Lte security concepts and design considerations

WHITE PAPER

LTE Security Concepts and Design Considerations

August, 2013


Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2013 Stoke, Inc. All rights reserved. Lit# 130-0022-001 2

Table of Contents

Introduction ...................................................................................................... 3

LTE Security Defined in the Standards ............................................................ 3

3GPP High Level Security Architecture .................................................................... 3

3GPP Principals of Network Domain Security ........................................................... 4

A Practical Technical Specification for Domain Security – H(e)NB Architecture ........ 6

Operationalizing LTE Network Security ........................................................... 6

Primary Security Domains ........................................................................................ 6

Identifying the Risks .................................................................................................. 7

Comparison of Firewall types: S1 and Internet Firewalls ........................................... 8

Choosing the Right Solution for the Mobile Access Border ....................................... 8

Recommended Solutions .......................................................................................... 9

Looking Forward: Demands are Evolving ...................................................... 10

VoLTE Increases Capacity Requirements .............................................................. 10

Small Cells Increase Tunnel Scale Requirements .................................................. 11

Security eXchange™ - Stoke's LTE Security Gateway Solution .................... 11

Purpose-built, Standalone Security Gateway .......................................................... 11

VoLTE Ready ......................................................................................................... 11

Small Cells Connectivity ......................................................................................... 12

Added Protection for the Mobile Access Border ...................................................... 12

Performance without Compromise .......................................................................... 13

Conclusions ................................................................................................... 13

Security Gateway Recommended for Mobile Access Border Protection ................. 13

Stoke Security eXchange ....................................................................................... 14

References .................................................................................................... 15



Introduction As with any IP-based network, ensuring network security is of paramount importance. This is especially

applicable to today’s LTE wireless networks, which are an all-IP, end-to-end network architecture. Aside from the

obvious security risk of intercepted wireless communications transmitted to and from user equipment (UE), there

are security risks traditionally associated with the fixed line Internet now pertinent to 4G mobile network

operators. This is a significant departure for mobile operators because in prior generations of cellular networks,

security was baked into standard network functions and integral to the whole system. LTE/SAE presents new

challenges in this regard, requiring protection mechanisms at each of the three primary boundaries of the EPC.

Additionally there is a new component in their traditional planning – a security gateway on the RAN-to-Core

boundary (S1), also referred to as the mobile access border.

In the early days of LTE deployments this new security component was often considered late in the system

design phase and suboptimal decisions were often the result. In her paper “Radio-to-core protection in LTE -

The widening role of the security gateway,” Monica Paolini, analyst from Senza Fili Consulting, highlights the

benefits of considering requirements from each of the three phases of LTE evolution when selecting the security

gateway, Moreover, IT and Internet security players are jumping at the chance to reposition multi-purpose

security appliances designed to protect the SGi ( Internet) interface to requirements at mobile access border

(RAN-to-Core / S1 link). While there are some overlapping capabilities between the two, performance

characteristics and lack of focus on requirements specific to the S1 interface can result in a suboptimal decision

indeed if a multi-purpose security appliance is chosen rather than a standalone security gateway.

The purpose of this paper is to clarify the standards around LTE network security, the different security borders

of the mobile network, and delve deeper into the requirements of the Mobile Access Border - the border

between the RAN and the core (S1). This paper also provides an overview of Security eXchange, Stoke’s LTE

security gateway, and presents data points to demonstrate the value of this purpose-built LTE security gateway

solution over multi-purpose security solutions.

LTE Security Defined in the Standards

3GPP High Level Security Architecture

Security is addressed on many different levels by standard development organizations like 3GPP, ITU, ETSI, and

even industry group NGMN. Stoke’s view on the security requirements for LTE networks are the result of

comprehensive study of these standards and recommendations coupled with our company’s focus on the Mobile

Access, Border. This section presents the relevant work from 3GPP and NGMN to define LTE security

requirements which form the foundation for Stoke Security eXchange.

Because security is dealt with on many levels by industry working groups and standards committees, casual

observers can become confused about what requirements are needed and where they apply. In 3GPP EPS/EPC

Security Architecture (3GPP TS 33.401) 3GPP segments the security architecture into five different functional



domains. 3GPP TS 33.401 defines these domains as the following:

1. Network access security – use of USIM to provide secure access for a user to the EPS. Includes mutual

authentication and privacy features.

2. Network domain security – refers to features that allow for secure communications between Evolved

Packet System/Evolved Packet Core (EPS/EPC) nodes in order to protect against attacks on the network.

3. User domain security – securing access to the terminal, e.g. screen lock password, or PIN to enable

USIM usage.

4. Application domain security – security features used by applications, e.g. HTTP.

5. Visibility and configurability of security – features to allow a user to know whether a security feature

is in operation or not, and user-configured control over whether use of a service depends on enabled

security features.

3GPP Principals of Network Domain Security

With the migration from circuit-switched networks to packet-switched networks (GPRS) as well as the use of IP

transport in general, there brings a need to provide enhanced protection to traffic running over these networks

and associated interfaces. 3GPP has therefore developed specifications for how IP-based traffic is to be secured

over the interfaces in the access/transport networks (E-UTRAN), in the core network (EPC), and/or between two

or more core networks.

Emphasizing interfaces in the core network (EPC), Network domain security for IP (NDS/IP) is defined in 3GPP TS

33.210 and outlines the specifications for protecting the IP-based control-plane traffic. A special consideration is

given to the S1-U (user-plane) interface between the E-UTRAN and EPC, an exception in that S1-U is a protected

interface in 3GPP networks. NDS/IP introduces a slightly different concept of security domains, which are

networks that are managed by a single administrative authority; an example being a single telecom network

operator. In practice, an operator’s network is typically divided into multiple security domains, each domain

being a subset of the network that is managed by a single administrative authority. This allows for greater

network control and manageability, and implementation of defense-in-depth network security strategies.

Figure 1 below illustrates the separation of security domains as defined in 3GPP TS 33.210:

Figure 1. 3GPP TS 33.201 NDS/IP Architecture



At the border of the security domain, TS 33.210 specifies the placement of a Security Gateway (SEG) which

functions to concentrate and protect all traffic entering or leaving the security domain. The NE (Network Entity)

represents any network nodes deployed and belonging to the E-UTRAN, EPC, and/or IMS domains, such as an

eNodeB, MME, CSCF, etc.

The NDS/IP framework provides for three types of protection:

x Data origin authentication – protecting a node from receiving packet injection from an unknown or

rogue entity

x Data integrity – protecting data in transit from being modified (man-in-the-middle)

x Data confidentiality – protecting against information theft (eavesdropping)

The method by which the protection mechanisms are implemented is provided via IPsec, specifically IPsec ESP in

tunnel mode, with IKE (Internet Key Exchange) used to setup IPsec security associations between SEGs or

between SEG and NE. IPsec EPS provides for three levels of security protection each with a wide set of available

security algorithms:

x Authentication – provided initially via secure key exchange and mutual authentication between SEGs or

SEG and NE using the IKE protocol, and via the Authentication Header (AH) of the IPsec packets to

ensure per packet authenticity, using SHA-1 for example.

x Integrity – provided via IPsec cryptographic packet hashing mechanisms, for example SHA-1.

x Confidentiality – provided via IPsec cryptographic packet encapsulation, for example AES.

The NDS/IP architecture in Figure 1 is represented in a practical deployment perspective in Figure 2 below:

Figure 2. Practical view of Security Domains in LTE Mobile Network

With this depiction it is easy to see how the conceptual 3GPP NDS/IP architecture is applied to a practical LTE

deployment. In summary,

x Za interface aligns to S8 interface between Home- and Visited-PLMN, or between the Home PGW and

Visited SGW, for example.



x Zb interface aligns with S1 and X2 within the individual operator’s LTE network. Zb applies between NEs

or between NE and SEG in a single security domain that is under the control of a single operator.

x The Zb interface between SEG and EPC-based NE is optional since these nodes are likely collocated in

the same data center or residing on the same private LAN network therefore IPsec and IKE are not

required.

x The NE represents any network nodes deployed and belonging to the E-UTRAN, EPC, and/or IMS

domains, such as an eNodeB, MME, CSCF, etc.

x Security for the EPC-to-Internet connection point (SGi interface) is not within the scope of NDS/IP.

A Practical Technical Specification for Domain Security – H(e)NB Architecture

3GPP TS 32.320 specifies a security framework for the H(e)NB system architecture while implementing the

principals outlined in the NDS/IP security domain specification featured in the previous section. H(e)NBs (3G or

4G Femtocells) are typically located at the customer’s premises, i.e. in the end-user’s home, and the backhaul

typically traverses an unsecured fixed-broadband Internet connection. Because of this, the H(e)NB accesses the

operator’s security domain via the Security Gateway (SEG).

Operationalizing LTE Network Security In the previous sections we reviewed the network security requirements defined by 3GPP for LTE/SAE networks.

In this section we will examine the risks across the different LTE network interfaces and drill into the available

solutions for securing the S1 Interface.

Primary Security Domains

The diagram in Figure 4 depicts a recognizable view of the Home and Visiting LTE/EPC network architecture and

their key network interfaces. Highlighted are the critical areas where distinct network security requirements

demand equally distinct solutions.

Figure 3. Contemporary view of LTE network security domains



Aside from the interface naming, the highlighted areas can be further described or classified as the following

categories:

x Mobile Access Border (RAN-to-EPC / S1)

x Internet Border (EPC-to-Internet / SGi)

x Partner Border (EPC-to-EPC / S8)

Identifying the Risks

Industry and standards bodies, including 3GPP, ITU-T and NGMN have analyzed the threats and risks of each of

the security domains described previously and recommended specific mitigation mechanisms for each domain.

This analysis, including signaling load risks and mitigation identified by Stoke’s primary research with University

of Surrey, is summarized in the figure below.

Security Domain Threats / Risks Mitigation Strategies

Mobile Access

Border

(RAN-to-EPC/

S1)

x Physical AP compromise (primarily for

small cells)

x DDoS from compromised eNB / Small Cell

x User-plane packet injection

x Packet interception (eavesdropping)

x Packet modification (man-in-the-middle)

x Signaling overload

x “3GPP SEG”

x Strong authentication,

authorization

x PKI

x IKEv2

x IPsec ESP

x LTE “S1 Firewall” (GTP, S1-AP)

Internet Border

(EPC-to-Internet/

SGi)

x IP / Port scanning

x EPC IP address exposure

x Unauthorized EPC network access

x Malware / Virus implanted on UE(s)

x DDoS attacks on EPC via SGi

x “Internet Firewall”

x Stateful firewall

x NAT

x DDoS mitigation

x IDS/IPS

x Malware detection / blocking

x Anti-virus scanning / blocking

x Heuristics

Partner Border

(EPC-to-EPC/ S8)

x Home EPC IP address exposure

x IPX network compromise

x “Border GW / Firewall”

x GTP firewall for control- and

user-plane

x NAT

Figure 4. Network security domain risk and mitigation summary

As outlined above, each of the described security domains possesses a unique array of threats or risks,

necessitating an equally unique set of solutions and strategies to minimize or eliminate the persistence and

impact of these threats. Notice that some overlap of solution characterization may occur, so it is important to

understand the differences between them and why specific solutions are targeted at specific security domains.



Comparison of Firewall types: S1 and Internet Firewalls

For example, the term “Firewall” is used in the solution description for both the EPC-RAN security domain, and

the EPC-to-Internet security domain. The “LTE S1 Firewall”, such as the feature set provided by Stoke’s Mobile

Border Agent solution, which is described later, exemplifies a set of stateful packet filtering, or firewall-like

features that are specifically required at the RAN-EPC edge. These features are targeted at the unique set of

protocols that reside on the S1 and between RAN-EPC, such as SCTP, S1-AP, and GTP, and the procedures being

executed, such as SCTP Initialization, UE Attach/Detach Requests, Service Requests, S1/X2 Handover, and others

in order to provide multiple dimensions of protection for the EPC.

Conversely, the “Internet Firewall” comprises set of solution functions which are designed to reside at the border

between the EPC and other external IP networks, such as the Internet. It is here in the EPC-Internet security

domain where features such as Stateful IP Firewall, Intrusion Detection/Prevention, and Network Address

Translation (NAT) are required and can be most effective.

For NAT specifically, the purpose of which is to conceal internal UE and EPC IP addressing from external IP

networks like the Internet, it is wholly impractical to implement this function at the EPC-RAN security domain;

since UE mobility and the fact that the UE IP anchor point (i.e. PDN-GW) resides within the EPC and behind the

RAN-EPC edge, would inherently negate the NAT function and disrupt normal EPC functions.

Choosing the Right Solution for the Mobile Access Border

As described in earlier sections, 3GPP recommends the use of a Security Gateway enabled with IPsec to mitigate

the threats faced on the interfaces between RAN and EPC. However, an operator can choose to enable IPsec

functionality in a number of different network elements:

x Existing EPC node (such as an MME)

x Multi-Service Firewall or Multi-Service Edge Router, or

x Standalone security gateway

IPsec adds overhead to all packets encrypted, but more importantly, places a large processing burden on any

network node required to encrypt or decrypt the packets. The throughput of most multi-service firewall or

routing systems will degrade at least 50% when IPsec is enabled. The performance degradation is even higher

when that same equipment is required to process large volumes of smaller packets (such as with VoLTE.)

Additional hardware can, of course, be added to boost throughput, but this adds equipment costs (CAPEX) as

well as increasing recurring space and power (OPEX) expenses. Below are some details of the various solution

options.

EPC Nodes with SEG

Adding the security function to EPC network nodes (such as the SGW or MME) may appear financially

compelling short-term as it is re-using embedded equipment, but in the long term may greatly overload

capacity on these nodes, reducing performance and available capacity. In particular, relying on the

EPC's security functionality introduces significant processing requirements that can degrade overall EPC

performance, and may not provide the highest possible level of protection. More importantly, expensive



network core capacity may be better utilized for growth or as a hedge against an unexpected surge in

traffic demand, rather than to provide security.

Multi-Service Firewall Solution

Vendors that offer “multi-service” equipment with a broad range of firewall and intrusion prevention

features often include IPsec as a value-added feature. However, these platforms, designed to provide

flexibility for multiple functions are not optimized for the significant challenges of IPsec encryption and

may sacrifice performance to achieve that flexibility. The majority of stateful firewall and intrusion

prevention features these solutions include provide no benefit to operators when applied at the RAN-

EPC edge, because these are not functions that are needed, per 3GPP recommendations. Essentially

operators will be paying for features they cannot use and sacrificing performance that is critically

important.

Multi-Service Router Solution

Similar to multi-service firewalls, many multi-service router vendors provide IPsec as a value-added

feature in their products. Typically this functionality is achieved through the addition of a services blade

which is comprised of generic hardware processors and not optimized to execute heavy crypto-

functions of IPsec. The trade-off operators must make for consolidated functionality are extensive

hardware costs to achieve desired scale and performance, as well as limited growth capability for the

actual IP routing and switching functions that the MSER is designed for, due to service blades occupying

valuable slot real estate in the MSER chassis.

Standalone Security Gateway

A stand-alone gateway, optimized to handle the processing-intensive IPsec functions, can provide the

needed security and aggregation functionality without overloading existing EPC elements or deploying

sub-optimal equipment. From a total cost of ownership (TCO) perspective, the ability to provide

scalability, end-to-end encryption, high power efficiency and better control over OPEX may increasingly

weigh in favor of standalone solutions to address IPsec functions.

Recommended Solutions

Considering the information presented above, Stoke’s recommended deployment architecture and placement of

solution specific network equipment appears as per the diagram below.

Figure 5. Recommended equipment types for each security domain.

HPLMN

Internet

HomeEvolved

Packet Core

IPX

Standalone SEG Border GW

w/ FW

Stateful Firewallw/ NAT



The solution specific recommendation is critical otherwise operators will be constantly dealing with compromise

and trade-offs. The core design principles for the security network element on one interface will sacrifice

performance, capabilities, and/or attention to details on another. For example, an Internet firewall is optimized

for maximum flow capacity and high-rate transactions with perhaps a few VPNs using IPsec only as an add-on

feature. This is the right design decision for the SGi interface, but is not for either S8 or S1. In addition,

selecting one product that is a fit for two or even all three secure interfaces may be possible, but it offers only

false promise. Ultimately the compromises will surface, requiring a disproportionate investment in that network

element or worse, a potential security breach and a wholesale change out.

The table below illustrates the security device and functions for which operators should seek best of breed

performance for each interface requiring security.

Security Domain Recommended Product Functions Provided

Mobile Access

Border

(RAN-to-EPC/

S1)

x Purpose-built, standalone

Security Gateway

x Strong authentication, authorization provided by

IKEv1/v2 and PKI protocols such as CMPv2 and CRLv2

x Full data confidentiality, integrity, and authentication

provided IPsec ESP protocols and crypto algorithms

x LTE S1 Firewall (GTP, S1-AP firewall) for signaling

overload protection

Internet Border

(EPC-to-Internet/

SGi)

x Multi-functional security

platform

x Stateful Firewall

x Network Address Translation (NAT) to protect internal

addressing

x IDS/IPS

x Content filtering

Partner Border

(EPC-to-EPC/ S8)

x Multi-functional Border

Gateway

x GTP firewall for control- and user-plane

x NAT

Figure 6. Recommended product and functions summary.

Looking Forward: Demands are Evolving

VoLTE Increases Capacity Requirements

Best of breed performance in the S1 security gateway will become especially important as operators add VoLTE

into their networks. This is due to the real-time, latency-sensitive nature of voice traffic and the fact that voice is

transmitted in very small packet sizes (64 bytes), which taxes the processing capacity of most gateway

equipment.

Operator and industry data shows that average packet sizes are decreasing due to the growth of high volume /

small packet size 4G applications such as VoLTE and M2M apps. As average packet size decreases, the number

of packets per second at the same volume of traffic increases dramatically. This is important to network element

dimensioning because network elements designed and optimized for a standard Internet traffic mix (IMIX) will



underperform and have a major negative impact to users’ Quality of Experience (QoE).

Small Cells Increase Tunnel Scale Requirements

As we consider the evolution of LTE networks from today’s macro deployments of several thousand or 10s of

thousands of sites to potentially 10s or 100s of thousands more small cells (Pico/Femto) we must consider the

impact to the EPC network architecture, and in the case of this document, the Security Gateway.

The initial impact is obvious – tunnel scale. Each and every access point will have an IPsec tunnel established

with the SEG to provide RAN-EPC security. Even those operators who have initially opted not to deploy a SEG

for their macro LTE RAN backhaul are planning to deploy a SEG to provide security for LTE small cells. The

primary reason is due to the fact that small cells will in most cases leverage unknown backhaul across the

Internet or some other unknown/untrusted backhaul provider network, which presents the same risks to the

operator network as identified earlier in the document.

Security eXchange™ - Stoke's LTE Security Gateway Solution

Purpose-built, Standalone Security Gateway

Stoke’s Security eXchange, provided via the SSX-3000 system, is designed specifically to fulfill the SEG

requirements of the mobile access border. Stoke Security eXchange addresses all the threats identified by 3GPP

and NGMN for the mobile access border (EPC-RAN / S1):

x Physical Attack

x User Plane packet injection

x Packet modification

x Eavesdropping

x DDOS attacks from network or UE

x Unauthorized access

x Compromise of eNodeB Credentials

x User data and user identity privacy attacks

x Attacks on Radio resources and management

The solution recommended by industry organizations is IPsec, plus strong authentication and authorization

mechanisms, namely IKE and PKI. To support this charter from standards, Stoke Security eXchange was built

with a very extensible IPsec solution in both performance and functionality, delivering IPsec functionality at line-

rate performance with high-rate throughput. The Stoke solution intentionally excludes features like stateful

firewall, IDS/IPS, and NAT functions that are unneeded at the Mobile Access Border and would otherwise

compromise IPsec performance.

VoLTE Ready

Stoke is prepared to meet the additional processing challenges of VoLTE. Figure 8 below compares a



representative competitor’s performance to Stoke SSX-3000, at different average packet sizes. With some

competitor equipment, performance (capacity) drops from 80% line rate down to slightly above 40% - a loss of

capacity of almost 50% - when average packet size changes from 512 bytes to 384 bytes.

Figure 7. Impact of voice to IPsec throughput

Small Cells Connectivity

New hardware and software enhancements will allow the Security eXchange to address the demand for small cell

connectivity. The same SSX-3000 plans support for new hardware modules, increasing IPsec tunnel scale to

over 5x current capacity as well as increasing IPsec throughput by over 2x current performance.

Added Protection for the Mobile Access Border

IPsec tunnel scale and throughput are certainly not the only concerns. Stoke predicts that such a drastic

increase in the number LTE access points introduces a corresponding increase in the risk of having compromised

small cells as well as increased network signaling and a greater risk for S1-borne signaling storms. LTE networks

must support a higher degree of growth, change and unpredictability in user equipment (UE), applications,

latency expectations, speed and accelerating signaling and traffic load, than ever previously anticipated. In

response to this trend, Stoke Security eXchange now includes Mobile Border Agent protection.

The Mobile Border Agent is a multi-dimensional software-based entity integrated with the Stoke Security

eXchange. While the Security eXchange still performs the discrete tasks of IPsec tunnel termination, the Mobile

Border Agent works toward protection and optimization goals at the dynamic LTE RAN-EPC border, on behalf of

the operator. Key characteristics of the Mobile Border Agent are:

x Multi-Dimensional Awareness: Continually monitors S1 packets and correlates user plane, control

plane, RAN and session volume, state, and other data to identify anomalies and support network goals.

x Reference Network Model: Maintains a reference model of connected eNodeBs and core elements,

normal network conditions, and threshold parameters that define reporting and action triggers.

x Policy Based Enforcement Action: Enacts specific actions to protect service availability and network



assets, interacting with other EPC elements and network management systems to deploy flood

prevention and network protection policies.

x Data Collection/Reporting: Collects data and reports back to network operators, providing a

comprehensive perspective of the network.

Deeper integration with EPC network elements will allow the Mobile Border Agent to be further enhanced to

dynamically respond to externally triggered events and in order to implement protective policies. Examples of

protective security policies include:

x Message flood prevention

x Malicious endpoint detection

x Enhanced analytics

x Malicious subscriber traffic filtering

Performance without Compromise

Stoke Security eXchange consistently surpasses other LTE Security Gateway providers in all key performance

measurements. Stoke performance has been validated through actual commercial deployments, multiple tier 1

operator trials and tests, and internal QA analysis. Specifically, Stoke SSX-3000 has:

x Highest Throughput: 16 Gbps / RU Highest packets per second: 20.8 million PPS per RU = line rate of

96 Byte packets

x Lowest Latency: <40 microseconds or less (even at small packet sizes)

x Lowest Power: 15W per Gbps of throughput

x High Availability: >99.999% availability, 284 year MTBF

Conclusions

Security Gateway Recommended for Mobile Access Border Protection

LTE/EPC network security covers several distinct domains, each faced with a unique set of security risks and

corresponding solutions in order to mitigate or minimize the impact of those risks being exposed or exploited.

For each of these distinct domains, several standards bodies and well-known industry groups have converged to

make specific and unique recommendations to address each part of the network.

For the Mobile Access Border (RAN-EPC) network security domain, these industry groups have recommended a

purpose-built Security Gateway platform, using IPsec as the encryption protocol combined with strong

authentication and authorization. Other network boundary areas also have been given distinct

recommendations, such as intrusion prevention, network address translation, malware detection, and anti-virus

protection for the EPC to Internet (SGi) interface

While multi-functional platforms may provide similar feature sets, such as IPsec, their underlying design, built to



support a broad spectrum of functionality, forces operators to face trade-offs in terms of performance and cost.

Poor performance increases equipment costs as well as operational costs for maintenance, space, and power. As

operator networks continue to evolve with VoLTE and require even higher throughput, the economic impact of

the initial decision is magnified over time. In addition, these multi-function platforms may not provide other

valuable RAN-EPC functions such as signaling protection and policy based enforcement.

Stoke Security eXchange™

The Stoke Security eXchange, including the Mobile Border Agent software is an evolved security gateway that

extends the 3GPP definition to include expanded functionality to optimize and protect LTE core resources against

signaling events and attacks that can impair or paralyze service. The solution includes several functions that add

a layer of general security at the mobile border and enables enforcement action based on higher layer (S1-AP)

analysis.

The Stoke Security eXchange maintains line rate performance - even performing encryption/decryption functions

at packet transmission rates experienced when average packet sizes drop when supporting key applications like

Voice. This means that the capacity specified for each line card or system does not diminish as the operator

network and services mature and network average packet sizes change. This dramatically simplifies operator

sizing estimates and reduces the requirement to add equipment as the network traffic profile changes over time.

Next generation mobile networks will include a much more complex topology of overlapping LTE access types;

including macro cells, indoor and outdoor small cells, and consumer femto cells, as well as Wi-Fi access points

and shared networks. Stoke Security eXchange with Mobile Border Agent can provide much needed visibility

and control in this fast growing, highly dynamic and critical area of the network.



References

(2012). Security in LTE backhauling. NGMN Alliance.

Lescuyer, P. L. (2008). Evolved Packet System (EPS): The LTE and SAE Evolution of 3G UMTS. West Sussex,

England: John Wiley & Sons Ltd.

Olsson, M. S. (2013). EPC and 4G Packet Networks: Driving the Mobile Broadband Revolution (2nd ed). Oxford,

England: Elsevier.

Paolini, Monica. (2013). Radio-to-core protection in LTE.The widening role of the security gateway. Senza Fili.

Technology

Lte security concepts and design considerations