NGN-Insights - Home
Why You Should Care About Mobile Security
Uday Mudoi, Vitesse Semiconductor
OCT 07, 2014 01:37 AM
A+ A A-

A recent WIRED article claimed that millennials don’t care about mobile security. But like it or not, the fact is that that security in mobile networks is a growing concern, and clearly an issue that’s not going away anytime soon. As my colleague, Martin Nuss, pointed out in a panel discussion at CTIA Super Mobility Week last month, the explosion in 4G networks driven by small cell deployment, coupled with the tremendous growth in BYOD, has created a global IT security threat that needs urgent attention.

In some cases, security is something you want because it’s an obvious thing. For example, your data is in the cloud and you obviously want it to be secure. In other cases, like the healthcare industry, it’s a “must have” and there’s no question of whether you “should” have it or not. Some people call it the “Snowden effect.” At the end of the day, security has become much more of a focal point than ever before and we’re seeing the corresponding demand for stronger security mechanisms.

The reality is that the small cell base stations needed for LTE and LTE-A capacity improvements are inherently less secure simply due to their accessibility – at street-level, on the side of a building, on a lamppost, etc. Additionally, backhaul for small cells may occur over third-party access provider networks with different security standards than the wireless operator. This means that small cells themselves must be authenticated on the service provider network, with traffic encrypted over the third-party access provider network back to the service provider.

Looking at wireless technologies as a whole, there is IPsec, a Layer 3 IP-level security, commonly used in base stations. An important alternative, especially when you move out to the network edge densely populated with small cells, is MACsec (IEEE 802.1AE), which operates at Layer 2. The beauty of MACsec operating at Layer 2 is that it doesn’t require a lot of processing to do the security. Eliminating the processor reduces cost, power and size, all of which are highly critical to small cells. With small cells, if you’re trying to install on a traffic light or at the top of a lamppost, you want the smallest unit possible that can be powered remotely and consumes as little power as possible. This is an important opex consideration for service providers, especially as small cells continue to proliferate in wireless networks.

I’m often asked whether MACsec would replace IPsec and really the answer is that they’re very complementary. MACsec enhances IPsec on two levels: for example, if there’s network equipment where IPsec has become too costly or overly power hungry, the service provider can convert it to one that’s purely MACsec-based. Secondly, when you extend the wireless network to the small cell level, the link between the small cell and central office doesn’t have to be IPsec, it can be MACsec only.

The important thing to remember with small cells is that, as a service provider, you want the smallest unit possible that can be powered remotely and consumes as little power as possible. As I mentioned previously, MACsec Layer 2 encryption is ideal for small cells, since it doesn’t require an external processor and thereby reduces cost, power and size of the small cell unit itself. The trick, however, lies in making sure that the encryption works without disrupting the network timing to the small cell, or vice versa, for that matter.

What we’ve seen is that encryption, by definition, actually increases the size of the packet that you’re encrypting because you have to add the extra information about the encryption. Consequently, you’re introducing variable delay components up to the 200ns range, which will wreak havoc on wireless network timing – which translates, of course, to call drops or your live videoconference stream being disrupted, etc.

Encryption and timing accuracy are usually incompatible. This poses the obvious dilemma for service providers on how to secure cell backhaul without disrupting the network timing to the small cell. While the industry really hasn’t hashed out how timing and encryption should work together, fortunately, there are modern flow-based implementations of MACsec make ‘secure 1588’ for small cells possible. We believe these newer Ethernet-based technologies may well pose a more cost-effective and far better alternative for small cell deployments than IPSec. 

[%= name %]
[%= createDate %]
[%= comment %]
Share this:
Please login to enter a comment:

Computing Now Blogs
Business Intelligence
by Keith Peterson
Cloud Computing
A Cloud Blog: by Irena Bojanova
The Clear Cloud: by STC Cloud Computing
Computing Careers: by Lori Cameron
Display Technologies
Enterprise Solutions
Enterprise Thinking: by Josh Greenbaum
Healthcare Technologies
The Doctor Is In: Dr. Keith W. Vrbicky
Heterogeneous Systems
Hot Topics
NealNotes: by Neal Leavitt
Industry Trends
Internet Of Things
Sensing IoT: by Irena Bojanova