Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • Subscribe!
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings

Security Threats in LTE: Devices, Access, Core Elements & Services

By atesmeh | January 8, 2015

Share

As LTE is deployed worldwide, seamless communications amongst all forms of devices and access methods to the All-IP LTE core are advancing daily. There are more new services at higher speeds and with greater reliability than ever before. These advances bring new revenue opportunities as well as new and advanced security threats.

Historically, carrier-grade telecom networks have had an excellent record for user and network security, however, today’s communications infrastructure is more vulnerable than its predecessors. The Internet is becoming an integral part of all communications. With corporate network security breaches everywhere affecting millions of users, networks must address security at all levels.

Attacks can come in many different shapes and sizes: user malware, fraudulent calls, spam, viruses, data and identity theft, and denial of service. The rise in security threats is partly due to the growing deployment of carrier Wi-Fi access infrastructures and small cells in public areas, offices, and homes; and will increase exponentially with M2M.

ABI Research predicts that by 2016, half of all small-cell security gateway revenue will come from the enterprise space, reflecting greater exposure to risk and greater loss potential. Each enterprise site is an IP access point to the network that could potentially be used as an entry point by attackers and hackers. Operators and enterprises need to take steps to ensure their networks are safe, while continuing to respond to the relentless demand for the ubiquitous coverage and faster data speeds both home and enterprise customers expect.

These new security risks are being exposed by the move to the IP-centric LTE architecture. The deployment of LTE is a primary driver behind the security risks as the LTE architecture is much flatter and more IP-centric than 3G – meaning there are fewer steps to access the core network. With 3G, the Radio Network Controller (RNC) controls all access to the base stations meaning that potential hackers can’t get close to the core network.

In LTE, IP backhaul is mandatory but the RNC node is eliminated, giving a potential attacker a straighter path to the core network. Operators recognize that IPsec tunnels will be required at every cell site connected to an insecure network for the purpose of authentication and encryption.

Tired Security Solutions

Operators must be prepared to meet every threat. Security gateways and firewalls have been the go-to device for IP, but not all such devices are configured or priced appropriately. To meet today’s threats, no single device can be the right fit for all circumstances. Operators need to address security as a multi-level problem. IPsec encryption and authentication provides the most basic layer of user and network security.

Figure 1

LTE IP backhaul creates a major risk, potentially exposing both the control and user data plane to attacks. Historically, TDM protocols, such as SS7 and end-to-end authentication and encryption in 2G and 3G networks, have meant that wire line and mobile networks have been inherently secure. However, LTE does not benefit from this mandatory protection. Until recently, the growth of IP in telecoms networks has tended to be in the core network, and therefore was secure, as it was far enough away from the user and edge of the network to be protected by traditional security methods. This is no longer true. Protection is imperative at the edge of the core; access protection that only a security gateway can provide. To keep the network running smoothly and safely, the least amount of protocol filtering or packet inspection at this point the better.

Core Node IPsec & Protocol Filtering

Protecting access to the core network is not enough in LTE networks. As shown in Figure 1, there is a direct path from the eNodeB or small cell directly into the network. If secure access to the core is breached, there are innumerable signaling and bearer paths between core network elements to exploit unless protected internally.

Connection protection can be achieved with an embedded IPsec security gateway in each node. This provides encryption of all control and data plane traffic. An advanced security gateway within the core provides checkpoints to ensure that only truly authorized traffic is passing through the network.

DPI

Network security starts with the mobile user and ends up affecting core services. Operators and vendors must ensure the highest levels of device security and educate users to protect themselves. Even if encryption is embedded on the device, applications must make use of it, and of course the device itself must be secured by the use of multi-factor authentication.

At the end of the day, even the most secure network cannot protect against bad data packets it may receive from compromised devices. In that case, the network must have protection at the receiving end of the connection. Security within the network, especially at data centers and service nodes, must be addressed by security applications with DPI capabilities to identify hidden threats in packet streams and prevent attacks on these essential network services.

Once the network is protected end-to-end, there can be no performance bottlenecks in terms of throughput and latency. Security cannot simply be effective; it must also be highly efficient.

Operators must choose high-throughput, right-featured, flexible security solutions to ensure their competitive advantage. Only then can they continue to build out their networks to reach more users while also protecting them, and enabling them to take advantage of the growth opportunities available in the expanding ultra-broadband mobile market.

For more information visit www.adax.com.


Filed Under: M2M (machine to machine)

 

Related Articles Read More >

Part 6: IDE and other software for connectivity and IoT design work
Part 4: Edge computing and gateways proliferate for industrial machinery
Part 3: Trends in Ethernet, PoE, IO-Link, HIPERFACE, and single-cable solutions
Machine Learning for Sensors

DESIGN GUIDE LIBRARY

“motion

Enews Sign Up

Motion Control Classroom

Design World Digital Edition

cover

Browse the most current issue of Design World and back issues in an easy to use high quality format. Clip, share and download with the leading design engineering magazine today.

EDABoard the Forum for Electronics

Top global problem solving EE forum covering Microcontrollers, DSP, Networking, Analog and Digital Design, RF, Power Electronics, PCB Routing and much more

EDABoard: Forum for electronics

Sponsored Content

  • Industrial disc pack couplings
  • Pushing performance: Adding functionality to terminal blocks
  • Get to Know Würth Industrial Division
  • Renishaw next-generation FORTiS™ enclosed linear encoders offer enhanced metrology and reliability for machine tools
  • WAGO’s smartDESIGNER Online Provides Seamless Progression for Projects
  • Epoxy Certified for UL 1203 Standard

Design World Podcasts

July 26, 2022
Tech Tuesdays: Sorbothane marks 40 years of shock and vibration innovation
See More >
Engineering Exchange

The Engineering Exchange is a global educational networking community for engineers.

Connect, share, and learn today »

Design World
  • Advertising
  • About us
  • Contact
  • Manage your Design World Subscription
  • Subscribe
  • Design World Digital Network
  • Engineering White Papers
  • LEAP AWARDS

Copyright © 2022 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • Subscribe!
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings