4. Overarching Security risks in 4G LTE:
For purposes of this paper, the 4G LTE architecture model has been divided into the following network segments: user equipment (UE), Access, Evolved Packet Core (EPC)/Transport and Service network (Figure 3).
Figure 3: Basic LTE/SAE architecture
Key security threats/risks:
- Distributed network and open architecture
- Decentralised accountability for security
- Complex business models (IS/Service sharing)
- Minimising security spend
Distributed network & open Architecture: 4G LTE architecture brings with it an end to physically segregated networks owned and operated by a single MNO and the security that came with it. With legacy technologies, operators could enforce security policies on their own infrastructure, secure their perimeter and be reasonably confident that a subscriber while on their platform was protected. 4G LTE is an all IP based end to end deployment where seamless roaming with service continuity is offered to the end user. As a result, the MNO entrants to the LTE market, share security risks and threats as their respective infrastructures and services are now interconnected into one aggregated service providing network. Distributed network and open architectures enables weak security configurations on one device or interface provide the entry point to attackers looking to compromise the LTE network.
Complex business models with infrastructure (IS) and service sharing: LTE offers network sharing capabilities that present new business models for MNOs. Service could be offered to end customers by a virtual network operator, where one MNO owns the E-UTRAN while a different one owns the MMEs. Cost benefits will lead MNOs into various models of active infrastructure sharing arrangements with new revenue sharing business models. An example of such network sharing is the joint venture of rival Swedish operators Telenor and Tele2 called Net4Mobility where the radio network and certain part of the access network are shared. Ovum forecasts that by 2015, 30% of all LTE networks will involve some form of active network sharing [6] indicating that complex business models with LTE deployment are here to stay. These types of LTE arrangements bring with it challenges with ensuring consistent security configurations and security management across such virtual network operators. Multiple MNOs with varying security controls and standards interconnecting with shared pools of network elements pose a threat to security levels.
Decentralised accountability: MNOs wishing to present universal end to end security levels to subscribers will find it problematic that a single MNO does not have unilateral decision control over security parameters of the LTE networks and operations. For instance, security standards will vary with global roaming or choice of application, based on the security settings of the application service provider. This decentralised accountability and lack of overall control on security of the LTE service experience will be exacerbated as hosted and cloud services penetrate the marketplace creating new and complex operating models.
Minimising security spend: LTE operators are quickly deterred by the millions of dollars required for a full IPSec rollout alongside other security infrastructure deployments and look to cut corners and launch to market with the minimum requirements to provide service. There is significant disparity between network designs of large operators and smaller operators with limited resources. With LTE the interconnectedness of the network brings the security level of the overall architecture to the level of the least common denominator, lowering security thresholds.
Preventative measures:
- Interoperability standards
- Security audits with remediation commitments
- Strong partner agreement
- Security Budget
Interoperability standards: As legacy network architectures have been closed, interoperability with MNO peers were founded on implicit underlying trust, that each MNO would secure their own networks. With subscribers roaming on the LTE ecosystem, and the interconnectedness of legacy platforms, trusted and untrusted networks, it is imperative that MNOs set out interoperability standards and configurations to ensure the MNOs service, network and service promise to the subscriber is not compromised. For example encryption, latency or quality of service (QoS) specifications should be set out between peer operators in order to enable contiguous security and service levels.
Strong partner agreements: MNOs should set out security standards, policies including configuration requirements within their partner and peering arrangements. These agreements should particularly set out implementation of security infrastructure and configuration such as security gateways, security protocols, subscriber security parameters in vertical hand offs, QoS, key management, authentication, encryption, confidentiality and privacy policies. In addition, MNO’s should ensure that the set security measures are cascaded down to relevant 3rd party agreements, partner MNO’s may enter into.
Audits: Regular third party audits of partners should be set out in agreements to verify and enforce required security standards, policies and practices allowing for remediation and hardening as identified, in advance of potential security attacks.
Security Budgets: MNOs should allocate funds for security infrastructure and operations in their LTE deployment to ensure they meet their business objectives while minimising risks to levels acceptable to the MNO. The MNO must keep in mind legal and regulatory requirements for security and privacy while building out LTE networks and plan fund allocation accordingly. Since inadequate security measures have the potential to damage the MNOs business, it is prudent for the MNO to give security investment due consideration and priority.