Solutions : Securing LTE Communications

Facing skyrocketing packet data traffic demands and growth rates, operators are implementing a range of service access networks and technologies, including LTE small cells and Wi-Fi, that have one thing in common: the link between radio and the operators' core network cannot always be "trusted." Moreover, as operators enable more and more infrastructure with IP to take advantage of lower cost infrastructure and transport options, there are risks that accompany the rewards which must be managed.

As the popularity of the Internet has grown it has become proportionately less secure, sometimes famously. As mobile computing is gaining in popularity - even overtaking desktop and laptop computing - Internet thieves, extortionists, and corporate espionage actors are delighted with the opportunity. And while mobile network operators historically found their networks secure owing to their end-to-end ownership and proprietary design, LTE and IP enablement ends all that. Operators must be proactive to mitigate risks to their services, their systems, their subscribers, and their brands.

Considering a secure front door or RAN security gateway as a strategic component in the core can dramatically reduce the risks associated with LTE and IP networking. With an appropriately designed solution that supports complete end-to-end traffic encryption - ensuring every path to the core is "trusted" - is the best possible protection from service and subscriber identity theft, and from damaging litigation.

But while security gateways have been in use in Enterprise networks and for operator-provided enterprise VPN services for years, the scale at which the security gateway must operate when applied to the mobile networks is dramatically different. Enterprise platforms can not scale easily to manage hundreds of thousands of encrypted connection without impacting overall system performance. A new class of security gateways is required to meet the demands of subscriber densities and encryption processing capacity.

Stoke Security eXchange
The Security eXchange runs on the Stoke's SSX-3000 and delivers a scalable security gateway function for the lowest cost per bit, and the lowest cost per subscriber on the market today. Additionally, the SSX supports configurations starting as low as 7,500 concurrent IPSec tunnels up to 120,000 concurrent IPSec tunnels in a compact, fully redundant, 5 rack units package. The Security eXchange also offers more throughput per RU than any other security gateway available, delivering up to 80 Gbps per system using Stoke's breakthrough xGLC20 processor module.

And Service eXchange's throughput is not diminished when features like encryption & decryption, traffic classification, QoS marking, traffic policing, and charging / accounting are turned on, nor when - as is expected with increasingly multimedia traffic - smaller packet sizes dominate the traffic stream.

Learn More:

Read the Stoke Sessions Blog Follow Stoke on Twitter Connect with Stoke on LinkedIn Visit our Channel on YouTube