SECURING THE MOBILE NETWORK

Transcription

1 AVIAT NETWORKS SECURING THE MOBILE NETWORK BY LOUIS SCIALABBA, AVIAT NETWORKS SOLUTIONS MARKETING

2 TABLE OF CONTENTS Introduction... 3 Impact of an Unsecure Mobile Network... 3 Benefits of Secure Mobile Networks... 4 Importance of Securing the Microwave Network... 4 Definition of Security Enforcement... 5 ITU-T X.800 Threats Model... 5 Physical Site and Equipment Security... 6 Secure Management... 6 Centralized user management... 6 Payload Encryption G and 3G Network Security G Mobile Network Security... 7 Solutions for LTE Microwave Backhaul Segments... 8 Customer Use Case... 9 MTN Ghana use of RADIUS... 9 Summary...10 Page 2

3 INTRODUCTION In an era of ubiquitous broadband communication at work and home, the issue of security in mobile backhaul is more important than ever. The new generation of LTE wireless technology is an enabler for applications such as mobile commerce, voice over IP (VoIP), and high-definition video delivery to smartphones, but it has also opened some sinkholes in the foundation that pre-lte architectures and applications have established. This white paper discusses the burgeoning need for Security in Mobile Backhaul in terms of benefits to MNOs and society. IMPACT OF AN UNSECURE MOBILE NETWORK Security incidents can have severe consequences for mobile operators. Short-term public relations hiccups can be dealt with, but over the long-term, carriers are subject to subscriber churn, which can significantly influence profitability. Softpedia.com cited a study performed by Opinion Matters, whereby it was determined that 75 percent of smartphone users in the UK would likely change mobile providers if a security breach occurred on their current network. Aside from technology drivers, the public concern over personal privacy and governmental preoccupation with national security are both mandating Mobile Network Operators (MNOs) to protect information confidentiality, integrity, and availability. In addition to subscriber churn, MNOs can face litigation and legal problems, especially when a security breach affects enterprise service. The economic impact can be several hundred of thousands or even millions of dollars. In a report presented by McAfee at the World Economic Forum, it was found that over half of 600 IT executives surveyed have suffered large-scale incidents that have associated downtime costs of over $6.5 Million per day. The type of data-at-risk includes commercial information, such as patents, software code, and designs, as well as employee records. In such cases, MNOs must defend against both the enterprise and individuals who have been victimized. A heist of Intellectual Property (IP) could have a costly effect on a corporation, especially if the subject matter is innovative but easily replicated in the marketplace. Governments are getting involved, mandating that carriers abide by security legislation specially intended for telecommunication service providers. In the European Union, EU directive 2009/140/EC, article 13a, requires operators to take steps to provide uninterrupted and secure transmission of voice and data over EU telecommunications infrastructure. Operators are also required to report security incidents so the effectiveness of their controls can be measured. At the national level, security over mobile networks or, in fact, any Internet access can have massive impacts on international relations. One example was the 2009 attack on Silicon Valley companies. In an article on csoononline.com, the alleged perpetrators of the breach were described as Chinese hackers, who exploited a weakness to gain access to Google's internal network, while Google admitted that some of its intellectual property had been stolen and that it would soon cease operations in China. Page 3

4 The impact of that event has had far-reaching consequences in the technology industry and political relations between the United States and China. Dating back to March 2005 is arguably the most infamous and criminal mobile network breach of all time, the scandal dubbed The Athens Affair by writers Vassilis Prevelakis and Diomidis Spinellis. In that security breach on the Vodafone Greece mobile network, equipment was illegally accessed and software was implanted in switching centers and later downloaded directly to cellphones, allowing for unlawful tapping of potentially incriminating phone conversations among targeted Vodafone subscribers, including sitting ministers of the government. It was a highly sophisticated hacking of the network that most carriers could not prevent; however one reason Vodafone received scathing publicity was because it purportedly mishandled informative system log files a function that could have been prevented by more robust security mechanism. Two years after the incident, Vodafone was fined $76 million. BENEFITS OF SECURE MOBILE NETWORKS The old adage that prevention is the best medicine certainly applies to security. The rewards certainly outweigh the risks. Every year MNOs are judged by companies such as J.D. Power and Consumer Reports on the level of satisfaction by their customers. Consistently high rankings help MNOs establish a trusted brand for their service offering. Strength in branding is one element of customer retention and lower overall subscriber churn. Strong brand value supports higher Average Revenue Per User (ARPU). It is one thing for a customer to shrug off an unusually high wait time for a technical support call; it is another for a customer to feel violated that his voice and data transactions on the network were compromised because the operator failed to take preventative measures. Security breaches lead to negative PR, which leads to degradation of customer trust, which ultimately leads to a tainted brand, higher churn and lower profits. All the effort a corporation endures to build strong brand value can easily be offset by just one security breach IMPORTANCE OF SECURING THE MICROWAVE NETWORK The use of microwave for mobile backhaul has long been the technology of choice around the world due to its low overall Total Cost of Ownership (TCO), flexibility and high reliability. Microwave backhaul for macro cell sites has accounted for over half of all backhaul technologies combined, including fiber and copper-based solutions. The abundant presence of microwave puts security concerns in the forefront for those who manage the network and customers on it. In 2013, Infonetics Research published the results of a Global Survey on Microwave Strategies and Vendor Leadership. In it, operators were asked to rank the importance of different microwave product features in terms of influence on purchasing decisions. Like the prior year, Management Interface Security ranked very high No. 4 overall, ahead of popular items like 1024 QAM, QoS, and MIMO. This priority is suggesting an awareness of security issues in microwave connections, according to the report s findings. Page 4

5 Microwave is usually part of a larger network of connected elements in a backhaul design. As such, it is important that security concerns do not make it a weak link in the chain. Specific security threats to microwave equipment can include misconfiguration and/or tampering of provisioning information, whether by malicious intruders or disgruntled employees. In fact, studies have shown that percent of all hacking activities are perpetrated by "insiders" or people with physical access to the equipment. Additionally, operators may carry critical traffic for government and financial institutions and other critical traffic across their microwave equipment. Such traffic has strict security requirements traversing all points in the network. Lastly, the migration from TDM to IP as part of the evolution from 2G to 3G and 4G has opened the microwave segment of the backhaul to security concerns stemming from the distributed nature of IP networks. DEFINITION OF SECURITY ENFORCEMENT The Next Generation Mobile Network (NGMN) organization has defined five classes of threats for the mobile network, as depicted in the illustration below. The threats include Destruction, Corruption, Removal, Disclosure and Interruption of information. Critical management and data traffic over unsecured networks means some form of encryption may be needed, beyond just physical equipment and site security. This applies to both microwave and fiber networks. ITU-T X.800 THREATS MODEL Page 5

6 MNOs can fend off these threats by implementing different types of security mechanisms. These mechanisms include: PHYSICAL SITE AND EQUIPMENT SECURITY Whether it is a macro base station tower or an emerging small cell on a busy urban street lamp, devices such as radios, switches and routers can be tampered with if some level of equipment protection is not provided. Many devices include telemetry features that will alert or alarm the network operator if a port card, control unit, backup battery or fan is removed, and typically specialized card pullers and screws are used to keep the network element protected. Additionally, tamper-evident labels can be used to detect intrusions. SECURE MANAGEMENT Secure Management is about securing access and control of the microwave radio. Messages sent from the Network Operations Center (NOC) to the radio are protected and not subject to compromise or malicious spoofing by unauthorized users. Secure Management also protects against accidental or unintentional misconfiguration of the network. Secure Management adds several layers of security and should be implemented in a manner that is FIPS Level 2 compliant. FIPS validation is required whenever encryption is specified in any US Federal procurement RFP. CENTRALIZED USER MANAGEMENT Radius is one mechanism that can be used to create centralized user management of a network. Radius includes Authentication, Authorization and Accounting of remote user accounts. It greatly simplifies and expedites changes to user account characteristics. Radius also allows for password enforcement and complexity rules to be tailored to individual organizations according to company policy. PAYLOAD ENCRYPTION There are various forms of payload encryption, one being IPSec (Internet Protocol Security). IPSec requires agent authentication and the sharing of cryptography keys for each packet exchanged during a security session. IPSec has its challenges in mobile networks, namely cost and complexity of implementation and a tight coupling with IPV6. In the microwave radio domain, payload encryption can be achieved using AES encryption on both management and data traffic. This prevents eavesdropping on wireless communications, as any snooping along the transmission path between links or in the transmitter s vicinity will only receive a garbled transmission. At a minimum, radios should support AES encryption and 128- or 256-bit symmetric keys, via a randomly generated encryption combination. These combinations are created and negotiated between links using industrystandard key agreement methods, which supports modulo of at least 2048 bits. Payload Encryption should be implemented in compliance with FIPS- 197, which provides the definition for AES encryption. AES is commonly regarded as one of the leading worldwide encryption schemes accepted by the most demanding entities such as US Government and US Military. Page 6

7 2G AND 3G NETWORK SECURITY GSM networks provided a step-functional increase in security capabilities versus early AMPS and TACS analog cellular technology. Because GSM is a digital technology, it is able to use a speech-coding algorithm as well as authentication and encryption mechanisms. David Margrave, in his paper GSM Security and Encryption explains that included in the design of the GSM authentication and encryption schemes is that sensitive information is never transmitted over the radio channel. This is because a challengeresponse technique is built into the GSM authentication function. Conversations are encrypted with a temporary, randomly generated ciphering key which is issued by the network and may be changed periodically (i.e. during hand-offs) for additional security. A5/1 is the name of the stream cipher that was used to provide early GSM communication privacy, but it ultimately proved to be vulnerable over time and had several documented attacks on a global scale. A5/3, or KASUMI, was used in 3G systems, designed specifically for 3GPP for the UMTS standard, but it also was broken by cipher attacks over the last decade. Nevertheless, the native encryption in 3G networks helped the security cause in the path starting from the handset to the base station to the Radio Network Controller (RNC). The flatter network architecture of 4G, in a sense, is a step backwards in security. 4G MOBILE NETWORK SECURITY In LTE, RNC functionality is in the enodeb, meaning that native encryption terminates at the base station (see LTE reference diagram below). As a result, and according to NGMN, some functions previously in the controller (BSC and RNC respectively) move directly into the enodeb, exposing the service and the underlying packet backhaul network to potential security threats. The X2 interface has the potential to increase the propagation and scale of security attacks. Especially of concern is the use case of shared backhaul or converged network infrastructure, for example, as in a Fixed- Mobile Converged (FMC) network. The panacea from 3GPP for the security gap in LTE was intended to be IPsec. IPSec would require secure tunnels from the enodeb to the Evolved Packet Core, with termination of those tunnels in a Security Gateway (S- GW). However, operators globally have pause when it comes to rampant IPSec deployment. Patrick Donegan, Heavy Reading analyst, in a public report conducted on behalf of Radisys, agrees and explains that, many operators are initially limiting their IPsec deployment to specific cases, such as where backhaul is leased or in the case of physically vulnerable small cells. Also, Donegan points out that operators are still waiting for ecosystem vendors to widely support the IPv6 protocol, and MNOs would prefer to wait for IPv6 before spending time and money on IPSec, the implementation of which is intimately coupled with IPv4 and/or IPv6. A case can be made for implementing payload encryption on backhaul links, especially in microwave radio backhaul links that are in wide use around the world. Payload encryption could give operators a few years to work out the business case for IPSec, particularly if their microwave backhaul gear already has encryption capability built in and all is needed is a software license. Page 7

8 3G &LTE Network Architectures SOLUTIONS FOR LTE MICROWAVE BACKHAUL SEGMENTS Secure Management offers secure management access to Aviat Eclipse Packet Node radios over unsecured networks. Secure Management features dictate who can access the network, the privileges of those users, and visibility they are allowed, all while encrypting all traffic and offering layered protection against multiple types of attacks. In the case of a breach of any layer, Secure Management also provides rich forensic capabilities for post incident analysis. Additionally, the Security Event Logger feature records all management activity for increased accountability and improved troubleshooting and root cause analysis. Payload Encryption secures wireless data and in-band and out-of-band management traffic. With Secure Management and Payload encryption working together as a depth strategy, even data that might ride on overhead channels (e.g. site management devices) is secure. The Strong Security suite from Aviat Networks offers solutions for wireless communications protection with options for Secure Management, Payload Encryption and integrated RADIUS capability. Integrated RADIUS capability enables authentication, authorization and accounting of remote user accounts. Hacker-deterrent features include Mechanized Attack Prevention, password complexity and minimization and encrypting of information kept in the radio. Page 8

9 Access control protection helps ensure proper privileges for employees, especially new hires, contractors, and lower skilled employees. For Local Access this includes: Identity-based authentication Identity-based privileges Security warning banners Access control lists Automatic Session timeout Disabling unused ports and unsecured protocols and backdoors Encryption and caching of user accounts For Remote Access this includes: Secure tunneling (TLS) Disabling of unsecure protocols (e.g., Telnet) Secure software download (HTTPS) Closure of all engineering backdoors Finally, in the Network Operations Center (NOC), SNMPv3, NMS Access control lists, encrypted remote backup and secured system log are provided to better enforce security mechanisms from a centralized point of control. CUSTOMER USE CASE MTN Ghana is the largest mobile communications provider in Ghana. With a constant flow of new service subscribers, network security is vital. Long-time users of Aviat Networks radios, MTN Ghana has used Aviat Eclipse since 2007 for its network backbone and 3.5G access management, benefitting from reliability and easy migration from TDM to Ethernet. However, with growth comes occasional traffic and equipment disturbances in the network, and MTN Ghana looked to Aviat to make sure disturbances were not a result of security incidents. Traditionally, US federal government and military agencies and their contractors are the primary users of high-level security solutions. Their networks must be compliant per Federal Information Process Standards FIPS for management and FIPS-197 for data payload encryption. Because of the extensive validation and testing regimen that vendors must go through for their products, mobile and enterprise operators are embracing these standards. MTN GHANA USE OF RADIUS Eclipse radios use both AAA and RADIUS. MTN Ghana has several thousand microwave sites and has decided to prioritize deployment of AAA and RADIUS in key sites along the backbone. Secure Management using AAA/RADIUS with Element Management System ProVision has improved the availability and visibility of the wireless network. In particular, network visibility into Ghana s capital city, Accra, has increased tremendously, allowing a reduction in staff hours of workers who previously needed to visit remote sites in the field. Troubleshooting has become simple and fast, as the nodes are visible from one central location. MTN Ghana adds Aviat Networks implemented their Secure Management AAA system with RADIUS to control physical access to the equipment. Through RADIUS, rigorous Password Authentication is implemented to Page 9

10 mitigate unauthorized access to the equipment on site. This has assisted MTN Ghana to ensure those who access the equipment are both authorized to do so, and qualified to do the work permitted by the specific set of rights assigned to them within the Secure framework. Securing the Backbone in MTN Ghana: the backbone network of thousands of microwave radio links connects a nation. SUMMARY Security is a necessary function for both users and providers of mobile networks. Mobile network security involves several aspects, from physical site security to data encryption to secure management interfaces. The evolution of mobile networks to a flatter LTE architecture has uncovered some challenges in the security domain. Secure management is perhaps the most effective and simple method to employ, especially in microwave backhaul segments. Aviat Networks provides a full suite of security mechanisms for its microwave product portfolio a key enabler of reliable backhaul functionality around the world. Although many mobile operators may not appreciate the need for network security today, it will likely be required throughout all portions of the network over time, with microwave transport being a critical segment. Aviat Networks, Inc All Rights Reserved. Subject to change without notice. wp_securing_mobntwk_univ_17sep13 Page 10