CYBER-SECURED 4G/LTE PMR NETWORKS - · PDF fileCYBER-SECURED 4G/LTE PMR NETWORKS ... for example signalling 1. 4G/LTE PMR NETWORKS: A NEW SECURITY PARADIGM 4G/LTE PMR

Embed Size (px)

Citation preview

  • w w w . t h a l e s g r o u p . c o m

    CYBER-SECURED 4G/LTE PMR NETWORKSGuaranteeing mission success with always available and operational network

  • 2 _ Cyber-secured 4G/LTE PMR networks

    The evolution of legacy voice centric PMR networks to 4G/LTE PMR networks is set to deliver safety and operational efficiency improvements to mission-critical organisations. This evolution also opens up the way for new deployment models using dedicated networks, commercial networks or a combination of both. However, open standards and IP technologies, together with the interconnection with other networks, expose 4G/LTE PMR networks to potential cybersecurity threats that can lead to network service outages or compromised data. A mission critical network must always be available; as a result it is fundamental to apply a security by design approach when deploying a 4G/LTE PMR network.This white paper examines the cyber security threats to the LTE core network and the subsequent mitigation techniques. The LTE core network transports all LTE PMR services, and is, as a result, considered the most critical component of a 4G/LTE system.

    EXECUTIVE SUMMARY

    The white paper goes on to outline guidelines to designing a cyber-secured LTE core network and provides examples of security architectures and solutions: Common practices to segregate flows of different logical planes should be enhanced with a multi-tier approach where security is enforced orthogonal to the logical planes in isolated and dedicated tiers,

    Secured interconnection practices with external networks such as the Internet or LTE networks of roaming partners should be enhanced with specific LTE based security practices to protect the home network against malicious and non-malicious attacks,

    Anti-DDoS best practices to mitigate one the major cybersecurity threats,

    Guaranteeing the system is cyber-secured 24/7 by deploying a Threat Management Centre that monitors and prevents threats in real time and ensures the latest cyber-secured measures are quickly implemented for maximum 4G/LTE PMR services availability.

    Thales is a leader in cybersecurity and a key actor in PMR industry for more than 15 years. Thales is uniquely positioned to support mission-critical organisations in securing their 4G/LTE PMR system to guarantee mission-critical broadband services.

  • TABLE OF CONTENTS

    EXECUTIVE SUMMARY 2

    1 4G/LTE PMR NETWORKS: A NEW SECURITY PARADIGM 4

    2 4G/LTE PMR NETWORK: SECURITY BY DESIGN 6

    2.1 Security Enforcement Points 6 2.2 Securing LTE Hosting Platforms 7 2.3 Securing Interfaces To Backbone Networks 8 2.4 Securing Peering With Roaming Partners 8 2.5 Thales Security Design Implementation 9

    3 PROTECTING AGAINST DDOS ATTACKS 11

    3.1 DDoS Attack Trends 11 3.2 An Hybrid DDoS Protection Architecture 12

    4 KEEPING PACE WITH CYBER THREATS 13 4.1 Cyber Security Operations 13 4.2 Anti-DDoS Operations 14

    5 CONCLUSION 15

    GLOSSARY 16

    Cyber-secured 4G/LTE PMR networks _ 3

  • Mission-critical users (namely Public Safety agencies, Defence Forces, Transportation operators, Energy suppliers and Critical Industries) today need 21st century communications capabilities to confront 21st century threats and missions. It is now a fact that legacy voice-centric PMR (Private Mobile Radio) networks will evolve to 4G/LTE (Long Term Evolution) multimedia-centric networks. With 4G/LTE, mission critical users can access real-time voice, high speed data, instant location and video services. 4G/LTE also makes it possible to quickly integrate new IP-based applications and sensors tailored to users missions. This trend has already started in a number of countries and will continue to grow around the world and within mission-critical organisations in the near future.

    However, an all-IP architecture also triggers new challenges as it dramatically changes the cybersecurity threat profile of PMR services delivery. The use of open standards and technologies together with the availability of full-featured mobile equipment, expose 4G/LTE PMR infrastructure to new cyber threats with potentially disruptive consequences: service disruption that may endanger lives or service outages in critical operations, data theft or compromised data. Besides, these cyber threats can be non-malicious threats, for example signalling

    1. 4G/LTE PMR NETWORKS: A NEW SECURITY PARADIGM

    4G/LTE PMR systems are based on the commercial 3GPP standard that uses an all-IP architecture. This enables users to benefit more quickly from new capabilities and services. 4G/LTE offers multiple deployment models including dedicated networks, Secured MVNO (Mobile Virtual Network Operators) or a federation of both. Besides, terminals, networks and group communications services are all standardized. Unlike legacy PMR systems that remain siloed, 4G/LTE are naturally interoperable. As terminals, networks and group communication services are all standardized, 4G/LTE can interconnect networks of different organisations to enable transparent roaming of mission-critical users between different partners networks and interoperable communications between users of different organizations.

    storm, or malicious threats, for example intrusion attempts from a computer installed with specific tools, or DDoS attacks.Mission-critical organisations also have to consider the numerous borders with external networks that may be a source for attacks, namely mobile equipment, radio access network, the Internet, application networks and roaming partner networks (commercial operators and/or other mission-critical organisations).

    Figure 1 - 4G/LTE PMR deployment models

    Control Rooms

    PMR App Servers

    Own EPC Own EPC Own EPC

    Own LTE RAN

    Own LTE RAN

    MNO A

    MNO A

    MNO N

    MNO N

    Partner LTE RAN

    FEDERATEDS-MVNODEDICATED

    Partner EPC

    4 _ Cyber-secured 4G/LTE PMR networks

  • Cyber-secured 4G/LTE PMR networks _ 5

    In this context, mission-critical operators must firstly protect the services provided to their end-users by improving the robustness of their infrastructure and protecting core data assets (subscribers database), and secondly, ensure privacy by protecting the communications.

    Security is not an option for mission-critical networks. It is a fundamental element of the 4G/LTE PMR infrastructure design.

    This white paper explores cybersecurity practices to mitigate threats to the LTE core network (aka Evolved Packet Core or EPC) infrastructure.

    Figure 2: 4G/LTE PMR network main cyber threats

    hSS

    NMS

    MME

    MME

    PARTNERS CORE NETWORK INFRASTRUCTURE

    S/PGW

    PGWSGW

    PCRF

    PCRF

    Mobile backhaul network

    Mobile backhaul network

    LTE MOBILE CORE

    PMR Application function

    Internet

    Use of protocol vulnerabilities (GTP or SCTP) to attempt service disruption or malicious access

    Malicious user attempting access to control core elements from IPX

    Misuse of control elements at roaming partner side can lead to unexpected messages or traffic volume (Non malicious threats)

    Unauthorized access to Management servers can lead to misconfiguration of critical assets

    Intrusion attempts leveraging protocols vulnerabilities or open services

    Applicative and volume denial of service on gateways

    Malicious access to critical core elements (eg: HSS) and data modification (eg: K, charging data)

    Malware modifies the configuration of communication gateway

    Modification of HSS data can lead to stealing service

    Signaling attack from rogue device or malware on Base Station)

    Eavesdropping Data Tampering

    Use of protocol weaknesses (forged GTP messages) to attempt service disruption

  • Security by design starts with the identification of the 4G/LTE PMR networks security enforcement points. Once these points and related threats are known, specific actions can be taken.

    2.1 SECURITy ENFORCEMENT POINTSFive security enforcement points have been identified to achieve the relevant level of security expected for the 4G/LTE PMR infrastructure.

    1 Secured hosting platform leveraging the Defence-in-depth concept to enhance protection of the LTE core network assets. The essential targets are the protection of the Management plane as well as the Control plane. Depending on the context of use and throughput requirements, User Plane may also be considered in order to protect the User Plane assets and user devices.

    2 3 Secured interface to external networks for EPC that provides an architectural framework to limit exposure of the LTE infrastructure to external threat agents (i.e. mobile terminal and packet data networks such as the Internet).

    2. 4G/LTE PMR NETWORK: SECURITY BY DESIGN

    4 Secured interfaces to roaming partners to provide protection of IP peering interactions with relevant peering partners (in case of various roaming scenarios). Up to a certain extent, peering partners may be considered as external threat agents.

    5 Security Mediation (log management and monitoring) that provides an OSS-level capacity supporting the need to monitor security-relevant activity on the LTE platform through log collection, and aggregation from the various LTE network elements and security building blocks.

    Figure 3 - LTE Security Enforcement Points

    5hSS NMS

    MME

    MME

    PARTNERS CORE NETWORK INFRASTRUCTURE

    S/PGW

    PGWSGW

    PCRF

    PCRF

    Mobile backhaul network

    Mobile backhaul network

    LTE MOBILE CORE

    PMR Application function

    Internet

    ROAMING INTERFACES PROTECTION CTRL Plane S6a and S9 firewalling to protect

    homed critic