Overcoming Small Cells Security and Deployment Challenges
As part of our series of blogs with Small Cell Forum Members who are supporting the Small Cell Zone and Mobile World Congress 2015, Dilip Pillaipakam of Mavenir has written this blog.
By Dilip Pillaipakam,
VP Product Marketing
Improvement in-building coverage, plugging coverage gaps in rural or remote areas and augmenting macro capacity – these are compelling operator needs that will propel LTE small cells from infancy to massive deployment over the next few years. Deepening threats to subscriber communications and network infrastructure will also require operators to maintain even higher security and protection levels, as they deploy small cells into less physically protected public environments. The sheer volume of small cells (expected to be 10-40 times more than macro cells) and the use of Internet backhaul (which is inherently insecure) presents some deployment challenges for security and protection that are unique to small cells and must be addressed by the operator.
Provisioning, configuration and management routines that may have been cost effective for 50,000 macro cells will become unsustainable as small cell sites grow into the 100 thousands or millions.
For example, operators will need an architecture that allows for bootstrapping of small cells (i.e. loading of startup config) and intelligent load balancing of the traffic. This has implications on the capabilities of the core network and especially the security gateway. The security gateway will need the ability to issue the appropriate certificate to the femto cell after initial authentication and also support a mechanism for session-aware load balancing across security gateways, based on each security gateway session.
Secondly, due to the large number of cells that need to be aggregated, small cells are more likely to create signaling traffic storms, overloading the MME with signaling traffic and creating service outages. Similar to a malicious denial of service attack, unexpected signaling storms could occur due to power outages (resulting in a large number of cells re-establishing their connections at the same time), misbehaving smartphone apps and misconfigured/rogue small cells. To protect the core network from such DOS- like situations, the security gateway needs to support the ability to monitor, police and shape a variety of signaling protocols, including IKE, SCTP and S1.
To address the challenges of unsecure physical locations and backhaul integrity (i.e. the lack of it), operators will look for the security gateway to provide robust security features. These include support for certificate-based authentication, longer key sizes (1024 or 2048 bit key size) and rapid rekeying for encryption.
“A Year of Mega Breaches” that’s how Ponemon Institute characterized 2014 , citing eight separate highly publicized breaches that collectively impacted over 290 million consumers and businesses. With stronger and more frequent attacks, hackers and hacktivists are exploiting security holes not recognized by organizations, despite strong protection measures. This trend is moving to mobile networks. In a recent survey by Arbor Networks, 17% of service providers indicated that they had experienced a service outage caused by a security incident within the last year.
The business costs for a security breach or service disruption are high for mobile operators. They have invested billions in LTE networks and at least one survey has indicated that over half of subscribers would switch operators after a major security incident. But cost effective deployment and management are equally important, so operators will need to carefully consider provisioning, authentication and signaling management as they plan to deploy LTE small cells securely.
Fred Esbert, Sr. Sales Director for Mavenir Systems will be presenting, “Small Cells Security: Overcoming Deployment Challenges” at the Small Cells Forum Pavilion at Mobile World Congress on Monday, March 2 at 1:30 pm.
Mavenir Systems (NYSE: MVNR) provides software-based networking solutions that enable mobile service providers to deliver next generation services over 4G LTE networks. Mavenir™ has an end to end portfolio of Voice/Video, Messaging and Mobile Core products that include IP Multimedia Subsystem (IMS), Evolved Packet Core (EPC), Security Gateway (SEG), Session Border Controller (SBC) and Diameter Routing Agent (DRA). The Mavenir solutions are based on the award-winning mOne® software platform and leverage NFV and SDN technologies for deployments on cloud-based infrastructure.
 The security aspects of small cells have been well documented by the Small Cells Forum in Release 4 and further described in an earlier SCF blog post
 Arbor Networks, “Worldwide Infrastructure Security Report, 10th annual”. http://www.arbornetworks.com/news-and-events/press-releases/recent-press-releases/5351-arbor-networks-10th-annual-worldwide-infrastructure-security-report-finds-50x-increase-in-ddos-attack-size-in-past-decade