The Mavenir RAN-Core security solution establishes and manages secure IPsec connections between the evolved packet core (EPC) and eNodeBs, including user, control plane and management plane traffic. Securing the RAN-core mobile access border provides protection from growing threats to LTE networks.
Growing Threats to LTE Networks
- Unauthorized Access. Untrusted backhaul and more physically accessible small cell sites can provide entry points for hackers. The S1 control and user planes are exposed to potential eNOdeB spoofing, traffic tampering and sniffing. Once access is compromised, hackers can capture sensitive user data or initiate denial of service attacks to the core network.
- Service Disruption from Signaling Surges. Unexpected signaling spikes, initiated by poorly configured, over-the-top applications, malicious hackers, or localized outages, are known to overload networks elements so severely that they have caused large-scale network outages. LTE’s flatter network architecture (without an RNC) exposes the Mobility Management Entity (MME) to these excessively high signaling surges, creating a cascading effect to other core network elements.
- Subscriber Privacy Breach. Even a single data breach has costly implications for operators. While direct costs such as discovery and remediation, regulatory response, legal fees, notification, marketing, PR and increased call center volumes are expensive, they are short term and quantifiable. The loss of subscriber confidence and trust, given the intensely competitive mobile environment, can have much greater, far reaching consequences. These include long term damage to operator brand and reputation, reduced take-up of new services or significant loss of subscribers.
Secure A Competitive Edge
Utilizing the Mavenir Security eXchange deployed on the SSX-3000 platform, a purpose-built, stand-alone platform that delivers line rate IPsec, operators can encrypt every bit traversing their network, including control plane, user plane, and management plane traffic, without compromising network performance. The Mobile Border Agent feature adds further EPC protection by monitoring signaling load and applying traffic shaping policies or even blacklisting to mitigate overload threats. Strong authentication mechanisms include Internet Key Exchange (IKE) and support for certificates up to 2048-bit key length.
There is huge demand for high-speed mobile data services on attractive mobile devices. The faster the network, the more usage these networks will see. Mobile network operators that approach LTE security with a view to handle this constantly growing and unpredictable traffic load will be in the best position to ensure profitable growth.