Mobile security

Small Cells Exposed! Securing the Mini-RANs

Small cells are one of the few network elements that are actually exposed to the full force of the outside world. That also means they are exposed to new security threats, as mobile network operators are just discovering.

The beauty of small cells is that they are compact and easily deployed on lamp posts, on the side of buildings, or any physical structure, indoors or outdoors. That also presents a key challenge -- they lack any physical security.

What's more, the fact they are hooked up to all-IP backhaul connections increases their vulnerability to hacking.

"Because of the physical vulnerability and accessibility of public access small cells, many operators will deploy security solutions like IPsec encryption to support their public access small cells," says Heavy Reading analyst Patrick Donegan.

Vitesse Semiconductor Corp. (Nasdaq: VTSS), which builds silicon for small cells, is addressing this issue. Uday Mudoi, the company's VP of product marketing, says the main message to carriers is that Layer 3 IPsec alone won't do the job. It's already popular in the network core, he says, but it's power hungry, processor hungry, and it's harder to scale to a higher speed since it is so processing oriented.

Because of that, a number of carriers including Verizon Wireless , Sprint Corp. (NYSE: S), and AT&T Inc. (NYSE: T), are looking for alternatives, he says. (See Vitesse Targets Small Cells.)

Small cells, he says, need Layer 2 MACsec alongside a standardized encryption process, so they can interoperate with the various other small cells deployed in any given network. It's not as simple as it is on the macro network, however. Adding encryption to small cells can throw off timing in the backhaul by adding extra bytes, which can lead to delays. Mudoi says standards bodies are currently looking at how security mechanisms can coexist with the timing requirement.

Security is of vital importance to small cells, but it's probably not the issue that's holding the market back from wide-scale LTE and multimode small cell deployments. Mudoi says that's because the operators aren't yet ready to think about it. They are too busy working out more basic questions, like what their deployment model is for public access small cells, or whether they will use line-of-sight or no-line-of-sight backhaul. (See Synching Up Small-Cell Backhaul.)

"There are reasons beyond security why people aren't completely converged on figuring out a deployment model," Mudoi says. "Security and timing are starting to become more and more important. Will I go for line-of-sight? At which frequency band? Once those things are resolved, timing and security become more important."

Another good reason for operators to get the security right, says Mudoi, is that, in the US, the Department of Defense won't allow a carrier to operate a network without encryption. That means operators have to care, and they are starting to think more about what the means. "I think I'm seeing a lot more conversation in the industry about security and encryption now than I've seen in the last year," Mudoi says.

— Sarah Reedy, Senior Editor, Light Reading

Interested in learning more on this topic? Then come to Mobile Network Security Strategies, a Light Reading Live event that takes place on December 5, 2013 at the Westin Times Square Hotel in New York City. For more information, or to register, click

Page 1 / 2   >   >>
DanJones 11/27/2013 | 6:26:37 PM
Re: Deployment delays? Yeah, I definitely see people being a little more confident in steering towards 2015 for larger deployments now. We've been burnt before though.
MordyK 11/27/2013 | 6:19:37 PM
Re: Deployment delays? Unfortunately due to the complexity of the environment they need to enter there are more barriers surfacing that need to be surmounted, which has caused significant delay for the early optimists. But IMHO I would say that more than 95% of teh issues have been resolved or are in the process of being resolved, while the remaining issues have a clear roadmap toward being addressed.
DanJones 11/27/2013 | 6:13:25 PM
Re: Secure Small Cells Not saying that PTP won't be used. Just haven't got the impression from the industry that it is so purely cut and dried is all...
DanJones 11/27/2013 | 6:12:26 PM
Re: Deployment delays? Let's hope, eh? Seems like some vendors are banking on that.
Vitesse Semiconductor 11/27/2013 | 5:55:52 PM
Re: Secure Small Cells Small cells will mostly be connected via microwave or millimeter wave, and their topology may often prevent line-of-sight. These circumstances, coupled with the aforementioned security risks, will prevent operators from relying solely on GPS in small cell networks. Among PTP's many features are several mechanisms that can correct for the large packet delay variations (PDV) often found in IP switches and routers. Because even foul weather can increase latency over wireless connections, PTP's defined hierarchy of clocks will be the primary means of delivering nanosecond-accurate frequency and time-of-day synchronization in small cell networks.
MordyK 11/27/2013 | 4:42:12 PM
Re: Deployment delays? I agree. Small cells have generally been plagued by numerous issues that need to be resolved before they take pride of place in the network, which is what's been holding themup for awhile. But the indusry has been very good at methodically going about and addressing the various issues, such as interference, timing, backhau, physical securityl and regulatory, so there's no reason why security will be any different. 

With every additional hurdle being addressed small cells gain more credibility as an option for more deployment scenarios.
DanJones 11/27/2013 | 4:24:33 PM
Re: Secure Small Cells Ha,

Come now, everyone in the industry is dead set on using PTP for sync? Really?
Vitesse Semiconductor 11/27/2013 | 4:20:23 PM
Re: Secure Small Cells Good point, Dan. Whether intentionally spoofed by a hacker or unintentionally thrown off by a passing jammer, GPS can easily fail small cell backhaul networks. This is undoubtedly one of the biggest differences between macro and small cell networks. GPS will likely remain the primary timing solution for macro networks, because it can deliver the combination of phase/time-of-day and frequency synchronization required by LTE networks. However, the numerous security risks mentioned above will force operators to rely on the IEEE1588-2008 Precision Time Protocol (PTP) for accurate network timing in small cell networks. Obviously, getting PTP-enabled equipment to play nice with network encryption will be the next challenge. Operators will need to demand the latest small cell backhaul technology to ensure their grand 2014 plans come to fruition.
Art King 11/27/2013 | 2:34:45 PM
Security is built-in, not bolt-on Sarah,

Read the article with great interest. The Small Cell system the we, at SpiderCloud, have created is purpose built to incorporate numerous security related features down at hardware level (in addition to robust software practices on top of that). These features are both for hardening and meeting security performance goals. Systems architects have to assume an end-to-end hostile environment due to equipment being installed outside the physical control of the mobile operator's. The operator's we are working with are deeply concerned about security and it's not a secondary concern to be dealt with later. The old adage: "You don't really want an incident to put your company on the front page of the Wall Street Journal" is still valid

Vitesse is right that IPSec should not be done in the core processor. In our case, offloading IPSec to a hardware accelerator is acutely important as we can have 100 Radio Nodes running IPSec to the Services Node and one really big IPSec tunnel originating from the Services Node to the mobile operator's Security Gateway in the core.

Some supplementary info here:




Wishing all of the LR people and readers an awesome holiday.




DanJones 11/27/2013 | 1:18:28 PM
Re: Secure Small Cells Don't forget the ol' GPS jammer trick to screw with the backhaul sync!
Page 1 / 2   >   >>
Sign In