& cplSiteName &

Securing LTE: It's Worth the Capex

Patrick Donegan
9/20/2013
50%
50%

It's good to see the needle finally starting to shift as regards the implementation of security in LTE networks. LTE traffic in the US and Korea today has 3GPP encryption from the end-user device all the way to the eNode B. But from the eNode B back across the IP backhaul into the IP core that traffic unencrypted. The user plane, control plane, management plane: all of it is unencrypted.

3rd Generation Partnership Project (3GPP) identified this as a security flaw many years ago and prescribed IPsec as the fix where operators consider their backhaul networks to be "untrusted" -- or vulnerable to unauthorized intervention -- for LTE.

But whereas operators in the US and South Korea don't yet think of this as a vulnerability that's worth closing off, many of the big European operators are taking a different view and are taking the lead in adopting IPsec as LTE is rolled out.

Deutsche Telekom AG (NYSE: DT) deserves credit for being the world leader in this regard. DT introduced IPsec with its own LTE launch in Germany at 700 MHz, and is now extending the same policy across all its European affiliates. Look under the hood of Everything Everywhere Ltd.'s (EE) LTE network in the UK and you'll find IPsec delivered to all its LTE cell sites. Orange affiliates will do the same (albeit not necessarily to all LTE sites), and other large European operator groups including Telecom Italia (TIM) are headed down that same path.

There's certainly an initial capex hit when deploying IPsec. But many of the fears of a negative impact on network performance and high opex are being allayed by this second wave of European deployments. These typically consist of a single IPsec tunnel being instantiated at the eNode B, and then kept in service permanently, rather than huge volumes of tunnels being dynamically set up and torn down again. They are also showing a minimal impact on latency, allowing operators to keep well within the 20-30 millisecond targets that are key to LTE's core value proposition.

Heavy Reading's forecast is that the proportion of the world's LTE cell sites that support IPsec will grow from 15 percent at the end of 2013 to 35 percent at the end of 2015, and to 53 percent by the end of 2017. We expect growth will be driven by several factors, including:

  • the ongoing migration of hacker time and attention from the wireline to the mobile networking environment;
  • competitive pressures arising from one operator in a market deploying IPsec, driving competitors to respond;
  • the probability of threat incidents arising from operators failing to deploy IPsec and becoming publicized; and
  • the growing recognition that lacking near-bulletproof security will be a show-stopper when operators look to drive the next generation of LTE revenue opportunities with major vertical industry partners, such as health insurance providers.

We assume there will still be a sizeable number of LTE operators that are still allowing clear text to transit across their backhaul networks four years from now. But we also expect that a financial analysis of LTE operators four years hence will show a pretty close correlation between support for end-to-end network security and superior financial performance.

This and many other issues will be debated at Light Reading's second annual conference on Mobile Network Security in New York on December 5.

— Patrick Donegan, Senior Analyst, Heavy Reading

(5)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
OpEd
50%
50%
OpEd,
User Rank: Light Beer
9/22/2013 | 7:35:29 PM
We agree with your assessment!
Patrick,

Thank you for drawing attention to this subject. As you know Stoke as been actively securing traffic on the S1 link in LTE networks for a number or years with deployments in Europe, at NTT Docomo, and a new deployment at Sofbank in Japan announced last week. We are seeing the same trends you reported with greater interest across the board.

We agree too with the myth about performance issues as purpose built devices are delivering latency in micro-seconds, not milliseconds, for encryption / decryption functions. Areas where operators are frequently underestimating security system complexity is in link resilience, routing, and MTU.  These are system wide issues that need proper diligence and planning to avoid surprises and project delays.

The other interesting observation we are making is the emerging requirement to protect core network functions from deliberate or unintentional control plane traffic overload. Assuring 'functional safety' is becoming another imperative for LTE operators, and that functionality coupled with the security gateway improves the CAPEX justification further still.

Dan McBride - VP Marketing, Stoke, Inc.
chuckj
50%
50%
chuckj,
User Rank: Light Sabre
9/22/2013 | 9:27:33 AM
any bandwidth left to add another layer
I was in downtown mountainview, on the Chinese side, my download speed laws 120k with Verizon LTE. I had the same trouble a couple of weeks ago in multiple locations in manhattan.
DanJones
50%
50%
DanJones,
User Rank: Blogger
9/20/2013 | 3:20:47 PM
Re: I hear you telephone thing, listening in
"If these operators aren't pricing security as a premium service for some LTE customers but rather as a basic service for all LTE customers, why should anyone else?"

 

Cos they're in it for the benjamans?
pdonegan67
50%
50%
pdonegan67,
User Rank: Light Sabre
9/20/2013 | 3:13:14 PM
Re: I hear you telephone thing, listening in
Every mobile operator that offers 3GPP-based 2G or 3G services provides native 3GPP encryption from the handset all the way back to the BSC or RNC.

In the case of LTE, encryption and/or e Node B authentication (based on IPsec) are optional from the eNode B back to the core (EPC).

T-Mobile's affiliates in Germany and throughout Europe are investing in the IPsec encryption on that "backhaul" link for each and every one of its customers.

If these operators aren't pricing security as a premium service for some LTE customers but rather as a basic service for all LTE customers, why should anyone else?
DanJones
50%
50%
DanJones,
User Rank: Blogger
9/20/2013 | 2:46:12 PM
I hear you telephone thing, listening in
There's been some more interest in cellphone encryption and security situations here in the US following the NSA revelations. Could an operator recoup some of the initial cost by charging more for a "secure service plan"? If such a thing could *actually* be created, that is
More Blogs from Heavy Lifting Analyst Notes
Challenging the dominance of coherent detection, direct detection modulation has re-emerged as an economically viable option in metro data center interconnection (DCI).
Designed-for-purpose, private LTE systems are emerging as the preferred wireless platform for enterprises with production-critical automation and mobility needs.
The 'cloudification' phase ain't no walk in the park.
Robotic process automation (RPA) combined with AI can significantly increase the scope for automation in telecom service operations.
While there is little debate that fiber-based fronthaul is the future, there is concern that the CPRI protocol, as it stands, does not scale to the demands of 5G.
From The Founder
Kicking off BCE 2017, Light Reading founder Steve Saunders lays blame for NFV's slow ramp-up and urges telecom to return to old-fashioned standards building and interoperability.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
Women in Comms Introduction Videos
Cisco: Mentoring Critical to Attract & Retain Women

7|19|17   |   6:40   |   (1) comment


Liz Centoni, senior vice president and general manager of Cisco's Computing System Product Group, shares why mentoring in all its forms is important for women and what Cisco is doing that's made a difference for women in tech.
LRTV Custom TV
Gigabit LTE With Snapdragon 835

7|12|17   |     |   (1) comment


At an event in Wembley stadium, EE used its live network to demonstrate gigabit LTE using a Sony Xperia XZ Premium smartphone with a Qualcomm Snapdragon 835 chip.
LRTV Custom TV
Implementing Machine Intelligence With Guavus

7|12|17   |     |   (0) comments


Guavus unites big data and machine intelligence, enabling many of the the largest service providers in the world to save money and drive measureable revenue. Learn how applying Machine Intelligence substantially reduces operational costs and in many cases can eliminate subscriber impact, meaning a better subscriber experience and higher NPS.
LRTV Custom TV
Unlocking Customer Experience Insights With Machine Intelligence

7|12|17   |     |   (0) comments


When used to analyze operational data and to drive operational decisions, machine intelligence reduces the number of tasks which require human intervention. Guavus invested in Machine Intelligence early. Learn about the difference between Machine Learning and Machine Intelligence.
Women in Comms Introduction Videos
Verizon VP Talks Network, Career Planning

7|12|17   |   4:49   |   (0) comments


Heidi Hemmer, vice president of Technology, Strategy & Planning at Verizon, shares how bold bets and the future of tech define her career.
Telecom Innovators Video Showcase
Masergy's NFV Journey

7|11|17   |     |   (0) comments


Ray Watson, vice president of global technology at Masergy, discusses the advantages and challenges in entering the still-maturing NFV market for the past three years.
Telecom Innovators Video Showcase
Mavenir on RCS Cloud Platform & Multi-ID

7|10|17   |     |   (0) comments


Guillaume Le Mener, head of marketing and corporate development at Mavenir, discussed RCS and the recent launch of Multi-ID, which supports T-Mobile's DIGITS, the revolutionary new technology that breaks down the limitation of one number per phone and one phone per number.
LRTV Custom TV
ADTRAN Executive Outlines Trends in Next-Generation 10-Gigabit Cable Networks

7|10|17   |     |   (0) comments


Hossam Salib, VP of Cable and Wireless Strategy at ADTRAN, outlines key trends as MSOs begin to deploy next-generation Gigabit and 10-Gigabit cable networks. In the interview, Hossam outlines the advantages of a Fiber Deep architecture, FTTH options including EPON and RFoG, and the importance of SDN and NFV in building next-generation high-bandwidth cable networks.
LRTV Interviews
Global Capacity: Bandwidth Demand Driving Ethernet Growth

7|6|17   |   6:37   |   (0) comments


At Light Reading's Big Communications Event in Austin, Texas, Global Capacity's VP of Marketing Mary Stanhope talks about how the demand for bandwidth is changing the way service providers deliver broadband services.
LRTV Interviews
Colt's Services Chief on Digital Delivery

7|5|17   |   16:12   |   (0) comments


Rogier Bronsgeest, the chief customer experience officer (chief CEO!) at Colt, discusses the way in which the service provider interacts with its customers these days and his aggressive net promoter score (NPS) targets.
Women in Comms Introduction Videos
BT VP: Women Should Fill Security Talent Gap

7|5|17   |   6:00   |   (2) comments


By 2020 there will be six security jobs for every qualified worker, and Kate Kuehn, vice president of Security for BT in the Americas, says BT wants to encourage women to fill the shortage in jobs.
LRTV Interviews
Colt Sales Exec on Services Trends

7|4|17   |   12:59   |   (0) comments


Colt's sales director for enterprise, James Kershaw, sheds some light on the services currently in demand and how network upgrades are influencing customer demand.
Upcoming Live Events
September 28, 2017, Denver, CO
October 18, 2017, Colorado Convention Center - Denver, CO
November 1, 2017, The Royal Garden Hotel
November 1, 2017, The Montcalm Marble Arch
November 2, 2017, 8 Northumberland Avenue, London, UK
November 30, 2017, The Westin Times Square
All Upcoming Live Events
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Mobile to Power Online Video Consumption – Zenith
Aditya Kishore, Practice Leader, Video Transformation, Telco Transformation, 7/19/2017
Can Mushroom Sprout in Crowded SD-WAN Field?
Carol Wilson, Editor-at-large, 7/18/2017
AI Will Be Ubiquitous in 2020 but Overhyped in 2017 – Gartner
Sarah Thomas, Director, Women in Comms, 7/18/2017
Facing the Facebook Video Threat
Gary Miles, Chief Marketing Officer, Amdocs, 7/17/2017
Brocade, Broadcom Merger in Doubt
Iain Morris, News Editor, 7/19/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
One of the nice bits of my job (other than the teeny tiny salary, obviously) is that I get to pick and choose who I interview for this slot on the Light Reading home ...
Animals with Phones
Fuzzy Quick Fix Click Here
If you can't access it, is it really broken?
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.