The Top 5 LTE Protection

DomainsLTE operators have invested heavily in protecting the subscriber and the network in five key areas.

Copyright 2014 Stoke, Inc.

The LTE SecurityFramework

User equipment must beauthenticated by the corenetwork before enabled to makevoice calls, texting, Internetbrowsing or access any other service through the mobilenetwork. This helps preventsfraudulent use of subscriberservices by an unauthorized useror different device.

Malware infections increased by 20% in2013, to 11.6M mobile devicesworldwide, 60% of which are Androiddevices

Device & ApplicationIntegrity Ensured

Malware Infections

11.6M

Source: Kindsight Security Labs Malware Report Q4 2013

Mobile operators andmanufacturers provide anti-virus software and provideguidance on softwareapplications that may bequestionable.

Remote "wipe"through devicesoftware, removessubscriber informationin the event of devicetheft or loss.

Device Misuse Malware and Viruses

A security gateway (SEG)provides secureaggregation of traffic andensures correctauthentication of cellsites.

RAN-Core BorderMalicious Access Averted

Intensified BackhaulRisks

53%

By 2017, over half of LTE cellsites areforecast toencrypt trafficusing IPsec.

60M SmallCells

Source: Small Cells Forum, 2016 forecast

Small cells are especially vulnerable to hackerinterception and spoofingas they are often deployedin less secure locations andconnected with untrustedbackhaul.

Source: Heavy Reading

EncryptedThe SEG protects core

network assets andfurther ensures subscriber

confidentiality.

With almost $3 B in projected servicerevenues, operators must protectpremium voice (VoLTE) from maliciousintrusion, unauthorized access, andpoor quality of experience (QoE).

Diameter Routing Agents (DRA) andSession Border Controllers (SBC)support critical core functions.

Security gateways protect privacywithout adding perceivable latencythat would impair voice quality.

IMS Core & PCC VulnerableVoLTE

Policy Charging and ControlElements provide secureaccess to authorized servicesand accurate billing.

IP Multimedia Subsystemsenable voice over LTE (VoLTE)and ensure that onlyauthorized sessions areallowed access.

Source: Infonetics

$2.7 B

2017

VoLTE ServiceRevenue

Authorized Service Use

Malicious denial-of-service attacks are morecommonly initiated through the Internet, butcan enter through an unsecured RAN-Coreborder or through roaming partnerinterfaces.

Firewalls, IDS and security gateways aredeployed to protect against DDoS attacksthat can cause widescale service outages orotherwise disrupt service access and quality.

DDoS Defense

Service Disruption

20%

Source: Arbor Networks

Internet Border

20 % of mobile operators have had acustomer visible outage due to asecurity incident. 25% have seen DDoSattacks targeting users or network.

Denial-of-serviceattacks causeservice outages byflooding thenetwork with somuch traffic that anetwork element isoverwhelmed andcannot provideservice tolegitimate traffic.

25%

Copyright 2014 Stoke, Inc., All Rights Reserved

www.stoke.com