& cplSiteName &

Small Cells Exposed! Securing the Mini-RANs

Sarah Thomas
11/27/2013

Small cells are one of the few network elements that are actually exposed to the full force of the outside world. That also means they are exposed to new security threats, as mobile network operators are just discovering.

The beauty of small cells is that they are compact and easily deployed on lamp posts, on the side of buildings, or any physical structure, indoors or outdoors. That also presents a key challenge -- they lack any physical security.

What's more, the fact they are hooked up to all-IP backhaul connections increases their vulnerability to hacking.

"Because of the physical vulnerability and accessibility of public access small cells, many operators will deploy security solutions like IPsec encryption to support their public access small cells," says Heavy Reading analyst Patrick Donegan.

Vitesse Semiconductor Corp. (Nasdaq: VTSS), which builds silicon for small cells, is addressing this issue. Uday Mudoi, the company's VP of product marketing, says the main message to carriers is that Layer 3 IPsec alone won't do the job. It's already popular in the network core, he says, but it's power hungry, processor hungry, and it's harder to scale to a higher speed since it is so processing oriented.

Because of that, a number of carriers including Verizon Wireless , Sprint Corp. (NYSE: S), and AT&T Inc. (NYSE: T), are looking for alternatives, he says. (See Vitesse Targets Small Cells.)

Small cells, he says, need Layer 2 MACsec alongside a standardized encryption process, so they can interoperate with the various other small cells deployed in any given network. It's not as simple as it is on the macro network, however. Adding encryption to small cells can throw off timing in the backhaul by adding extra bytes, which can lead to delays. Mudoi says standards bodies are currently looking at how security mechanisms can coexist with the timing requirement.

Security is of vital importance to small cells, but it's probably not the issue that's holding the market back from wide-scale LTE and multimode small cell deployments. Mudoi says that's because the operators aren't yet ready to think about it. They are too busy working out more basic questions, like what their deployment model is for public access small cells, or whether they will use line-of-sight or no-line-of-sight backhaul. (See Synching Up Small-Cell Backhaul.)

"There are reasons beyond security why people aren't completely converged on figuring out a deployment model," Mudoi says. "Security and timing are starting to become more and more important. Will I go for line-of-sight? At which frequency band? Once those things are resolved, timing and security become more important."

Another good reason for operators to get the security right, says Mudoi, is that, in the US, the Department of Defense won't allow a carrier to operate a network without encryption. That means operators have to care, and they are starting to think more about what the means. "I think I'm seeing a lot more conversation in the industry about security and encryption now than I've seen in the last year," Mudoi says.

— Sarah Reedy, Senior Editor, Light Reading


Interested in learning more on this topic? Then come to Mobile Network Security Strategies, a Light Reading Live event that takes place on December 5, 2013 at the Westin Times Square Hotel in New York City. For more information, or to register, click
here
.


(15)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Page 1 / 2   >   >>
DanJones
DanJones
11/27/2013 | 6:26:37 PM
Re: Deployment delays?
Yeah, I definitely see people being a little more confident in steering towards 2015 for larger deployments now. We've been burnt before though.
MordyK
MordyK
11/27/2013 | 6:19:37 PM
Re: Deployment delays?
Unfortunately due to the complexity of the environment they need to enter there are more barriers surfacing that need to be surmounted, which has caused significant delay for the early optimists. But IMHO I would say that more than 95% of teh issues have been resolved or are in the process of being resolved, while the remaining issues have a clear roadmap toward being addressed.
DanJones
DanJones
11/27/2013 | 6:13:25 PM
Re: Secure Small Cells
Not saying that PTP won't be used. Just haven't got the impression from the industry that it is so purely cut and dried is all...
DanJones
DanJones
11/27/2013 | 6:12:26 PM
Re: Deployment delays?
Let's hope, eh? Seems like some vendors are banking on that.
Vitesse Semiconductor
Vitesse Semiconductor
11/27/2013 | 5:55:52 PM
Re: Secure Small Cells
Small cells will mostly be connected via microwave or millimeter wave, and their topology may often prevent line-of-sight. These circumstances, coupled with the aforementioned security risks, will prevent operators from relying solely on GPS in small cell networks. Among PTP's many features are several mechanisms that can correct for the large packet delay variations (PDV) often found in IP switches and routers. Because even foul weather can increase latency over wireless connections, PTP's defined hierarchy of clocks will be the primary means of delivering nanosecond-accurate frequency and time-of-day synchronization in small cell networks.
MordyK
MordyK
11/27/2013 | 4:42:12 PM
Re: Deployment delays?
I agree. Small cells have generally been plagued by numerous issues that need to be resolved before they take pride of place in the network, which is what's been holding themup for awhile. But the indusry has been very good at methodically going about and addressing the various issues, such as interference, timing, backhau, physical securityl and regulatory, so there's no reason why security will be any different. 

With every additional hurdle being addressed small cells gain more credibility as an option for more deployment scenarios.
DanJones
DanJones
11/27/2013 | 4:24:33 PM
Re: Secure Small Cells
Ha,

Come now, everyone in the industry is dead set on using PTP for sync? Really?
Vitesse Semiconductor
Vitesse Semiconductor
11/27/2013 | 4:20:23 PM
Re: Secure Small Cells
Good point, Dan. Whether intentionally spoofed by a hacker or unintentionally thrown off by a passing jammer, GPS can easily fail small cell backhaul networks. This is undoubtedly one of the biggest differences between macro and small cell networks. GPS will likely remain the primary timing solution for macro networks, because it can deliver the combination of phase/time-of-day and frequency synchronization required by LTE networks. However, the numerous security risks mentioned above will force operators to rely on the IEEE1588-2008 Precision Time Protocol (PTP) for accurate network timing in small cell networks. Obviously, getting PTP-enabled equipment to play nice with network encryption will be the next challenge. Operators will need to demand the latest small cell backhaul technology to ensure their grand 2014 plans come to fruition.
Art King
Art King
11/27/2013 | 2:34:45 PM
Security is built-in, not bolt-on
Sarah,

Read the article with great interest. The Small Cell system the we, at SpiderCloud, have created is purpose built to incorporate numerous security related features down at hardware level (in addition to robust software practices on top of that). These features are both for hardening and meeting security performance goals. Systems architects have to assume an end-to-end hostile environment due to equipment being installed outside the physical control of the mobile operator's. The operator's we are working with are deeply concerned about security and it's not a secondary concern to be dealt with later. The old adage: "You don't really want an incident to put your company on the front page of the Wall Street Journal" is still valid

Vitesse is right that IPSec should not be done in the core processor. In our case, offloading IPSec to a hardware accelerator is acutely important as we can have 100 Radio Nodes running IPSec to the Services Node and one really big IPSec tunnel originating from the Services Node to the mobile operator's Security Gateway in the core.

Some supplementary info here:

http://www.thinksmallcell.com/Enterprise-Femtocells/security-for-enterprise-small-cells.html 

http://www.spidercloud.com/assets/pdfs/RecurityLabs_Security_Testing_0213.pdf 

http://www.spidercloud.com/assets/pdfs/WP_EnterpriseSmallCellArch_092512.pdf 

Wishing all of the LR people and readers an awesome holiday.

Cheers,

~Art

 

 
DanJones
DanJones
11/27/2013 | 1:18:28 PM
Re: Secure Small Cells
Don't forget the ol' GPS jammer trick to screw with the backhaul sync!
Page 1 / 2   >   >>
Featured Video
Upcoming Live Events
October 1-2, 2019, New Orleans, Louisiana
October 10, 2019, New York, New York
October 22, 2019, Los Angeles, CA
November 5, 2019, London, England
November 7, 2019, London, UK
November 14, 2019, Maritim Hotel, Berlin
December 3, 2019, New York, New York
December 3-5, 2019, Vienna, Austria
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events
Partner Perspectives - content from our sponsors
Edge Computing, the Next Great IT Revolution
By Rajesh Gadiyar, Vice President & CTO, Network & Custom Logic Group, Intel Corp
Innovations in Home Media Terminals for the Upcoming 5G Era
By Tang Wei, Vice President, ZTE Corporation
All Partner Perspectives