infonetics and stoke webinar: security at the speed of volte
Post on 21-Jun-2015
398 Views
Preview:
DESCRIPTION
TRANSCRIPT
Security at the Speed of VoLTE An Infonetics Research Webinar Co-produced with Stoke
#VoLTE The Webinar Will Begin Shortly
#VoLTE
Security at the Speed of VoLTE An Infonetics Research Webinar Co-produced with Stoke
Today’s Speakers
3
JoAnne Emery Event Director Infonetics Research (Moderator)
Dilip Pillaipakam VP Product Management and Marketing Stoke
Stéphane Téral Principal Analyst, Mobile Infrastructure and Carrier Economics Infonetics Research
#VoLTE
Audience Q&A
LTE Use Cases
Agenda
4
LTE Market Trends
4
LTE Pain Points
LTE Security Framework
Sponsor Approach
Conclusions
1 2 3 4 5 6
4
#VoLTE
7
The Mobile World Is Steadily Moving to LTE
So far so good: 6.6 billion people have been enjoying mobile communications with no major hacking of core networks!
5 © Infonetics: 2G, 3G, LTE Mobile Infrastructure & Subscribers Market Share & Forecasts, February 2014
0.0
0.5
1.0
2012 2013 2014 2015 2016 2017 2018
Bill
ions
LTE Subscribers Worldwide
Voice over LTE Subscribers Are Following Suit
‣ Despite its decline, voice remains a half-trillion-dollar business that is undeniably moving to IP
• But remember: No one can be trusted on the Internet
6 © Infonetics: Mobile VoIP & Subscribers Worldwide & Regional Market Size & Forecasts, June 2013
0
160
0.0
1.5
3.0
2012 2013 2014 2015 2016 2017
Subs
crib
ers
in M
illio
ns
Rev
enue
in U
S$ B
illio
ns
Global VoLTE Subscribers and Revenue
VoLTE Revenue VoLTE Subscribers
Flat IP Architecture Is Vulnerable
‣ The direct route from eNodeBs (eNBs) to the evolved packet core (EPC) opens the door for denial of service (DoS) attacks and interception of user communications
‣ Accidental or deliberate DoS attacks against customers remain the most common security threat
7
Source: Arbor Networks, Inc.; Worldwide Infrastructure Security Report Volume IX (3Q2013)
The LTE Security Framework
8
S9
S1-C
Internet
S1-U S5/S8
S6A
SGi
Gx Gz/Gy
Other LTE Network
S11
RAN-Core Border
IMS Core
SEG
Webinar Focus: RAN-Core (S1) Protection
CSCF
Internet Border
Policy/ Charging Control
Device and Application
MME
SGW
LTE Security at the S1 Link – Emerging Trends
9
Challenge Requirements
Stronger Security • 2048 bit key length • PKI
Signaling Protection • Protect core from exponential rise in transactions
VoLTE Rollout • Low latency transport • Sub-1 second recovery
New Threat Vectors
• S1 protocol/state validation • SCTP filtering
Audience Q&A
LTE Use Cases
Agenda
10
LTE Market Trends
4
LTE Pain Points
LTE Security Framework
Sponsor Approach
Conclusions
1 2 3 4 5 6
10
#VoLTE
7
How Secure Is Your Network?
11 11
“They had reason to think, insiders said, that their private, internal networks were safe from prying eyes.”
“Simply having a ‘private’ line doesn't mean that you're not actually on a party line with the NSA.”
Caught in the Storm
12 12 12
Common themes “Unforeseen…” “Widespread”…
“Costly to repair…”
… …
Unique RAN – Core Challenges
13 13 13
‣ Unsecured backhaul ‣ Rapidly increasing throughput ‣ High tunnel density ‣ Ultra-low latency ‣ Directly impacts subscriber QoE
MME
SGW
Office
Home
Outdoor Metrocell
Small Cells
4G LTE
EPC
MME
SGW
EPC
E2E Latency Budget = 100 ms
VoLTE: Low Latency
Small Packets
Impact of IPsec and Smaller Packets
14 14 14
0%
20%
40%
60%
80%
100%
1518 1460 1280 1024 768 512 384 256 128 96
Thro
ugh
pu
t: %
of
Lin
e R
ate
Packet Size (Bytes)
512 Bytes
Loss of Capacity
% o
f Tot
al P
acke
ts
% E
ncrypted Throughput
IPsec
Small Packets
Increased Latency
Source: Stoke analysis of cumulative packet size distribution
Audience Q&A
LTE Use Cases
Agenda
15
LTE Market Trends
4
LTE Pain Points
LTE Security Framework
Sponsor Approach
Conclusions
1 2 3 4 5 6
15
#VoLTE
7
The LTE Security Framework
16
S9
S1-C
Internet
S1-U S5/S8
S6A
Gx
Gz/Gy
Other LTE Network
S11
RAN-Core Border
SEG
The border between RAN and Core (S1) requires protection against specific risks to critical infrastructure at that interface
New Protection Functions - Control + user plane visibility
- RAN awareness
- Deeper EPC protection
DRA
SBC
IMS Core
SGW
MME
CSCF
Internet Border
Policy / Charging Control
SGi
Audience Q&A
LTE Use Cases
Agenda
17
LTE Market Trends
4
LTE Pain Points
LTE Security Framework
Sponsor Approach
Conclusions
1 2 3 4 5 6
17
#VoLTE
7
Use Case: Security During Rapid Growth and Unpredictability
18 18 18
1.1
19.0
41.0
1Q11 2Q11 3Q11 4Q11 1Q12 3Q12 4Q12 2Q13 3Q13 4Q13 2014 2015
‣ Rapid 9-month expansion • 0–5k base stations
• 1 million subscribers
‣ Keep up with demand • 20x subscriber
increase
• Increased usage
‣ Maintain competitive edge • Add VoLTE
• Increase speed
New Devices
New Apps
Operator Objective: Security + High Throughput + Low Latency
New Services
Subscribers (M)
Source: Asian operator network fact book, press releases, and annual reports
Office
Home Outdoor Metrocell
Small Cells
Use Case: Signaling Overload
‣ Signaling Overload Threats • Application initiated • Compromised eNodeBs • Natural disasters
‣ Prioritized Traffic • Already connected subscribers • Specific eNodeBs
SGW
4G LTE
EPC Millions of Service
Requests MME
Application Update Server
QoE: Prioritize
19
Use Case: Small Cell Security
‣ Unsophisticated home owners ‣ Unsecured locations ‣ Much higher tunnel density ‣ Higher throughput per tunnel
MME
SGW
Office
Home
Small Cells
4G LTE
EPC 100,000s Tunnels
Millions of Tunnels
20
Audience Q&A
LTE Use Cases
Agenda
21
LTE Market Trends
4
LTE Pain Points
LTE Security Framework
Sponsor Approach
Conclusions
1 2 3 4 5 6
21
#VoLTE
7
Stoke Security eXchange™
22 22 22
MME
SGW
Office
Home
Outdoor Metrocell
Small Cells
4G LTE
EPC
Stoke Security eXchange
• 30 Micro seconds or less • 0.03% of latency budget
E2E VoLTE Latency Budget = 100 ms
Stoke Industry Insight: Charting the Signaling Storms
Stoke Security eXchange™
23 23 23
VoLTE: Small Packets
Stoke maintains encrypted performance with the smallest packet sizes
Stoke Industry Insight: Charting the Signaling Storms
Calming the Storm
24
MME
SGW
Office
Home Outdoor Metrocell
Small Cells
4G LTE
EPC
MBA Stoke Mobile Border Agent
S1 Policing and Metering
MME
MBA MME
SGW
EPC
MBA
Audience Q&A
LTE Use Cases
Agenda
25
LTE Market Trends
4
LTE Pain Points
LTE Security Framework
Sponsor Approach
Conclusions
1 2 3 4 5 6
25
#VoLTE
7
In Summary
‣ Network security is of increasing importance and even so-called “private” networks are at risk
‣ VoLTE offers new, unique challenges to operators
‣ Signaling storms have already caused costly outages
‣ Carriers need a dedicated security element to secure the RAN and protect the EPC
26
Audience Q&A
LTE Use Cases
Agenda
27
LTE Market Trends
4
LTE Pain Points
LTE Security Framework
Sponsor Approach
Conclusions
1 2 3 4 5 6
27
#VoLTE
7
Audience Q&A
28
JoAnne Emery Event Director joanne@infonetics.com Infonetics Research (Moderator)
Dilip Pillaipakam VP Product Management and Marketing dpillaipakam@stoke.com Stoke
Stéphane Téral Principal Analyst, Mobile Infrastructure and Carrier Economics stephane@infonetics.com Infonetics Research
#VoLTE
Thank You This webcast will be available on-demand for 90 days
For additional Infonetics events, visit https://www.infonetics.com/infonetics-events/
#VoLTE
top related