© 2015 Mavenir Systems Page |
NYSE:MVNR ©2014 Mavenir Systems
Small Cells Security Overcoming Deployment Challenges
© 2015 Mavenir Systems Page |
5.1% of global GDP
by 2020 - GSMA
50X Increase in DDoS
Attack Size in Past Decade
It’s not my phone, It’s my Life!
Trends: Risks and Threats Growing
• Mobile is a crucial personal, business and economic driver.
• The threat landscape is growing stronger with more frequent attacks.
18/03/2015 2
Arbor Networks
© 2015 Mavenir Systems Page |
Trend: Increased Focus on RAN-Core Border
18/03/2015 3
• Increased volume and diversity of endpoints / cell sites
• RAN-Core encryption is mandatory
• Untrusted backhaul Network
• Security Gateway (SEG) is a must have
• Stronger authentication needed Ran-Core
Border
MME
SGW S1-U
S1-C
LTE RAN
Shared RAN
Macrocells
Small Cells
EPC
3G RAN
Hetnets
SEG
© 2015 Mavenir Systems Page |
IEEE, Security Analysis of Handover Key Management in 4G LTE/SAE Networks, http://www.computer.org/csdl/trans/tm/2014/02/ttm2014020457-abs.html
SEG Requirements for Small Cell Deployments
• Very High Session Density • Signaling and Data Storm Mitigation • Management and Provisioning Ease • Low Latency • Rapid Failover
50k Macrocells
3M Endpoints
18/03/2015 4
© 2015 Mavenir Systems Page |
Stronger Authentication and Encryption
• Carriers moving to certificates for stronger authentication
• Shorter rekeying timers for more secure encryption (Rapid Rekeying)
• Longer key sizes (1024 or 2048 bit key)
MME
SGW
SEG
LTE RAN
Macrocells
Small Cells
Certificate Authority
18/03/2015 5
© 2015 Mavenir Systems Page |
S1, IKE, SCTP Shaping
Core
Signaling Overload Control • D-DOS like storms will be quite common due to sheer number of end points
– Power outages – Natural disasters – Misbehaving smartphone apps and Misconfigured/rogue small cells
• Security Gateway • Admission control and
traffic management – Multiple levels of
protections – IKE, SCTP level and S1
level shaping and policing
SEG
18/03/2015 6
© 2015 Mavenir Systems Page |
Operator Use Case
18/03/2015 7
Small Cells
Office
Home
• Popular Android app synched with server at same time • Created Signaling Overload to MME • EPC / MME Protection and Traffic Prioritization needed
4G LTE EPC Millions of
Service Requests
Application Update Server
MME
SGW
© 2015 Mavenir Systems Page |
Provisioning and Management Ease
• Bootstrapping of femto cells – Factory-default PSK – SEG bootstraps the
HeNBs – Automated certificate
management
• Intelligent Load Balancing – Across SEGs /IKEv2
redirect
IKE Load balancer
IKE/IPsec
SEG
SEG
SEG
18/03/2015 8
© 2015 Mavenir Systems Page |
Mavenir Security Gateway
• Live, Tier 1 Deployments
• RAN Agnostic
• Micro Second Latency
• Ultra-Fast Encryption
• High Session Density
• Software Only
• ATCA Integrated
• SSX 3000 Platform
LTE Security and EPC Protection
Commercially Proven Interoperability
Seamless Small Cell Integration
18/03/2015 9
© 2015 Mavenir Systems Page |
Summary: Fully Protect Operator Investments
“…52% of consumers would switch providers after a major data
breach…”
Information Age, 2/2014
“Lost revenues, downtime
and the cost of restoring systems can
accrue at the rate of $50,000 per
minute for a minor disruption”
Forbes Insight, “The Reputational Impact of IT Risk
18/03/2015 10
Top Related