Sponsored by Stoke
The evolution of the security gateway
- IPsec and SeGWs are the dominant solution endorsed by 3GPP to protect the LTE radio-to-core link.
- SeGW's role has started to expand beyond security. It protects the network against sudden and unexpected surges in signaling and user data traffic, whether the result of malicious attack, configuration error, or spikes in subscriber activity.
- Scalability, multi-vendor interoperability and low latency are required in the SeGW to support LTE networks as they evolve from the initial launch to a mature phase marked by higher traffic loads and the introduction of advanced services.
LTE ushers in mobile networks that have a more flexible and less hierarchical framework, higher performance and richer functionality. But it also increases the porosity of the mobile network and its vulnerability to malicious attacks and accidental traffic disruption.
Security has become a hot topic among LTE operators. While the attention focuses almost exclusively on mobile devices, they are far from being the only targets for attack and entry points to mobile networks. Attacks can be launched from the internet as well as from roaming and MVNO partners.
Unauthorized access to the network may come from infrastructure elements such as the eNB. Adoption of small and femto cells, which are easier to access than traditional macro cells are, further increases the vulnerability of the network. If left unprotected, the RAN-to-core link offers another route that can cause disruption in mobile networks.
To avoid congestion or service interruption, and provide a consistent QoE to their subscribers, mobile operators have to protect their entire networks – devices, base stations or femto cells, backhaul links, and the core network – against abnormal traffic flows that may stem from intentional attacks (e.g., malware), unintended events (e.g., configuration errors), or unusual but legitimate traffic spikes (e.g., during a sports event), and may result in spikes both in the control plane (signaling floods) and in the data plane
In this white paper we focus on the security and protection of the radio-to-core link, and discuss how the strategically located security gateway (SeGW) enables operators to meet their performance, reliability and service requirements as they go through three distinct, but often overlapping, phases in their LTE deployments.