Security at the Speed of VoLTE An Infonetics Research Webinar Co-produced with Stoke

#VoLTE The Webinar Will Begin Shortly

#VoLTE

Security at the Speed of VoLTE An Infonetics Research Webinar Co-produced with Stoke

Today’s  Speakers

3

JoAnne Emery Event Director Infonetics Research (Moderator)

Dilip Pillaipakam VP Product Management and Marketing Stoke

Stéphane Téral Principal Analyst, Mobile Infrastructure and Carrier Economics Infonetics Research

#VoLTE

Audience Q&A

LTE Use Cases

Agenda

4

LTE Market Trends

4

LTE Pain Points

LTE Security Framework

Sponsor Approach

Conclusions

1 2 3 4 5 6

4

#VoLTE

7

The Mobile World Is Steadily Moving to LTE

So far so good: 6.6 billion people have been enjoying mobile communications with no major hacking of core networks!

5 © Infonetics: 2G, 3G, LTE Mobile Infrastructure & Subscribers Market Share & Forecasts, February 2014

0.0

0.5

1.0

2012 2013 2014 2015 2016 2017 2018

Bill

ions

LTE Subscribers Worldwide

Voice over LTE Subscribers Are Following Suit

‣ Despite its decline, voice remains a half-trillion-dollar business that is undeniably moving to IP

• But remember: No one can be trusted on the Internet

6 © Infonetics: Mobile VoIP & Subscribers Worldwide & Regional Market Size & Forecasts, June 2013

0

160

0.0

1.5

3.0

2012 2013 2014 2015 2016 2017

Subs

crib

ers

in M

illio

ns

Rev

enue

in U

S$ B

illio

ns

Global VoLTE Subscribers and Revenue

VoLTE Revenue VoLTE Subscribers

Flat IP Architecture Is Vulnerable

‣ The direct route from eNodeBs (eNBs) to the evolved packet core (EPC) opens the door for denial of service (DoS) attacks and interception of user communications

‣ Accidental or deliberate DoS attacks against customers remain the most common security threat

7

Source: Arbor Networks, Inc.; Worldwide Infrastructure Security Report Volume IX (3Q2013)

The LTE Security Framework

8

S9

S1-C

Internet

S1-U S5/S8

S6A

SGi

Gx Gz/Gy

Other LTE Network

S11

RAN-Core Border

IMS Core

SEG

Webinar Focus: RAN-Core (S1) Protection

CSCF

Internet Border

Policy/ Charging Control

Device and Application

MME

SGW

LTE Security at the S1 Link – Emerging Trends

9

Challenge Requirements

Stronger Security • 2048 bit key length • PKI

Signaling Protection • Protect core from exponential rise in transactions

VoLTE Rollout • Low latency transport • Sub-1 second recovery

New Threat Vectors

• S1 protocol/state validation • SCTP filtering

Audience Q&A

LTE Use Cases

Agenda

10

LTE Market Trends

4

LTE Pain Points

LTE Security Framework

Sponsor Approach

Conclusions

1 2 3 4 5 6

10

#VoLTE

7

How Secure Is Your Network?

11 11

“They  had reason to think, insiders said, that their private, internal networks were safe from prying eyes.”

“Simply  having a ‘private’  line doesn't mean that you're not actually on a party line with the NSA.”

Caught in the Storm

12 12 12

Common themes “Unforeseen…” “Widespread”…

“Costly  to  repair…”

… …

Unique RAN – Core Challenges

13 13 13

‣ Unsecured backhaul ‣ Rapidly increasing throughput ‣ High tunnel density ‣ Ultra-low latency ‣ Directly impacts subscriber QoE

MME

SGW

Office

Home

Outdoor Metrocell

Small Cells

4G LTE

EPC

MME

SGW

EPC

E2E Latency Budget = 100 ms

VoLTE: Low Latency

Small Packets

Impact of IPsec and Smaller Packets

14 14 14

0%

20%

40%

60%

80%

100%

1518 1460 1280 1024 768 512 384 256 128 96

Thro

ugh

pu

t: %

of

Lin

e R

ate

Packet Size (Bytes)

512 Bytes

Loss of Capacity

% o

f Tot

al P

acke

ts

% E

ncrypted Throughput

IPsec

Small Packets

Increased Latency

Source: Stoke analysis of cumulative packet size distribution

Audience Q&A

LTE Use Cases

Agenda

15

LTE Market Trends

4

LTE Pain Points

LTE Security Framework

Sponsor Approach

Conclusions

1 2 3 4 5 6

15

#VoLTE

7

The LTE Security Framework

16

S9

S1-C

Internet

S1-U S5/S8

S6A

Gx

Gz/Gy

Other LTE Network

S11

RAN-Core Border

SEG

The border between RAN and Core (S1) requires protection against specific risks to critical infrastructure at that interface

New Protection Functions - Control + user plane visibility

- RAN awareness

- Deeper EPC protection

DRA

SBC

IMS Core

SGW

MME

CSCF

Internet Border

Policy / Charging Control

SGi

Audience Q&A

LTE Use Cases

Agenda

17

LTE Market Trends

4

LTE Pain Points

LTE Security Framework

Sponsor Approach

Conclusions

1 2 3 4 5 6

17

#VoLTE

7

Use Case: Security During Rapid Growth and Unpredictability

18 18 18

1.1

19.0

41.0

1Q11 2Q11 3Q11 4Q11 1Q12 3Q12 4Q12 2Q13 3Q13 4Q13 2014 2015

‣ Rapid 9-month expansion • 0–5k base stations

• 1 million subscribers

‣ Keep up with demand • 20x subscriber

increase

• Increased usage

‣ Maintain competitive edge • Add VoLTE

• Increase speed

New Devices

New Apps

Operator Objective: Security + High Throughput + Low Latency

New Services

Subscribers (M)

Source: Asian operator network fact book, press releases, and annual reports

Office

Home Outdoor Metrocell

Small Cells

Use Case: Signaling Overload

‣ Signaling Overload Threats • Application initiated • Compromised eNodeBs • Natural disasters

‣ Prioritized Traffic • Already connected subscribers • Specific eNodeBs

SGW

4G LTE

EPC Millions of Service

Requests MME

Application Update Server

QoE: Prioritize

19

Use Case: Small Cell Security

‣ Unsophisticated home owners ‣ Unsecured locations ‣ Much higher tunnel density ‣ Higher throughput per tunnel

MME

SGW

Office

Home

Small Cells

4G LTE

EPC 100,000s Tunnels

Millions of Tunnels

20

Audience Q&A

LTE Use Cases

Agenda

21

LTE Market Trends

4

LTE Pain Points

LTE Security Framework

Sponsor Approach

Conclusions

1 2 3 4 5 6

21

#VoLTE

7

Stoke Security eXchange™

22 22 22

MME

SGW

Office

Home

Outdoor Metrocell

Small Cells

4G LTE

EPC

Stoke Security eXchange

• 30 Micro seconds or less • 0.03% of latency budget

E2E VoLTE Latency Budget = 100 ms

Stoke Industry Insight: Charting the Signaling Storms

Stoke Security eXchange™

23 23 23

VoLTE: Small Packets

Stoke maintains encrypted performance with the smallest packet sizes

Stoke Industry Insight: Charting the Signaling Storms

Calming the Storm

24

MME

SGW

Office

Home Outdoor Metrocell

Small Cells

4G LTE

EPC

MBA Stoke Mobile Border Agent

S1 Policing and Metering

MME

MBA MME

SGW

EPC

MBA

Audience Q&A

LTE Use Cases

Agenda

25

LTE Market Trends

4

LTE Pain Points

LTE Security Framework

Sponsor Approach

Conclusions

1 2 3 4 5 6

25

#VoLTE

7

In Summary

‣ Network security is of increasing importance and even so-called  “private”  networks  are  at  risk

‣ VoLTE offers new, unique challenges to operators

‣ Signaling storms have already caused costly outages

‣ Carriers need a dedicated security element to secure the RAN and protect the EPC

26

Audience Q&A

LTE Use Cases

Agenda

27

LTE Market Trends

4

LTE Pain Points

LTE Security Framework

Sponsor Approach

Conclusions

1 2 3 4 5 6

27

#VoLTE

7

Audience Q&A

28

JoAnne Emery Event Director joanne@infonetics.com Infonetics Research (Moderator)

Dilip Pillaipakam VP Product Management and Marketing dpillaipakam@stoke.com Stoke

Stéphane Téral Principal Analyst, Mobile Infrastructure and Carrier Economics stephane@infonetics.com Infonetics Research

#VoLTE

Thank You This webcast will be available on-demand for 90 days

For additional Infonetics events, visit https://www.infonetics.com/infonetics-events/

#VoLTE