IPSec: Securing LTE longevity

04 November 2013 |


Internet Protocol Security (IPSec) is a technology protocol suite designed to secure IP communications, through authentication or encryption of the IP packet in a communication session.

What is IPSec?
IPSec offers end-to-end security in the internet layer of the internet protocol suite, and is used to protect data flows between two hosts, two security gateways or a host and a security gateway during a session.

The technology includes protocols for establishing mutual authentication between parties at the beginning of a session and negotiation of cryptographic keys to be used for the duration.

IPSec is fast becoming the preferred method of internet security, as an application does not have to be specially created to be able to use it. Older methods of protection such as the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) operate in the upper layer of an IP model, and have to be designed into an application in order to operate.

Why do we need IPSec?
For LTE networks in particular, IPSec is evolving as an effective method of protection. The architecture of LTE makes it more vulnerable to attack when compared with that of a 3G network.

Network infrastructure provider Adax has been working intensively to develop a method of protecting an LTE network and Robin Kent, director of operations for Adax Europe, believes IPSec is the answer.

"Security is an issue with LTE because it's a much flatter network," he says. "With 3G, the base station went through about four hops before it got to the core network."

Kent explains that as LTE runs straight from base station to port, there is more opportunity for hacking on the network.

"I'm not scaremongering, but at some point somebody's going to realise that it's not difficult to have a go at hacking the core network from your mobile phone. You've got to secure the core network at the entry point, and the way to do that will be with IPSec."

The Internet Engineering Task Force (IETF) has endorsed the IPSec protocol to defend against security threats such as data theft and corruption, network-based attacks, user credential theft and unauthorised administrative control of a network and its servers.

What issues does IPSec address?
A report from Tellabs identifies that there are further weaknesses in LTE networks, when compared with 3G networks.

To enforce security in 3G networks, operators usually encrypt traffic that flows between subscriber equipment and the radio network controller (RNC), which is installed in a secure building.

With LTE, encryption measures terminate at operator base stations – or eNodeBs – to protect traffic between subscriber device and the RNC.

"They often deploy eNodeBs in publicly accessible locations and, in an effort to increase network capacity, deploy femtocells in equally accessible areas, such as airports and shopping centres, where it's nearly impossible to protect the active electronics," the report says.

As a result, traffic between the base station and the core is virtually unprotected, reiterating the clear need for IPSec in LTE networks.

"Clearly, operators must implement IPSec in their LTE networks if they expect to provide secure connections that protect the mobile core," the Tellabs report continues.

Adax has been addressing these security loopholes by designing a technology to provide advanced levels of protection for the LTE network, which is due to be launched later this year. The Adax SEG+ is the company's security gateway answer and is expected to protect data and signalling traffic, as well as provide specialised support for servers.

What is the next step for IPSec?
Regulations formulated by the IETF state that all vendors must now implement IPSec capability in their platforms to comply with IPv6 standards.

Although most network operators are still making the transition from IPv5 to IPv6, companies such as Adax are already planning for the adoption of IPv7.

"As always, we are keeping a close eye on the needs of our customers and will be ready to address the needs of IPv7 once the market begins to demand a new protocol," Kent says.

"I think this [IPv7] is the next big issue that operators and network equipment providers are going to have to face, as they start to deploy LTE and expand the 3G network."

Kent believes that network security is of growing concern for both operators and vendors, especially as smartphones become more advanced and able to complete a multitude of tasks simultaneously.

"The more that happens on that phone, the more it's going to have to be secure," he continues.

He believes the implementation of IPSec as a security measure is only going to increase in the coming years and notes Apple's recent purchase of Femtech – a software security company which developed Adax's IPSec software – as a particularly shrewd move towards increased involvement the sector.

"It gave them real leverage in the market," Kent says.