& cplSiteName &

Securing LTE: It's Worth the Capex

Patrick Donegan
9/20/2013
50%
50%

It's good to see the needle finally starting to shift as regards the implementation of security in LTE networks. LTE traffic in the US and Korea today has 3GPP encryption from the end-user device all the way to the eNode B. But from the eNode B back across the IP backhaul into the IP core that traffic unencrypted. The user plane, control plane, management plane: all of it is unencrypted.

3rd Generation Partnership Project (3GPP) identified this as a security flaw many years ago and prescribed IPsec as the fix where operators consider their backhaul networks to be "untrusted" -- or vulnerable to unauthorized intervention -- for LTE.

But whereas operators in the US and South Korea don't yet think of this as a vulnerability that's worth closing off, many of the big European operators are taking a different view and are taking the lead in adopting IPsec as LTE is rolled out.

Deutsche Telekom AG (NYSE: DT) deserves credit for being the world leader in this regard. DT introduced IPsec with its own LTE launch in Germany at 700 MHz, and is now extending the same policy across all its European affiliates. Look under the hood of Everything Everywhere Ltd.'s (EE) LTE network in the UK and you'll find IPsec delivered to all its LTE cell sites. Orange affiliates will do the same (albeit not necessarily to all LTE sites), and other large European operator groups including Telecom Italia (TIM) are headed down that same path.

There's certainly an initial capex hit when deploying IPsec. But many of the fears of a negative impact on network performance and high opex are being allayed by this second wave of European deployments. These typically consist of a single IPsec tunnel being instantiated at the eNode B, and then kept in service permanently, rather than huge volumes of tunnels being dynamically set up and torn down again. They are also showing a minimal impact on latency, allowing operators to keep well within the 20-30 millisecond targets that are key to LTE's core value proposition.

Heavy Reading's forecast is that the proportion of the world's LTE cell sites that support IPsec will grow from 15 percent at the end of 2013 to 35 percent at the end of 2015, and to 53 percent by the end of 2017. We expect growth will be driven by several factors, including:

  • the ongoing migration of hacker time and attention from the wireline to the mobile networking environment;
  • competitive pressures arising from one operator in a market deploying IPsec, driving competitors to respond;
  • the probability of threat incidents arising from operators failing to deploy IPsec and becoming publicized; and
  • the growing recognition that lacking near-bulletproof security will be a show-stopper when operators look to drive the next generation of LTE revenue opportunities with major vertical industry partners, such as health insurance providers.

We assume there will still be a sizeable number of LTE operators that are still allowing clear text to transit across their backhaul networks four years from now. But we also expect that a financial analysis of LTE operators four years hence will show a pretty close correlation between support for end-to-end network security and superior financial performance.

This and many other issues will be debated at Light Reading's second annual conference on Mobile Network Security in New York on December 5.

— Patrick Donegan, Senior Analyst, Heavy Reading

(5)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
OpEd
50%
50%
OpEd,
User Rank: Light Beer
9/22/2013 | 7:35:29 PM
We agree with your assessment!
Patrick,

Thank you for drawing attention to this subject. As you know Stoke as been actively securing traffic on the S1 link in LTE networks for a number or years with deployments in Europe, at NTT Docomo, and a new deployment at Sofbank in Japan announced last week. We are seeing the same trends you reported with greater interest across the board.

We agree too with the myth about performance issues as purpose built devices are delivering latency in micro-seconds, not milliseconds, for encryption / decryption functions. Areas where operators are frequently underestimating security system complexity is in link resilience, routing, and MTU.  These are system wide issues that need proper diligence and planning to avoid surprises and project delays.

The other interesting observation we are making is the emerging requirement to protect core network functions from deliberate or unintentional control plane traffic overload. Assuring 'functional safety' is becoming another imperative for LTE operators, and that functionality coupled with the security gateway improves the CAPEX justification further still.

Dan McBride - VP Marketing, Stoke, Inc.
chuckj
50%
50%
chuckj,
User Rank: Light Sabre
9/22/2013 | 9:27:33 AM
any bandwidth left to add another layer
I was in downtown mountainview, on the Chinese side, my download speed laws 120k with Verizon LTE. I had the same trouble a couple of weeks ago in multiple locations in manhattan.
DanJones
50%
50%
DanJones,
User Rank: Blogger
9/20/2013 | 3:20:47 PM
Re: I hear you telephone thing, listening in
"If these operators aren't pricing security as a premium service for some LTE customers but rather as a basic service for all LTE customers, why should anyone else?"

 

Cos they're in it for the benjamans?
pdonegan67
50%
50%
pdonegan67,
User Rank: Light Sabre
9/20/2013 | 3:13:14 PM
Re: I hear you telephone thing, listening in
Every mobile operator that offers 3GPP-based 2G or 3G services provides native 3GPP encryption from the handset all the way back to the BSC or RNC.

In the case of LTE, encryption and/or e Node B authentication (based on IPsec) are optional from the eNode B back to the core (EPC).

T-Mobile's affiliates in Germany and throughout Europe are investing in the IPsec encryption on that "backhaul" link for each and every one of its customers.

If these operators aren't pricing security as a premium service for some LTE customers but rather as a basic service for all LTE customers, why should anyone else?
DanJones
50%
50%
DanJones,
User Rank: Blogger
9/20/2013 | 2:46:12 PM
I hear you telephone thing, listening in
There's been some more interest in cellphone encryption and security situations here in the US following the NSA revelations. Could an operator recoup some of the initial cost by charging more for a "secure service plan"? If such a thing could *actually* be created, that is
More Blogs from Heavy Lifting Analyst Notes
NICs have evolved many times, and the smart NIC is the next step, offering a programmable resource that can be configured to provide additional CPU offload functions for different applications.
Operators are applying artificial intelligence and machine learning technologies to leverage the power of their new programmable, software-based networks.
This year's show evinced healthy interest in effectively using data and analytics to run telecom businesses better, but how well are operators actually doing with it?
FTTx rollouts need a more automated process for collecting and analyzing test results, and analytics could provide the answer.
Driven by web-scale Internet companies, three key trends – disaggregation in terminals, open line systems and 100G+ transponders – are reshaping the DCI market.
Featured Video
From The Founder
Light Reading is spending much of this year digging into the details of how automation technology will impact the comms market, but let's take a moment to also look at how automation is set to overturn the current world order by the middle of the century.
Flash Poll
Upcoming Live Events
November 30, 2017, The Westin Times Square
December 5-7, 2017, The Intercontinental Prague
March 20-22, 2018, Denver Marriott Tech Center
May 14-17, 2018, Austin Convention Center
All Upcoming Live Events
Infographics
SmartNICs aren't just about achieving scale. They also have a major impact in reducing CAPEX and OPEX requirements.
Hot Topics
When Will 6G Arrive? Hopefully Never, Says BT's McRae
Iain Morris, News Editor, 11/21/2017
Let's Talk About 5G Efficiency, Not Wacky Services
Iain Morris, News Editor, 11/21/2017
AT&T's Lurie Leaps to Synchronoss as New CEO
Dan Jones, Mobile Editor, 11/17/2017
Wireless Could Arrive Soon in NYC Subway Tunnels
Dan Jones, Mobile Editor, 11/20/2017
Sprint COO Ottendorfer Jumps Ship
Dan Jones, Mobile Editor, 11/17/2017
Animals with Phones
Live Digital Audio

Understanding the full experience of women in technology requires starting at the collegiate level (or sooner) and studying the technologies women are involved with, company cultures they're part of and personal experiences of individuals.

During this WiC radio show, we will talk with Nicole Engelbert, the director of Research & Analysis for Ovum Technology and a 23-year telecom industry veteran, about her experiences and perspectives on women in tech. Engelbert covers infrastructure, applications and industries for Ovum, but she is also involved in the research firm's higher education team and has helped colleges and universities globally leverage technology as a strategy for improving recruitment, retention and graduation performance.

She will share her unique insight into the collegiate level, where women pursuing engineering and STEM-related degrees is dwindling. Engelbert will also reveal new, original Ovum research on the topics of artificial intelligence, the Internet of Things, security and augmented reality, as well as discuss what each of those technologies might mean for women in our field. As always, we'll also leave plenty of time to answer all your questions live on the air and chat board.

Like Us on Facebook
Twitter Feed
Partner Perspectives - content from our sponsors
The Mobile Broadband Road Ahead
By Kevin Taylor, for Huawei
All Partner Perspectives