Stoke is very excited to roll out what we believe to be the industry’s first LTE security framework, a strategic tool providing an overview of the entire LTE infrastructure threat surface. It’s designed to strip away the mystery and confusion surrounding LTE security and serve a reference point to help LTE design teams identify the appropriate solutions to place at the five different points of vulnerability in evolved packet core (EPC), illustrated in the diagram below:
1) Device and application security; 2) RAN-Core Border (the junction of the radio access network with the EPC or S1 link); 3) Policy and Charging Control (interface of EPC with other LTE networks); 4) Internet border; 5) IMS core
Here’s why we felt this was necessary: Now that the need to protect LTE networks is universally acknowledged, a feeding frenzy has been created among the security vendor community. Operators are being deluged with options and proposals from a wide range of vendors. While choice is a wonderful thing, too much of it is not, and this avalanche of offerings has already created real challenges for LTE network architects. It’s a struggle for operators to distinguish between the hundreds of security solutions being presented to them, and the protective measures that are actually needed.
This is because the concepts and requirements for securing LTE networks have only been addressed in theory, despite being addressed by multiple standards bodies and industry associations. In LTE architecture diagrams, the critical security elements are never spelled out.
Without pragmatic guidelines as to which points of vulnerability in the LTE network must be secured, and how, there’s an element of guesswork about the security function. And, as we’ve learned from many deployments where security has been expensively retrofitted, or squeezed into the LTE architecture as a late-stage afterthought, this approach throws up massive functional problems.
Our framework will, we hope, help address the siren call of the all-in-one approach. While the appeal of a single solution is compelling, it’s a red herring. One solution can’t possibly address the security needs of the five security domains. Preventing signaling storms, defending the Internet border, providing device security – all require purpose-appropriate solutions and, frequently, purpose-built devices.
Our goal is to help bring the standards and other industry guidelines into clearer, practical perspective, and support a more consistent development of LTE security strategies across the five security domains. And since developing an overall LTE network security strategy usually involves a great deal of cross-functional overlap, we hope that our framework will also help create alignment about which elements need to be secured, where and how.
Without a reference point, it is difficult to map security measures to the traffic types, performance needs and potential risks at each point of vulnerability. Our framework builds on the foundations of the industry bodies including 3GPP, NGMN and ETSI and you can read more about the risks and potential mitigation strategies associated with different security domains in our white paper, ‘LTE Security Concepts and Design Considerations,’.
A jpeg version of the framework can be downloaded here. Stoke VP of Product Management/Marketing Dilip Pillaipakam will be addressing the topic in detail during his presentation at Light Reading’s Mobile Network Security Strategies conference in London on May 21, and we will make his slides and notes of proceedings available immediately after the event. Meanwhile, we welcome your thoughts, comments and insights.
|Stoke SSX-3000 Datasheet||1.08 Mb|
|Stoke Security eXchange Datasheet||976 Kb|
|Stoke Wi-Fi eXchange Datasheet||788 Kb|
|Stoke Design Services Datasheet||423 Kb|
|Stoke Acceptance Test Services Datasheet||428 Kb|
|Stoke FOA Services Datasheet||516 Kb|
|Security eXchange – Solution Brief & Tech Insights|
|Inter-Data Center Security – Scalable, High Performance||554 Kb|
|LTE Backhaul – Security Imperative||454 Kb|
|Charting the Signaling Storms||719 Kb|
|Operator Innovation: BT Researches LTE for Fixed Moile Convergence||470 Kb|
|The LTE Mobile Border Agent™||419 Kb|
|Beyond Security Gateway||521 Kb|
|Will Small Packets Degrade Your Network Performance?||223 KB|
|SSX Multi-Service Gateway||483 KB|
|Security at the LTE Edge||345 KB|
|Security eXchange High Availability Options||441 KB|
|Scalable Security for the All-IP Mobile Network||981 Kb|
|Scalable Security Gateway Functions for Commercial Femtocell Deployments and Beyond||1.05 MB|
|LTE Equipment Evaluation: Considerations and Selection Criteria||482 Kb|
|Stoke Industry Leadership in LTE Security Gateway||426 Kb|
|Stoke Multi-Vendor RAN Interoperability Report||400 Kb|
|Scalable Infrastructure Security for LTE Mobile Networks||690 Kb|
|Performance, Deployment Flexibility Drive LTE Security Wins||523 Kb|
|Wi-Fi eXchange – Solution Brief & Tech Insights|
|Upgrading to Carrier Grade Infrastructure||596 Kb|
|Extending Fixed Line Broadband Capabilities||528 Kb|
|Mobile Data Services Roaming Revenue Recovery||366 Kb|
|Enabling Superior Wi-Fi Services for Major Event and Locations||493 Kb|
|Breakthrough Wi-Fi Offload Model: clientless Interworking||567 Kb|
Source: http://www.stoke.com/Blog/2014/05/the-hidden-face-of-lte-security-unveiled-new-framework-spells-out-the-five-key-security-domains/ – http://www.stoke.com/Document_Library.asp