4G LTE Security for Mobile Network Operators

Photo Credit: U.S. Army

Posted: February 10, 2016 | By: Daksha Bhasker

7. Evolved Packet Core (EPC)/Transport:

The EPC (Figure 3) is the core of the LTE network that manages user authentication, access authorisation and accounting (AAA), IP address allocation, mobility related signalling, charging, QoS and security.

Key Security threats/risks:

  • Unauthorised access
  • DoS and DDoS attacks
  • Overbilling attacks (IP address hijacking, IP spoofing)

Unauthorised access: MNOs must interconnect their authentication systems to allow subscribers to access the internet even when roaming. Untrusted roaming devices need to connect to the MNOs’ LTE network to enable service continuity while roaming. The network operator remains responsible for the security of the data that has traversed the access securely entering the network core. Unless specifically designed by the MNO and security protocols enabled, (IPSec, IKE, EAP/TLS), neither the control traffic nor the data traffic is encrypted nor integrity protected between the EUTRAN and the EPC [14]. This leaves the traffic vulnerable to listening or modification should this segment of the network be hacked into or an attacker gain unauthorised access.

DoS and DDoS attacks:  In January 2012, NTT DoCoMo experienced a signalling flood caused by a VoIP application running on Android phones that disrupted network access leaving 2.5 million subscribers out of service for over four hours. [15] According to Nokia, the signalling requirements between the EUTRAN and the EPC in the 4G architecture is about 40% higher per LTE subscriber than 3G networks.  Since the LTE architecture is flat, all the signalling traffic generated at the EUTRAN flows to the MME. If the signalling load either benign or malicious exceeds the provisioned capacity of the MME, then service may be compromised. This in essence, is a vulnerability that can be targeted for DoS attacks

Overbilling attacks (IP address hijacking, IP spoofing): The all IP network bring with it IP related security threats such as IP address hijacking, spoofing, packet injection and the like into the LTE networks.  An attacker can hijack the IP address of a legal subscriber when the IP address in being returned to the IP pool and take control of it. The attacker then utilises the LTE data services at the expense of the subscriber [16]. Alternately when an IP address is reassigned to another subscriber overbilling attack can occur. [16]

Preventative measures:

  • Security Architecture: VPNs, VLANs
  • Encryption, IKE/ IPSec
  • Network monitoring, management and load balancing

Security Architecture: In order to address IP based vulnerabilities 3GPP recommends the use of IPSec [17]. The final deployment decision to apply IPSec to either control traffic, user traffic or both resides with the MNO. The next generation mobile network alliance (NGMN) recommends the use of VPNs to secure transmission in the core [14]. As well, the use of VLANs for network and traffic segregation as a security measure is suggested. This would isolate signalling traffic to specific network zones or paths as defined by the VLAN [14] [18]. These measures would limit damage done by attackers by unauthorised access, eavesdropping, spoofing and other attacks.

Encryption IKE/IPSec: 3GPP recommend the inclusion of IKE/IPSec for authorization, authentication, integrity and confidentiality protection. [17]. Both the aforementioned measures will offer a certain degrees of protection against IP based attacks and can deter overbilling attacks.

Network monitoring, management: MNOs are advised to monitor networks for suspicious activity. The novelty with LTE is that operators need not only be concerned about protecting their own networks but also reach agreements with neighbouring cell operators and partners at interconnection points on configuration management, performance management, fault management and security management at the edge and in the core.

Load balancing: Operators must protect their networks from signal surges directed at any of the elements of the EPC. Policies, shaping, and prioritisation of traffic volumes should be used to prevent overload. These would help reduce effects of attempted DoS/DDoS attacks. The operator may consider conducting a hop by hop analysis between network elements to ensure security between elements. Deployment of security gateways, firewalls, IDS and IPS are recommended by many infrastructure vendors.

Want to find out more about this topic?

Request a FREE Technical Inquiry!