LTE Security Framework: 5 Domains of LTE Vulnerability
1
Click here to load reader
-
Upload
mary-mcevoy-carroll -
Category
Technology
-
view
471 -
download
4
description
The LTE Security Framework, developed by Stoke, is a strategic tool that provides an overview of the entire LTE infrastructure threat surface and can be used as a reference point for identifying the appropriate solutions to place at the five key points of vulnerability in LTE networks. As illustrated in this brief summary, each of the five LTE security domains is subject to specific types of threats, employs different protocols, and therefore has unique protection requirements needing specialized network equipment.
Transcript of LTE Security Framework: 5 Domains of LTE Vulnerability
PRIVATE AND CONFIDENTIAL Stoke, Inc, 5403 Betsy Ross Drive, Santa Clara, CA 95054, tel. + 1 408 855 2888
The LTE Security Framework
The LTE Security Framework, developed by Stoke, is a strategic tool that provides an overview of the entire LTE
infrastructure threat surface and can be used as a reference point for identifying the appropriate solutions to
place at the five key points of vulnerability in LTE networks. Each of the five LTE security domains, illustrated below, is subject to specific types of threats, employs different
protocols, and therefore has unique protection requirements needing specialized network equipment.
Device and Application: User equipment must be authenticated by the core network before
enabled to access any other service through the mobile network, preventing fraudulent use of
subscriber services by an unauthorized user or different device. Anti-virus software and
questionable application guidance also help protect user applications.
RAN-Core Border: A security gateway (SEG) provides secure aggregation of traffic and ensures
correct authentication of cell sites and data integrity, providing protection against eNodeB spoofing,
packet sniffing, packet injection, eavesdropping, and other forms of malicious intrusion.
IMS Core: IP Multimedia Subsystems enable voice over LTE (VoLTE) and ensure that only
authorized sessions are allowed access. Session Border Controllers support these critical functions.
Policy and Charging Control: Policy Charging and Control Elements provide secure access to
authorized services and accurate billing. Diameter Routing Agents support these critical functions.
Internet Border: Firewalls, IDS and security gateways are deployed to protect against DDoS attacks
that can cause wide scale service outages or otherwise disrupt service access and quality.
Security and, more generally, network protection from unexpected high-traffic events has gained a higher priority
status in LTE as mobile networks become easier and more attractive targets for malicious attacks, and more
vulnerable to signaling and data traffic overload that can disrupt or completely block network access.
Within the context of LTE security, the radio-to-core link has to be protected to ensure end-to-end network
security. The security gateway is a crucial enabler to provide the scalability, processing and aggregation
capabilities, the performance, and the functionality to support IPsec.
