Webinar: Security for Mobile

Broadband.
New threats, new opportunities
• Patrick Donegan, senior analyst, Heavy Reading
• Christopher Flynn, head of security sales Europe, Nokia Networks

Nov 11th, 2014

1 © Nokia Solutions and Networks 2014

Agenda

• Heavy Reading’s mobile network security data-points

• Recent security attacks
• EU legislation changes and security implications
• Evolution of M2M and IoT security
• Overview of potential threats to mobile networks
• Security threats in LTE networks
• Protecting the packet core from internet borne threats (Gi interface)
• Protecting the network from threats originating from the roaming interface
• Protecting the subscriber and the network
• Cloud security challenges
• Nokia´s security strategy

2 © Nokia Solutions and Networks 2014

Heavy Reading’s Mobile Network Security Data-points
20% of mobile operators
suffered more than 3 DDoS attacks
per month on their infrastructure in
2013 – up from 8% in 2012.
60% of mobile operators
suffered an hour long outage arising
from from malicious attacks in 2013
3
49% of mobile operators
stated that protection of subscriber
data privacy is their #1 security
priority
~15 million smartphones
infected with malware
The penetration rate is increasing
steadily
Mobile operators consider
themselves “1st among
equals” in security
Followed by app developers,
infrastructure & OS vendors
75% of mobile operators
think that smartphone vendors need
to do more to secure devices
Recent security attacks Feb. 3, 2014
June 16, 2014

Feb. 01, 2014

March 20, 2013

Sept. 16, 2014

Belgacom Attack: Britain's GCHQ

4 © Nokia Solutions and Networks 2014
Hacked Belgian Telecoms Sept 2013
A cyber attack on Belgacom raised considerable attention last week.
Documents leaked by Edward Snowden and seen by SPIEGEL indicate
that Britain's GCHQ intelligence agency was responsible for the attack.
Documents from the archive of whistleblower Edward Snowden indicate that
Britain's GCHQ intelligence service was behind a cyber attack against
Belgacom, a partly state-owned Belgian telecoms company. A "top secret"
Government Communications Headquarters (GCHQ) presentation seen by
SPIEGEL indicate that the goal of project, conducted under the codename
"Operation Socialist," was "to enable better exploitation of Belgacom" and to
improve understanding of the provider's infrastructure.
EU legislation changes and security implications
NIS Directive
• Scope
− Critical National Infrastructure:
− Telecommunications, Energy, Finance, Healthcare
• Proposal
− Member states are required to adopt a national
strategy that sets out concrete policy and regulatory
measures to maintain a level of network and
information security
− Mandate information sharing
− Mandate compulsory reporting of security incidents
− To be determined: Penalties for non compliance
• Status
− Approved by the European Parliament in 2014
− Approval by the European Council expected early
2015
− To be transposed to national legislation within 18
months
5 © Nokia Solutions and Networks 2014
Data Protection Regulation
• Scope
− Applies to EU and those who process EU citizens
data
− Driving for consistency across EU, one set of rules
− Companies >250 employees
• Proposal
− Notify national authorities within a timely manner –
within 72 hours of breach
− Up to 5% (Euro 100M capped) of global financial T/O
for serious offences where best practice is not
implemented
• Status
− Final agreement on the Regulation from both the
Parliament and the Council most likely in 2015.
− Regulation is directly applicable law in all Member
States and national legislation cannot deviate from it
 Data Security Is A Top Concern

6
Security In Traditional Closed M2M Models

Heavy Reading’s Four “R”s

• Simple of Closed M2M Models

• Closed • Reactive
• Security built in
• Restrictive
• Little customization
• Reporting of data
• Security a cost
• Re-use of security

7
Security In New Open M2M & IoT Models

• New authentication A new security model

• Auto-discovery
based on “COPS”

• Cloud • Control-oriented
• Third party apps
• Open
• Analytics

• Differentiated data • Proactive

sharing
• Secure vs new threats
• Threat detection

8
Potential threats to mobile networks

Radio network OSS Billing & IMS SDM

domain Charging

Attacks with
physical access to Core network
eNodeB
Insider attacks
or human
Attacks with errors
physical access to
the transport
IP based
network
attacks from
external IP Internet
Attacks through networks
mobile devices
Attacks from other
mobile networks

Wifi Roaming VAS 3rd party

Interface service
(GRX/IPX) provider

9 © Nokia Solutions and Networks 2014

Security threats in LTE networks
The flat all-IP architecture requires greater attention to security

Unauthorized access to operator network, base station and mobile core Protected inside
Eavesdropping on subscriber data trusted buildings
Injection of malicious traffic (signaling & user plane)
Denial of service attacks against mobile core and security

Transport network Core network

Unprotected backhaul

eNB Microwave GGSN / SAE-GW

Traffic protected by
3G protocol
BTS RNC SGSN / MME

10 © Nokia Solutions and Networks 2014

 Security in LTE networks is becoming a key differentiator

• S1/X2 encryption
LTE Cell Sites With IPSec LTE Cell Sites Without IPSec
3 500 000
• Regional macro trends
3 000 000
• Security differentiator

Global # of LTE Sites

2 500 000
• PKI authentication
2 000 000
• Vendor - agnostic
authentication 1 500 000

• Small cell trends 1 000 000

• Increasing adoption 500 000

0
2012 2013 2014 2015 2016 2017

12
Gi/SGi Firewall
Protecting the packet core from internet borne threats

• Denial of Service attack

• Eavesdropping
• Theft of subscriber data External VAS
provider
• Compromise of network
elements
• Manipulation of network SGI domain
INTERNET
S-GW PGW
configuration

SGI FW BGW

corporate PDN

DoS (Denial of Logical Value added CGNAT

Service) systems services

13 © Nokia Solutions and Networks 2014

DDoS attack volumes are increasing

% OF ALL OPERATORS 2013 % OF ALL OPERATORS 2012

• Conduit/Target
Never 13% 11 %

• Enterprise and consumer

A few attacks per year 34% 50%
impacts

• Malign and benign causes 1- 2 attacks per month 9% 10%

• Shift to application layer 3-5 attacks per month 6% 4%

• Multi-vector 6-10 attacks per month 8% 3%

• Inadequate visibility into More than 10 attacks

per month
6% 1%
traffic streams
Don’t know 23% 20%

100%
TOTAL 100%

14
 “How often do DDoS attacks on your company's
mobile network originate from the following sources?”

The number of
DDoS attacks
impacting the
mobile network
is increasing.

Source: Heavy Reading’s Annual Mobile Network Security Survey October 2013
15
 “How often do DDoS attacks on your company's
mobile network originate from the following sources?”

Today most
attacks originate
from the Gi /SGi
interface

More attacks
should be
expected from
the RAN

16 Source: Heavy Reading’s Annual Mobile Network Security Survey October 2013
Security for the GRX interface
Architecture

Security components:
Next Generation Perimeter Firewall
S-GW DNS H-PCRF HSS
• Infrastructure & service protection SGi
• IPX interconnect eNodeB

• Security functions consolidation

MME PDN-GW
• Protecting S8/Gp reference points

Home network
Visited network
IPX / GRX Internet

S6a

MME S6d S9 SGi

S8
eNodeB
S-GW SGSN V-PCRF

17 © Nokia Solutions and Networks 2014

GRX network vulnerability
UK’s Government Communications Headquarters (GCHQ) hacking
Belgacom’s BICS

Non-telco servers (email, Web, file sharing, FTP, Telnet!) are connected on the roaming network

18 © Nokia Solutions and Networks 2014

Gi/Gp secure DNS
DNS services – secure, scalable and cost effective

OAM Domain
IMS Domain VAS Domain

IP PBX
OSS FW
IMS FW
VAS FW
GP domain
GI domain
BGW
GN GI
SGSN

GP DNS GI FW
GP
GP FW GI DNS
SGSN
DNS64
Corporate PDN
BGW

DCS
CG-SSO FW
GRX network

Charging/supporting
services domain
Other PLMN Other PLMN

CGW

19 © Nokia Solutions and Networks 2014

Operators are in a unique position to protect the subscriber & the network

Threats:

Premium SMS fraud Web and messaging malware Spam BotNets

Monitor security threats,
e.g. infected subscribers, most
active malware, affected devices
Detect: Correlate traffic patterns
from telco network with malware
patterns from:
• Malware intelligence database
• Self-learned patterns
Mitigate: Minimize impact by
applying automated actions, e.g.:
• Inform subscriber (SMS)
• Block value added services

Radio Core

GSM/3G/LTE SGSN GGSN SMSC

20 © Nokia Solutions and Networks 2014

Cloud computing is one of the key new technology priorities for operators
Cost saving, agility & flexibility are a plus but associated with security risks!

Efficient use of hardware and Automation of solution All of these benefits

reduced power consumption deployments introduce a new set of
security risks, specific to
cloud & virtualization!

CAPEX reduction OPEX reduction

Flexibility to scale up, scale ETSI standardization of telco
down or evolve services cloud through Network
Function Virtualization (NFV)

Greater flexibility Standardization Security risks!

21 © Nokia Solutions and Networks 2014

New security threats specific to telco cloud
Key driver is the virtualization & logical separation

Hypervisor is an attractive Intra VM & intra-compute Unsolicited provisioning of fake

target as multiple NFV’s blades traffic is generally applications
access it. invisible to traditional security
inspections
Compromise will bring all
running NFV’s down.
Bypass traffic Orchestrator
inspection threats
Access to sensitive
subscriber and application
Inter-VM Integrity and Intrusion DoS attack on virtual
data.
attacks networking layer, data
interception

Hypervisor Unprotected
attack virtual NF DoS attack
22 © Nokia Solutions and Networks 2014
Security is a critical factor for mobile broadband networks
The Nokia security strategy

Dedicated security Drive standardization Differentiation

business line and support open source
initiatives • 1st to market with
operator-specific security
architecture
Enrich security portfolio Expand ecosystem with
with own and partner best-in-class partners to • Best knowhow in networks,
products/services create value services and traffic behavior
• Security tightly integrated in
Design Nokia products Nokia Security Center for Nokia product and service
for security & privacy excellence and knowledge portfolio
exchange

23 © Nokia Solutions and Networks 2014

Nokia is the market leader in secure operator networks

Security projects Security certifications Security equipment

world-wide – from held by our experts installed in operator
design to support networks

500+ 350+ 4000+

Commercial LTE Global presence, fostered Active role in
networks secured by a dedicated global establishing key security
expert pool standards

No. 1 10+
24 © Nokia Solutions and Networks 2014
Nokia products designed for security & privacy

Design for security Security Fault

vulnerability management
Feature screening
• Security & privacy threat & risk analysis monitoring process

Systems engineering
• Security & privacy requirements
• Security architecture specification

Development Vulnerability
• Secure coding
• Product hardening information from
public sources
Integration & verification
• Security & privacy compliance testing

25 © Nokia Solutions and Networks 2014

Nokia Security Center
Who is visiting us?
• Nokia customers and prospects
• Government/ Ministries (e.g. German Government)
• Press/ Journalists (e.g. telco magazines)
• Universities (e.g. Technical University Berlin)
• R&D Institutes (e.g. Heinrich Hertz Institute)
What can we demonstrate?
• Security threat scenarios
• Live security solution demos
26 © Nokia Solutions and Networks 2014
The lab:
• Complete onsite mobile network infrastructure
• Security solutions with Nokia and partner products
• End-to-end solution testing in real mobile network
environment including integration into OSS
• Qualified availability, performance and scalability
• Perform test series with customer specific
configurations and traffic patterns
• Close interaction with Nokia & 3rd party R&D
departments
Closing statement

(1)“… there are now only two

types of companies left in the
United States: those that
have been hacked and those
that don’t know they’ve been
hacked.”

NY Times

27 © Nokia Solutions and Networks 2014

28 © Nokia Solutions and Networks 2014