –  IKE, SCTP level and S1

level shaping and policing

SEG

18/03/2015 6


Operator Use Case

18/03/2015 7

Small Cells

Office

Home

•  Popular Android app synched with server at same time •  Created Signaling Overload to MME •  EPC / MME Protection and Traffic Prioritization needed

4G LTE EPC Millions of

Service Requests

Application Update Server

MME

SGW


Provisioning and Management Ease

•  Bootstrapping of femto cells –  Factory-default PSK –  SEG bootstraps the

HeNBs –  Automated certificate

management

•  Intelligent Load Balancing –  Across SEGs /IKEv2

redirect

IKE Load balancer

IKE/IPsec

SEG

SEG

SEG

18/03/2015 8


Mavenir Security Gateway

•  Live, Tier 1 Deployments

•  RAN Agnostic

•  Micro Second Latency

•  Ultra-Fast Encryption

•  High Session Density

•  Software Only

•  ATCA Integrated

•  SSX 3000 Platform

LTE Security and EPC Protection

Commercially Proven Interoperability

Seamless Small Cell Integration

18/03/2015 9


Summary: Fully Protect Operator Investments

“…52% of consumers would switch providers after a major data

breach…”

Information Age, 2/2014

“Lost revenues, downtime

and the cost of restoring systems can

accrue at the rate of $50,000 per

minute for a minor disruption”

Forbes Insight, “The Reputational Impact of IT Risk

18/03/2015 10

mavenir: small cells security - overcoming deployment challenges

Technology