!SenzaFili RAN-EPCSecurity 130213v1

11
White paper Radio-to-core protection in LTE Radio-to-core protection in LTE The widening role of the security gateway Monica Paolini Senza Fili Consulting SENZA CONSULTING

description

LTE security

Transcript of !SenzaFili RAN-EPCSecurity 130213v1

  • White paper Radio-to-core protection in LTE

    Radio-to-core protection in LTE The widening role of the security gateway

    Monica Paolini Senza Fili Consulting

    SENZA

    CONSULTING

  • White paper Radio-to-core protection in LTE

    2013 Senza Fili Consulting www.senzafiliconsulting.com |1|

    1. Introduction Protecting the LTE radio-to-core link

    LTE ushers in mobile networks that have a more flexible and less hierarchical framework, higher performance and richer functionality.

    But it also increases the porosity of the mobile network and its vulnerability to malicious attacks and accidental traffic disruption.

    Security has become a hot topic among LTE operators. While the attention focuses almost exclusively on mobile devices, they are far

    from being the only targets for attack and entry points to mobile networks. Attacks can be launched from the internet as well as from

    roaming and MVNO partners.

    Unauthorized access to the network may come from infrastructure elements such as the eNB. Adoption of small and femto cells,

    which are easier to access than traditional macro cells are, further increases the vulnerability of the network. If left unprotected, the

    RAN-to-core link offers another route that can cause disruption in mobile networks.

    To avoid congestion or service interruption, and provide a consistent QoE to their subscribers, mobile operators have to protect their

    entire networks devices, base stations or femto cells, backhaul links, and the core network against abnormal traffic flows that may

    stem from intentional attacks (e.g., malware), unintended events (e.g., configuration errors), or unusual but legitimate traffic spikes

    (e.g., during a sports event), and may result in spikes both in the

    control plane (signaling floods) and in the data plane (RAN

    congestion). In the context of end-to-end network protection,

    securing the radio-to-core link is of crucial importance to

    ensuring the overall security in mobile networks.

    In this paper we focus on the security and protection of the

    radio-to-core link, and discuss how the strategically located

    security gateway (SeGW) enables operators to meet their

    performance, reliability and service requirements as they go

    through three distinct, but often overlapping, phases in their LTE

    deployments:

    Launch: initial phase with limited adoption and coverage.

    Growth: full network buildout, with increase in coverage,

    traffic load and subscriber adoption.

    Advanced services: addition of VoLTE and RCS, introduction

    of advanced policy functionality, expansion of Wi-Fi offload,

    and small-cell deployments.

    LTE radio-to-core protection: The evolution of the security gateway

    IPsec and SeGWs are the dominant solution, endorsed by 3GPP, to protect the LTE radio-to-core link.

    SeGWs role has started to expand beyond security. It protects the network against sudden and unexpected surges in signaling and user data traffic, whether the result of malicious attack, configuration error, or spikes in subscriber activity.

    Scalability, multi-vendor interoperability and low latency are required in the SeGW to support LTE networks as they evolve from the initial launch to a mature phase marked by higher traffic loads and the introduction of advanced services.

  • White paper Radio-to-core protection in LTE

    2013 Senza Fili Consulting www.senzafiliconsulting.com |2|

    2. Security, scale and aggregation The role of the security gateway (SeGW)

    Radio-to-core link protection requires a dedicated effort. 3GPP standards make a strong case for the adoption of IPsec encryption and

    mutual authentication of the radio-to-core link to secure the link between the eNB and the MME, and recommend IPsec in untrusted

    links.1 Initially mobile operators have been cautious in the adoption of IPsec because of the additional cost, overhead (estimated to be

    14% by NGMN2) and complexity it entails, but there is an emerging consensus among operators that IPsec is needed to secure

    untrusted sites and is highly desirable even in trusted sites. To date, severe security breaches and network disruption have been

    infrequent, but they carry high costs because they may encourage churn, shrink revenues and damage the operators brand

    reputation.

    As defined by 3GPP, the SeGW terminates the IPsec tunnel at the mobile core edge, and hence provides for the encryption and

    decryption of IPsec traffic, and for mutual authentication with eNBs in the RAN. The SeGW is inserted at the edge of the core network

    to secure the S1-MME and S1-U traffic from eNBs, aggregate it, and then forward it to the MME and SGW (Figure 1), protecting the

    network from man-in-the-middle attacks. The SeGW can also carry the control-plane X2 interface among eNBs to coordinate

    transmission in the RAN.

    The IPsec tunnel that is initiated at the eNB can be terminated directly at the MME and SGW. This approach, however, can result in

    higher costs and less efficient network utilization, because IPsec termination is a computationally intensive function for which the

    MME and the SGW are not designed and optimized. Without a SeGW, IPsec termination may overload these elements and, to

    prevent this, operators have to invest in additional processing capacity.

    Figure 1. The SeGW position within an LTE network. Source: Senza Fili

    1. 3GPP TR 33.401, 3GPP System Architecture Evolution (SAE): Security Architecture, 2012. The decision of whether the radio-to-core link is trusted is left to the mobile operator, because it is tied to the operators internal criteria, which typically include factors such as control over the physical site where the eNB is located and over the backhaul link (i.e., use of the operators own backhaul infrastructure versus third-party leased links), security level at the cell site, sharing of network components with other mobile or fixed networks, and regulatory requirements. 2. NGMN, Small Cell Backhaul Requirements, 2012.

  • White paper Radio-to-core protection in LTE

    2013 Senza Fili Consulting www.senzafiliconsulting.com |3|

    Figure 2. Sources and impact of unexpected data and signaling traffic overload on network performance. Source: Senza Fili

    The SeGW was initially developed to provide the scalability and performance needed to meet operators radio-to-core security

    requirements, but its strategic position on the border between the RAN and the core network makes it the ideal candidate to

    aggregate traffic directed to the core and hence to provide functionality that goes beyond enabling efficient IPsec encryption and

    mutual authentication. The edge of the core is an ideal place to monitor incoming traffic from the RAN and to identify and manage

    suspicious or unexpectedly high traffic flows, in both the control plane (signaling) and the user plane (data traffic), that may disrupt

    network access and service availability. In doing so, the SeGW reduces the capacity requirements on the MME and SGW that would

    otherwise have to process all the traffic from the RAN. The SeGW gives operators a valuable vantage point from which to gain

    visibility into the combined control and user plane traffic, before it gets segregated in the MME and SGW, respectively. In addition,

    the SeGW facilitates IPsec implementation in multi-vendor deployments, because it can provide full interoperability across elements

    from different vendors.

    The role of the SeGW in filtering incoming traffic is not limited to the identification and management of intentional malicious attacks;

    it includes many other types of anomalous traffic (Figure 2). Some occasional traffic spikes are subscriber-driven, occurring, for

    example, as a result of weather disruption, highway accidents, or planned events such as concerts or games where many people

    congregate. While this traffic is entirely legitimate, the network may not have sufficient capacity to manage and transport it, and

    service availability may be partially or completely compromised as a result. Signaling traffic overload can also be generated

    unintentionally by erroneous configuration settings or other software malfunctions in the UE applications or OSs or in other network

    elements. This type of traffic is not malicious, but it is unexpected and can have the same impact as user-driven traffic spikes.

    In both cases user-plane traffic overload and control-plane traffic overload a scalable SeGW can recognize and manage unusually

    high traffic levels and protect the network in real time, before the traffic hits the core network in the MME or SGW, in order to

    contain or prevent disruption.

    The disruption can be brought on innocently by traffic overload in either signaling or data. Signaling overload may cause congestion in

    the MME or other core elements such as the HSS, and lead to access or service denial even if there is sufficient capacity in the data

    plane to satisfy access and service requests. In this situation, signaling overload prevents efficient utilization of network resources.

    User-plane traffic overload has a similar impact on subscriber experience (i.e., disruption of service), but, unlike signaling overload, it is

  • White paper Radio-to-core protection in LTE

    2013 Senza Fili Consulting www.senzafiliconsulting.com |4|

    typically driven by limited availability of RAN resources i.e., there are more users demanding access than the network has capacity

    to support.

    The capability of the SeGW to detect and manage unexpected traffic patterns malicious or not is both necessary and

    advantageous. Regardless of the cause, unusually intense traffic flows can severely compromise network and service availability. The

    disruption may be limited to one or a few eNBs or have a wider impact on the network. It may affect only a subset of subscribers who

    cannot get access or use some services, or it may entirely shut down parts of the network.

    3. The evolution of security and protection requirements Three phases in LTE deployments

    As mobile operators roll out their networks, their requirements for performance, security and traffic load evolve (Figure 3). During the

    initial launch stage, the focus is on basic functionality and reliability. As the number of subscribers grows, scalability becomes a top

    priority. As network utilization grows, it keeps evolving too, with mobile operators introducing advanced functionality and support for

    new services. Each operator moves at its own pace across the stages, and may see some overlap across stages, but the trend toward

    more stringent requirements has to be kept in mind from the start, when setting the course for network deployment.

    Figure 3. Radio-to-core protection during three phases in LTE deployments. Source: Senza Fili

  • White paper Radio-to-core protection in LTE

    2013 Senza Fili Consulting www.senzafiliconsulting.com |5|

    3.1. Balancing security and performance Phase 1: The initial stage of LTE deployment

    During the initial stage of LTE deplyoments, operators initially require only basic security IPsec with encryption and mutual

    authentication but the decisions they make have a long-lasting impact along several dimensions:

    Where and how should the operator deploy IPsec?

    The first decision for mobile operators is to choose whether to deploy IPsec across all their sites, or only in untrusted sites. An

    increasing number of operators are choosing to deploy IPsec across both trusted and untrusted sites as they recognize that even

    trusted sites can become targets of security threats. A decision to integrate IPsec in trusted sites at a later stage may increase

    deployment costs and complexity.

    Should SeGWs be deployed in a distributed architecture or a centralized one?

    The choice between a distributed (SeGW closer to the eNB) or centralized (SeGW closer to the core) architecture is tied to

    multiple factors, which include the overall network architecture strategy, the services it supports, the backhaul infrastructure,

    and the distribution of subscribers within the footprint. For instance, an operator that chooses an approach with MME and SGW

    distributed across the footprint, to minimize latency in order to support services such as VoLTE, will have to deploy SeGW closer

    to the eNB. Alternatively, an operator may have a centralized EPC but choose to have a distributed SeGW architecture

    throughout the footprint, or in some areas. A distributed SeGW architecture provides more flexibility and lower latency for the

    eNBtoeNB X2 interface. A centralized architecture requires fewer but higher-capacity SeGWs, and more redundancy options.

    What are the capacity and performance assumptions that need to made when selecting the SeGW?

    A scalable solution is required to accommodate the growing traffic load originating from wider network coverage, a growing

    number of subscribers with LTE devices, and higher per-subscriber traffic usage. However, operators have to dimension their

    initial deployment on the basis of traffic growth that is inherently difficult to predict. The trend toward sustained and steep traffic

    growth continues unabated, but the future pace and volume are not known. Operators still need, though, to find a good initial

    balance to avoid overcommitment or insufficient capacity.

    Concurrently, high traffic loads raise performance requirements even further. A low packet-processing rate in encrypting and

    decrypting data can turn the SeGW into a bottleneck, unable to process control-plane and user-plane traffic, or to do so at the

    required latency, and more vulnerable to denial of service attacks. The disruption from overloaded SeGWs eventually spreads

    from the core to the RAN, which in turn becomes unable to address services requests and hence to use the available capacity,

    leading to inefficiencies in the use of precious and limited radio resources. A high packet-per-second processing rate in the SeGW

    can reduce overall network capex and opex because it is conducive to a higher RAN utilization. The introduction of a SeGW may

    also reduce the capacity requirements on the MME and SGW, leading to capex and opex savings in the core network.

    What are the interoperability requirements to ensure smooth integration across vendors?

    The SeGW has to be smoothly integrated within the existing infrastructure on both the RAN and the core sides, and it must be

    interoperable with equipment from the vendors that the operator has selected. Interoperability requirements on the eNB side

    are stricter, because the eNB initiates the IPsec channel that the SeGW terminates. Although the interfaces are based on

    standards, vendor-specific implementations are often not fully interoperable with each other. As operators look to multi-vendor

    RANs and shared-infrastructure partnerships, interoperability acquires more prominence as the basis for a reliable user

    experience and lower costs. SeGW interoperability has to be established with all the vendors involved on both the RAN and

  • White paper Radio-to-core protection in LTE

    2013 Senza Fili Consulting www.senzafiliconsulting.com |6|

    core sides. Although establishing interoperability may initially be time-consuming for both vendors and operators, in the long

    term it lowers the risk of vendor lock-in and gives operators more freedom in choosing their RAN vendors.

    The initial stage in deploying a mobile network is hectic. Operators have to balance multiple performance requirements and deadlines

    against funding availability. But choosing scalable and future-proof solutions at this stage, while avoiding over-engineering, is crucial

    to a smooth long-term expansion of the network without expensive and disruptive upgrades.

    3.2. Taking LTE mainstream Phase 2: Traffic growth and network expansion

    As subscribers move to LTE smartphones and discover that with faster networks they can do more, not only is the number of

    subscribers on LTE networks growing, but so is the traffic per subscriber. The growth in network traffic load is difficult to predict as

    usage patterns, charging models, and device mixes continue to evolve. Operators need flexibility to adapt to rapidly changing capacity

    requirements. The first operators to launch LTE networks, having now entered the second phase, face the challenges of managing and

    protecting traffic in an environment of accelerated expansion of coverage and capacity requirements.

    In January 2013, Verizon reported that LTE now accounts for 50% of traffic in its network and 23% of subscribers suggesting that LTE

    subscribers are much heavier data users than their 3G counterparts. At the same time, coverage has gone up to include 89% of the

    network footprint. In Japan, NTT DOCOMOs LTE network covers 75% of the population with 23,000 base stations and serves 10% of

    subscribers. More than 20% of its subscribers use more than 3GB per month each, twice as many subscribers as a year ago.

    The challenges in managing the increased traffic load are intensified by the trend of the past few years toward more complex and

    unpredictable traffic flows, which are due to the convergence of multiple factors:

    Ecosystem fragmentation increases the likelihood of abnormal and unexpected traffic overload that may be caused by

    application or software updates, or by malware introduced by applications (especially if not downloaded from trusted stores that

    check application integrity).

    Heavier use of real-time applications such as video and audio streaming, gaming, and voice creates more stringent requirements

    for latency and QoS-based access.

    A higher number of applications per device drives up the background signaling activity due to frequent update requests from

    applications especially those for chatty apps such as social networking and communications, which require frequent checks

    for updates.

    Mobile networks have become more attractive targets for hackers and hacktivists. Malicious attacks are on the rise, and their

    growth is likely to accelerate. While most of the attacks now use UEs as the entry point, other vulnerable elements in mobile

    networks are likely to be more widely targeted in the future.

    The increase in traffic affects both the control plane and the user plane, with the expectation that growth in the control plane will

    exceed that in the user plane by 30% to 50%, according to 4G Americas3. In Canada, Telus reports an increase in signaling traffic of

    2,700% during a period in which data traffic doubled4.

    3. 4G Americas, New Wireless Broadband Applications and Devices: Understanding the Impact on Networks, 2012. 4. http://www.cartt.ca/news/13804/Cable-Telecom/IEEE-Traffic-tsunami-causing-congestion-in-wireless-nets-says-Telus-Spadotto.html

  • White paper Radio-to-core protection in LTE

    2013 Senza Fili Consulting www.senzafiliconsulting.com |7|

    While LTE has a more efficient control plane than 3G, generating a lower signaling load for the same user-plane load, the network-

    wide volume of signaling traffic will continue to increase due to increased use per mobile device, as subscribers rely on them for a

    larger number of services and applications which they use more frequently. Frequent connection requests and transmission in smaller

    packet sizes result from chatty apps, VoLTE, advertisements, and, generally, a higher number of applications installed in mobile

    devices.

    Growth in user data and signaling traffic, and wider coverage, create the need to expand the capacity of the radio-to-core link and of

    its terminating point in the SeGW. In both cases, it is crucial that the solution adopted during the initial phase scale smoothly to meet

    the new requirements, retaining the same performance level and having a comparable impact on capex and opex.

    The growth and expansion stage in LTE entails a difficult balancing act for mobile operators caught between the need to improve

    performance and capacity, on the one hand, and adhering to high security and reliability standards, on the other all in an

    environment where subscribers are eager to increase their use of their mobile plans, but resist paying more for them. As a result,

    mobile operators need a flexible and incremental expansion process that enables them to gradually expand the SeGW capacity in line

    with the traffic growth, and to avoid expensive solution upgrades or the integration of new ones.

    3.3. New requirements, new functionality Phase 3: LTE evolution

    As data traffic and subscribers move to LTE, operators need to do more than increase their capacity. They have to continue to

    innovate and expand the functionality and services offered. Change will affect different areas and impact network protection in

    multiple ways.

    In the RAN, the wider use of small cells, femto cells and Wi-Fi to offload traffic from overloaded macro cells introduces a much more

    complex network topology, with overlapping layers, higher levels of interference, and a higher density of elements. Mobility

    management, interference mitigation, and traffic coordination among RAN layers increase the traffic requirements especially on the

    signaling side. The introduction of traffic management techniques such as COMP and eICIC require a low latency on the X2 interface

    and the backhaul. The widening adoption of small cells and femto cells increases the vulnerability of mobile networks to malicious

    attacks by adding a large number of RAN elements with largely unprotected physical access, driving the need for the robust mutual

    authentication that IPsec provides.

    From a device perspective, M2M devices, many of which may be unattended and not tightly monitored, present an entirely new set

    of security challenges that have not yet been fully explored or tested. Most M2M devices operate without physical human

    supervision and can be easily located, especially if they are not mobile. This makes them more vulnerable to physical malicious access

    and hence to attacks targeting the mobile network or the networks of the operators customers. While in most cases M2M devices

    will generate low traffic volumes, the need for frequent reports or status checks is likely to disproportionately increase the signaling

    load over the user-data load, increasing the capacity requirements in the control plane.

    The introduction of VoLTE, RCS, gaming and video services creates tighter latency requirements across the network, and it is crucial

    that the radio-to-core link not become a latency bottleneck. The processing rate and capacity at the SeGW have to be sufficiently high

    to keep latency low. In addition, traffic prioritization, traffic shaping and load balancing in the SeGW may also enable operators to

    preserve the QoE for applications with low latency requirements.

  • White paper Radio-to-core protection in LTE

    2013 Senza Fili Consulting www.senzafiliconsulting.com |8|

    Furthermore, real-time applications such as VoLTE or video streaming impose a particular challenge because they use small packets

    and hence more processing has to be done at the SeGW to transport the same volume of user-plane traffic. Effectively, these

    applications increase the capacity load on the SeGW, and fast packet processing for encryption and decryption is essential to minimize

    the adverse impact of small-packet traffic on overall network utilization and performance.

    Finally, the wider adoption of shared RAN and backhaul infrastructure among operators, and of third-party backhaul solutions that

    accompany the increased penetration of small cells and femto cells, raises the percentage of untrusted sites in which the IPsec

    protection is a de facto requirement. That will put additional pressure on mobile operators to select IPsec and SeGW solutions that

    scale smoothly.

    RANs with a higher density and variety of elements create a much more demanding interoperability environment, in which the SeGW

    has to interoperate with an expanding array of equipment solutions and vendors. In the case of infrastructure sharing, RAN

    equipment is selected and operated by different entities over which the mobile operator has no control. The capability of the SeGW

    to adapt to these inherently complex RAN topologies is vital for operators that rely on infrastructure sharing arrangements to contain

    costs and optimize network utilization.

    To ensure reliable performance, operators need to see more deeply into how the network manages traffic so they can correct

    problems in real time as they arise. Tracking key performance metrics at the S1 and X2 interfaces e.g., handoffs and attach

    completion time, and dropped packets ensures reliable performance for real-time applications such as VoLTE, and efficient mobility

    management in the RAN.

    A future-proof radio-to-core SeGW has to scale to include support for a wider range and higher density of RAN elements and mobile

    devices, as well as cope with a higher percentage of untrusted sites, emerging security threats, and an increasingly demanding and

    diverse traffic mix. As operators move to the third phase, the SeGW continues to perform its basic task in protecting the radio-to-core

    link, but it also has to provide the processing power, latency, and traffic optimization needed to support new services, as well as the

    scalability and interoperability required to operate in more complex environments.

    4. Conclusions Protecting LTE networks during growth and evolution

    Security and, more generally, network protection from unexpected high-traffic events has gained a higher priority status in LTE as

    mobile networks become easier and more attractive targets for malicious attacks, and more vulnerable to signaling and data traffic

    overload that can disrupt or completely block network access. Within the context of LTE security, the radio-to-core link has to be

    protected to ensure end-to-end network security. IPsec has emerged as the de facto standard to secure the radio-to-core link. The

    SeGW is a crucial enabler to provide the scalability, processing and aggregation capabilities, the performance, and the functionality to

    support IPsec.

    IPsec with the support of a SeGW at the mobile core edge is the solution that 3GPP strongly recommends and that operators

    worldwide have started to deploy in most of their new LTE networks. But they face multiple choices on how to deploy IPsec and

  • White paper Radio-to-core protection in LTE

    2013 Senza Fili Consulting www.senzafiliconsulting.com |9|

    SeGWs in terms of topology, performance, cost and functionality as they move through the three phases launch, growth, advanced

    services from their initial LTE launches to more mature and heavily used networks.

    At launch, what matters most to operators is the basic functionality of the SeGW in terminating the IPsec tunnel and providing mutual

    authentication with the eNB. As traffic grows and new services are introduced, the functionality of the SeGW is slated to evolve and

    expand. The position of the SeGW between the RAN and the EPC is ideal to support functions that go beyond protection from

    malicious attacks, to include management of control-plane and user-plane traffic overload, coordination of RAN mobility, and traffic

    flow optimization.

    A scalable solution that allows mobile operators to smoothly evolve to meet their anticipated and unanticipated radio-to-core

    requirements is crucial to maintaining performance and cost and keeping the risks (and costs) of disruption to a minimum, without

    compromising the safety and integrity of their networks.

    5. Glossary

    2G Second generation

    3G Third generation

    3GPP Third Generation Partnership Project

    COMP Coordinated multipoint

    eICIC Enhanced inter-cell interference coordination

    eNB eNodeB

    EPC Evolved packet core

    Gx Interface between the PCRF and the PGW

    Gy Interface between the PGW and the OCS

    HSS Home subscriber server

    IP Internet protocol

    IPsec IP security

    LTE Long term evolution

    LTE-Uu Interface between the UE and the eNB

    M2M Machine to machine

    MME Mobility management entity

    MNO Mobile network operator

    MVNO Mobile virtual network operator

    NGMN Next Generation Mobile Networks [Alliance]

    OCS Online charging system

    OS Operating system

    PCRF Policy and charging rules function

    PGW Packet gateway

    QoE Quality of experience

    QoS Quality of service

    RAN Radio access network

    RCS Rich communication services

    S1 LTE interface between an eNB, and an MME (S1-MME, control plane) or an SGW (S1-U, user plane)

    S11 Interface between the MME and the SGW

    S5/8 Interface between the SGW and the PGW

    S6a Interface between the MME and the HSS

    SeGW Security gateway

    SGi LTE interface between the PGW and the internet

    SGW Serving gateway

    Sp Interface between the HSS and PCRF

    UE User equipment

    VoLTE Voice over LTE

    X2 LTE interface between two eNBs, including X2-C (control plane) and X2-U (user plane)

  • White paper Radio-to-core protection in LTE

    2013 Senza Fili Consulting, LLC. All rights reserved. This white paper was prepared on behalf of Stoke Inc. The views and statements expressed in this document are those of Senza Fili Consulting LLC, and they should not be inferred to reflect the position of Stoke Inc. The

    document can be distributed only in its integral form and acknowledging the source. No selection of this material may be copied, photocopied,

    or duplicated in any form or by any means, or redistributed without express written permission from Senza Fili Consulting. While the document

    is based upon information that we consider accurate and reliable, Senza Fili Consulting makes no warranty, express or implied, as to the

    accuracy of the information in this document. Senza Fili Consulting assumes no liability for any damage or loss arising from reliance on this information. Trademarks mentioned in this document are property of their respective owners. Cover page photo by Gui Jun Peng/Shutterstock.

    About Stoke

    Stoke provides market-proven mobile gateway solutions to the broadband network industry. Stoke products have been chosen by Tier 1 mobile network operators for technical excellence and high quality manufacturing and partners with leading industry equipment providers and systems integrators to provide key elements of their solutions. Stoke is the industry leader in deployed LTE security gateways and offers extensive commercial experience developing, deploying and maintaining LTE security gateway equipment in a top tier LTE network. Stoke products and solutions, based on the innovative SSX platform, provide a strong business value to network operators. For more information, visit www.stoke.com.

    About Senza Fili

    Senza Fili provides advisory support on wireless data technologies and services. At Senza Fili we have in-depth expertise in financial modeling, market forecasts and research, white paper preparation, business plan support, RFP preparation and management, due diligence, and training. Our client base is international and spans the entire value chain: clients include wireline, fixed wireless and mobile operators, enterprises and other vertical players, vendors, system integrators, investors, regulators, and industry associations.

    We provide a bridge between technologies and services, helping our clients assess established and emerging technologies, leverage these technologies to support new or existing services, and build solid, profitable business models. Independent advice, a strong quantitative orientation, and an international perspective are the hallmarks of our work. For additional information, visit www.senzafiliconsulting.com or contact us at [email protected] or +1 425 657 4991.

    About the author

    Monica Paolini is the founder and president of Senza Fili. Monica writes extensively on the trends, technological innovation, and financial drivers in the wireless industry in reports, white papers, blogs, and articles. At Senza Fili, she assists vendors in gaining a better understanding of the service provider and end user markets. She works alongside service providers in developing wireless data strategies, and in assessing the demand for wireless services. Independent advice, a strong quantitative approach, and an international perspective are the hallmarks of her work.

    Monica has a PhD in Cognitive Science from the University of California, San Diego, an MBA from the University of Oxford, and a BA/MA in Philosophy from the University of Bologna (Italy). She can be contacted at [email protected].

    SENZA

    CONSULTING