Operators starting to plug LTE backhaul's security gap

LTE transmissions have a massive security vulnerability in that backhaul traffic from the eNodeB to the IP core is unencrypted. Some operators have begun implementing IPsec to address this issue, but many have not because IPsec use is optional.

According to Patrick Donegan, senior analyst at Heavy Reading, top European mobile operators are adopting IPsec to address the LTE backhaul security issue, but their carrier brethren in the United States and South Korea have been slow to recognize the need. Among the top IPsec boosters is Deutsche Telekom, which introduced IPsec with its LTE launch in Germany at 700 MHz and is now extending IPsec adoption to its European affiliates, wrote Donegan in a column for Light Reading.

Only 15 percent of the world's LTE cell sites will support IPsec at the end of 2013, but Heavy Reading predicts that will grow to 35 percent at the end of 2015, and to 53 percent by the end of 2017.

One factor helping drive this expected growth in IPsec adoption is the threat of increased hacker attention to mobile networks, Donegan said.

IPsec is a new need for operators, as backhaul traffic in 3G networks was encrypted. The IPsec protocols were defined by the Internet Engineering Task Force (IETF) to provide end-to-end security that can protect IP networks and protect higher-layer applications.

Capex and opex fears have prevented some LTE operators from investing in IPsec, Donegan indicated. While the capex issue remains, recent European deployments are allaying fears regarding high opex and the potential negative impact on network performance.

European operators are typically deploying a single IPsec tunnel instantiated at the eNode B, and then kept in service permanently. Such deployments "are showing a minimal impact on latency, allowing operators to keep well within the 20-30 millisecond targets that are key to LTE's core value proposition," Donegan said.

LTE networks are subject to numerous other security issues as well. In a column for FierceWireless last year, Monica Paolini, founder and president of Senza Fili Consulting, wrote that the adoption of LTE, with its flatter IP-based architecture and the prevalence of data traffic over voice traffic, "is changing the security environment in mobile networks more profoundly."

For more:
- see this Light Reading article

Related articles:
Paolini: Malicious attacks can threaten mobile networks
IP networking: Building value through network subscriber and application awareness