1 / 17

Feasibility to use enterprise class security products as LTE Evolved Packet Core Security Gateway

Feasibility to use enterprise class security products as LTE Evolved Packet Core Security Gateway. Mikko Salomaa Master’s Thesis Presentation Aalto University 10.05.2010. Mikko Salomaa. Agenda. 1. 2. 3. 4. Introduction. Long Term Evolution. Requirements for the SeGW. Conclusions.

kaveri
Télécharger la présentation

Feasibility to use enterprise class security products as LTE Evolved Packet Core Security Gateway

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Feasibility to use enterprise class security products as LTE Evolved Packet Core Security Gateway Mikko Salomaa Master’s Thesis Presentation Aalto University 10.05.2010 Mikko Salomaa

  2. Agenda 1 2 3 4 Introduction Long Term Evolution Requirements for the SeGW Conclusions

  3. Introduction • Mobile operators are in constant pressure to provide more capacity and services for their customers • Price that customers are willing to pay for the transferred data is constantly decreasing

  4. Introduction • Operators need to decouple the direct linkage between increasing capacity and growing cost to build the networks

  5. Introduction • To address these concerns 3GPP has defined LTE to provide all-IP network with flatter architecture. • Simplified network architecture together with standard interfaces and less protocols should decrease the cost of building networks. • As the LTE network is based on all-IP architecture, the network is exposed to similar security threats as more traditional IP networks • similar counter measures need to be applied

  6. Introduction • This thesis work will study if it is feasible to use enterprise class security products as LTE Security Gateway to address above mentioned cost and security challenges? • Thesis is conducted by investigating the requirements for the security gateway, assessing the offering currently in the market and by conducting interviews with experts on the field.

  7. Agenda 1 2 3 4 Introduction Long Term Evolution Requirements for SeGW Conclusions

  8. Long Term Evolution Goals • Significantly increased peak data rate • data rate of 100 Mbit/s on the downlink and 50 Mbit/s on the uplink in a 20 MHz channel • Improved user throughput • the user throughput should be improved by a factor of 3 and 2 for the downlink and uplink respectively • Improved data rate at cell edge • data rate at cell edge should be improved by a factor of 2 to make higher data rates available with wide-area coverage without the need for additional cell sites • Improved spectrum efficiency • Scalable bandwidth • 1.25, 1.6 (TDD only), 2.5, 5, 10, 15 or 20 MHz channels, dependent on the data rate needed by the user; • Compatibility with earlier releases and with other systems • Compatibility with other 3GPP and non 3GPP technologies

  9. LTE architecture (simplified)

  10. LTE Architecture components • eNodeB • LTEs enhanced base station. Takes care of radio resource management and IP traffic • Serving gateway (SGW) • Manages user-plane mobility and act as a demarcation point between the RAN and core networks • Mobility Management Entity (MME) • MME performs signaling and control functions to manage the User Equipment (UE) access to network connections • Packet Data Network Gateway (PDNGW) • PDNGW is termination point of the packet data interface towards the Packet Data Networks

  11. Agenda 1 3 2 4 Introduction Long Term Evolution Requirements for SeGW Conclusions

  12. Requirement for Security Gateway (SeGW) • Terminates IPSec tunnels from eNBs • Provides firewall functionality to protect Enhanced Packet Core from malicious attacks • Can potentially provide Internet traffic off-loading • Can be located on the border of packet core network or acts as aggregation point closer to base stations

  13. Identified Critical Requirements for SecGW • Scalability • Protocol support • IPv6, IKEv2, SCEP, RTSP, GTP • Performance requirements • Throughput • Concurrent sessions • Connection rate • Latency • Traffic profile • Deep Packet Inspection • Certification requirements • NEBS, Common criteria • Product lifecycle demands

  14. Requirements for SeGW • Clear challenges with Telco expectations and offering from the IP world • Still, more ”commodity” products are needed to run the cost of network down

  15. Agenda 1 4 2 3 Introduction Long Term Evolution Requirements for SecGW Conclusions

  16. Conclusions • Available options for implementing the Security gateway functionality • Neglect / minimal security functionality • Minimal investment • High risk and potential cost associated • Rely on the network element vendors integrated solutions • Can become bottleneck • Challenge with zero day attacks • Locked on a single vendor • Utilize security solutions existing in the enterprise market • More modular • More cost effective • Additional developement usually required • Adds OPEX

  17. Thank you!

More Related