Securing the LTE Core the Road to NFV 2014.pdf
AliAlwesabi
6 views
8 slides
May 10, 2024
Slide 1 of 8
1
2
3
4
5
6
7
8
About This Presentation
Securing the LTE Core the Road to NFV 2014.pdf
Slide Content
© 2014 Stoke
Securing the LTE Core –the Road
to NFV
| Proprietary and Confidential
Dilip Pillaipakam
Vice President, Product Management and Marketing
Securing the LTE Core –the Road
to NFV
| Proprietary and Confidential
Dilip Pillaipakam
Vice President, Product Management and Marketing
© 2014 Stoke
The LTE Security Framework
2
S9
S1-C
Internet
S1-U
S5/S8
S6A
Gx
Gz/Gy
Other LTE
Network
S11
RAN-Core
Border
SEG
The border between RAN and Core (S1)requires protection against specific risks to
critical infrastructure at that interface
Control Plane Functions
-IKE
-AAA
-Routing
DRA
SBC
IMS
Core
SGW
MME
CSCF
Internet Border
Policy / Charging
Control
SGi
Data Plane Functions
-Forwarding
-QoS
-ACL
-Packet Inspection
Device and
Application
The LTE Security Framework
2
S9
S1-C
Internet
S1-U
S5/S8
S6A
Gx
Gz/Gy
Other LTE
Network
S11
RAN-Core
Border
SEG
The border between RAN and Core (S1)requires protection against specific risks to
critical infrastructure at that interface
Control Plane Functions
-IKE
-AAA
-Routing
DRA
SBC
IMS
Core
SGW
MME
CSCF
Internet Border
Policy / Charging
Control
SGi
Data Plane Functions
-Forwarding
-QoS
-ACL
-Packet Inspection
Device and
Application
© 2014 Stoke
LTE Security at the S1 Link –
Emerging Trends
3
Challenge Requirements
Stronger Security
•2048 bit key length
•PKI
SignalingProtection -
New Threat Vectors
•Protect core -exponential transaction increase
•S1 protocol/state validation
VoLTE Rollout
•Lowlatency transport
•Sub-1 second recovery
Elastic Deployment
•Virtualized security gateway on COTS
•SDN integration
Scalable Small Cell
Deployments
•Dense session aggregation
•Intelligent load balancing
LTE Security at the S1 Link –
Emerging Trends
3
Challenge Requirements
Stronger Security
•2048 bit key length
•PKI
SignalingProtection -
New Threat Vectors
•Protect core -exponential transaction increase
•S1 protocol/state validation
VoLTE Rollout
•Lowlatency transport
•Sub-1 second recovery
Elastic Deployment
•Virtualized security gateway on COTS
•SDN integration
Scalable Small Cell
Deployments
•Dense session aggregation
•Intelligent load balancing
© 2014 Stoke
Use Case: Macro and Small Cell
Security
4
»Unsecured backhaul
»Rapidly increasing throughput
»High tunnel density
»Ultra-low latency
»Directly impacts subscriber QoE
44
MME
SGW
Office
Home
Outdoor
Metrocell
Small
Cells
4G LTE
EPC
MME
SGW
EPC
E2E Latency Budget = 100 ms
VoLTE:
Low Latency
Small Packets
Use Case: Macro and Small Cell
Security
4
»Unsecured backhaul
»Rapidly increasing throughput
»High tunnel density
»Ultra-low latency
»Directly impacts subscriber QoE
44
MME
SGW
Office
Home
Outdoor
Metrocell
Small
Cells
4G LTE
EPC
MME
SGW
EPC
E2E Latency Budget = 100 ms
VoLTE:
Low Latency
Small Packets
© 2014 Stoke
Office
Home
Outdoor
Metrocell
Small
Cells
Use Case: Signaling Overload
»Signaling Overload Threats
»Application initiated
»Compromised eNodeBs
»Natural disasters
»Prioritized Traffic
»Already connected subscribers
»Specific eNodeBs
SGW
4G LTE
EPCMillions of
Service
Requests
MME
Application
Update
Server
QoE: Prioritize
5
Office
Home
Outdoor
Metrocell
Small
Cells
Use Case: Signaling Overload
»Signaling Overload Threats
»Application initiated
»Compromised eNodeBs
»Natural disasters
»Prioritized Traffic
»Already connected subscribers
»Specific eNodeBs
SGW
4G LTE
EPCMillions of
Service
Requests
MME
Application
Update
Server
QoE: Prioritize
5
© 2014 Stoke
The LTE Security Framework
vSEGPhase 1
6
S9
Internet
S5/S8
S6A
Gx
Gz/Gy
Other LTE
Network
S11
RAN-Core Border
Control Plane Functions
-IKE
-AAA
-Routing
DRA
SBC
IMS
Core
SGW
MME
CSCF
Internet Border
Policy / Charging
Control
SGi
Data Plane Functions
-Forwarding
-QoS
-ACL
-Inspections
Device and
Application
»vSEGon COTS hardware on
Linux
»Similar deployment and
operational model as today
»Benefits:
»Removes restriction of physical
chassis
»scale to very large number of line
cards
SEG
v-SEG
(DP)
v-SEG
(CP)
The LTE Security Framework
vSEGPhase 1
6
S9
Internet
S5/S8
S6A
Gx
Gz/Gy
Other LTE
Network
S11
RAN-Core Border
Control Plane Functions
-IKE
-AAA
-Routing
DRA
SBC
IMS
Core
SGW
MME
CSCF
Internet Border
Policy / Charging
Control
SGi
Data Plane Functions
-Forwarding
-QoS
-ACL
-Inspections
Device and
Application
»vSEGon COTS hardware on
Linux
»Similar deployment and
operational model as today
»Benefits:
»Removes restriction of physical
chassis
»scale to very large number of line
cards
SEG
v-SEG
(DP)
v-SEG
(CP)
© 2014 Stoke
The LTE Security Framework
vSEGPhase 2
7
Other LTE
Network
SGW
MME
DRA
SBC
CSCF
Internet Border
Policy / Charging Control
Internet
S1-C
S1-U
Internet
V-EPC
RAN-Core Border
v-SEG
(DP)
v-SEG
(CP)
Security
Gateway Cloud
QoS InspectionACLs
IKE AAA Routing
SEG Controller
SDN
Controller
»Disaggregate control plane and
data plane functions to scale
each function independently.
»Can be integrated with Operator's
SDN infrastructure
»Benefits
»Fully elastic on-demand
deployment
»Capacity can be added dynamically
by adding more service nodes
»Scale some functions
disproportionately
The LTE Security Framework
vSEGPhase 2
7
Other LTE
Network
SGW
MME
DRA
SBC
CSCF
Internet Border
Policy / Charging Control
Internet
S1-C
S1-U
Internet
V-EPC
RAN-Core Border
v-SEG
(DP)
v-SEG
(CP)
Security
Gateway Cloud
QoS InspectionACLs
IKE AAA Routing
SEG Controller
SDN
Controller
»Disaggregate control plane and
data plane functions to scale
each function independently.
»Can be integrated with Operator's
SDN infrastructure
»Benefits
»Fully elastic on-demand
deployment
»Capacity can be added dynamically
by adding more service nodes
»Scale some functions
disproportionately
© 2014 Stoke
Conclusions
8
»Each domain of the LTE Security Framework provides
protection against specific threats and therefore has unique
functional and performance requirements
»S1 Link has stringent performance and latency requirements
»Purpose built platforms will remain the mainstay for next few
years
»Virtualization has benefits, but is not the answer for all use
cases
| Proprietary and Confidential
Conclusions
8
»Each domain of the LTE Security Framework provides
protection against specific threats and therefore has unique
functional and performance requirements
»S1 Link has stringent performance and latency requirements
»Purpose built platforms will remain the mainstay for next few
years
»Virtualization has benefits, but is not the answer for all use
cases
| Proprietary and Confidential
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 6
- Slides 8
- Age 571 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views