As I discussed in my first blog, the issue of security for mobile networks, subscribers, devices and applications, is undergoing significant changes with the move to an IP-based technology. In this post, we’ll look at technology trends that are contributing to these new security challenges.
For several reasons, LTE networks are less secure than previous generations. First of all, because they are all-IP networks. The newest security front is between eNodeBs and EPC (evolved packet core). There is no protection there for user information privacy and man-in-the-middle attacks. Only a relatively few mobile operators are deploying IPSec VPN to protect user data and enhance authentication.
To make the situation worse, small-cells, pico-cells, micro-cells and Wi-Fi access point deployments accelerate security risks because hackers potentially have physical access to these devices. This proximity makes initiating attacks on the EPC by hackers much easier, even with the deployment of additional security measures in the form of IPSec VPNs. Even with IPSec, attacks can propagate inside the IPSec tunnel and hurt EPC nodes.
For example, hackers can inject a signaling level attack on the S1-MME level toward an MME. or on the X2-App level toward another eNodeB, micro, pico, or small-cell. One eNodeB can attack up to 32 other eNodeBs and quickly affect quite a large area. And this kind of attack can’t even be detected until it’s too late, due to lack of adequate security mechanisms.
Of course, it’s not easy to launch an attack on the S1-MME or X2-App levels. However, the likelihood of this attack has been increasing with the recent shift in the type of attacker. As I discussed in my previous blog, more and more attacks are “for-profit” from illegal and cyber attackers, often involving big criminal organizations, and even some government organizations.
Another new security front is on the roaming signaling interface, for example between visiting mobility management entity (MME) and home network HSS (subscriber database). If the visiting MME is originating attacks toward the HSS, there is no security mechanism to detect this attack and protect the HSS.
Even SCTP, the protocol of choice for the LTE control plane, while solving a lot of TCP/UDP security concerns, has some inherent vulnerabilities: address camping or stealing, association hijacking, and amplification attacks.
Lately, we are hearing about signaling storms that are causing network outages an
d congestions. We know that signaling traffic is increasing almost three times faster than data traffic due to the nature of LTE and that these “storms” are not typically caused by dedicated hacker attacks. We know examples of “simple” power outages, software problems or some new smart-phone applications that have created huge volumes of signaling control traffic.
However, let’s take a look on the quote from the recent Heavy Reading Mobile Network Outages and Service Degradations Survey October 2013: “Over the last 12 months at least 60% of mobile operators have suffered a network outage or service degradation lasting at least one hour that was caused by a malicious attack and affected a substantial part of the network”. And it may be even more, because it’s not easy to do root cause analysis of all incidents, nor is it simple to even detect malicious traffic.
Last but not least, NFV and SDN trends will require a completely new security approach and security architectural innovation.
In summary, architecturally LTE networks are inherently less secure than their 3G predecessors. This can open up mobile networks up to a greater number of very real threats, meaning the onus will be on mobile operators to increase their efforts to protect users, network and applications. The discussion on which concepts should be implemented to protect the mobile ecosystem (users, networks, applications) in order to earn user trust needs to be constantly ongoing.
Feel free to discuss with us at F5 booth at the LTE North America event.
Leonid Burakovsky currently serves as F5 Networks Sr. Director, Strategic Solutions. Prior to this role he served as Juniper Networks Strategic Alliances CTO. Leonid is regularly asked to present at MWC, NGMN Forum, 4G, CTIA, Futurecom, IEEE, BroadbandForum, LTE World, LTE LATAM to name a few. Before joining Juniper Networks in 2004, Leonid worked at Airslide, Bezeq Int, ECI, Alcatel and the Center for Communication Research. Leonid has more than 28 years of industry experience and holds a bachelors and masters degree in information systems engineering.