LTE Security - Taking Us All Out Of Our Comfort Zone

We all have something or somewhere that makes us feel comfortable. It could be a restaurant, a holiday destination, a favourite chair, or even an old jacket. It’s something we continually return to. Whatever it is they all have one thing in common – they seem oblivious to change. And that’s just how we like it. After all, it’s the familiarity, the lack of surprise, the “knowing what to expect” that makes us feel at ease and safe. But, every now and again, something happens that upsets our sense of order, something changes and we are forced to discard the old and familiar, as painful as it is, and confront the new.

And that’s exactly where mobile operators find themselves today. For years they were comfortable to sell voice and SMS plans and build out networks to support this. With the exception of a foray into data via the dongle nothing much else happened and mobile service providers got comfortable. Revenues grew, stockholders were delighted and customers were undemanding; happy days indeed. The lack of ambition on the part of MSPs was not shared by others though. Enter the smartphone, which appeared to take MSPs by surprise, and they’ve basically been playing catch up with the consequences ever since.

The game changer for MSPs is the development and deployment of LTE networks. Innovative MSPs can realistically look to new services and revenue streams while their customers’ experience is significantly heightened. We are already seeing differentiation between the services offered by MSPs and this is a good thing. But it’s not just the overt services that offer opportunity to differentiate; the implied services are equally fruitful. Security is a great example of this.

The interesting thing is that customers pretty much assume security is standard; that is until something goes wrong. In a new white paper published by Juniper Networks (LTE Security For Mobile Service Provider Networks, link at the foot of this article), the contention is that the adoption of security practices across MSPs is not the same and that this could be a differentiator too. 

The paper looks at security from two perspectives; the first concerns the integrity of customer data. Our mobile usage will become far more transactional based than it currently is. This requires access to, and transmission of, far more sensitive personal information (e.g. banking details). The second is network integrity where continuity of service becomes imperative (for streaming services) yet new vulnerabilities are introduced by the deployment of LTE networks.

There’s a whole bundle of stuff in this paper, and I’m not going to cover it all here, but I will call out a few things. The paper discusses the fundamental architectural differences between 2G/3G and LTE networks and the implications these differences have on security. It also examines the impact of the trend towards small cells and how some of the assumptions around physical security associated with cell sites needs to be reappraised. It goes on to consider man-in-the-middle threats and how third party applications and the growth in M2M and MTC services can generate signalling storms.

But it’s not all gloom and doom. The paper concludes with the belief that these issues are manageable providing network planners incorporate an LTE security gateway that not only authenticates eNodeB’s and encrypts traffic with IP Sec but also provides SCTP functionality to protect the mobile packet core.

So, the new looks good. Time to move on from the old and familiar, but only when I can be sure my MSP has done all it can to adopt the necessary security measures. Whoever gets there first gets my custom and that’s what differentiation is all about.

Follow the link, click on the white papers tab and download LTE Security For Mobile Service Provider Networks.

View the original article here