Subscribe
About

LTE is here

As mobile networks move to IP technology, security challenges crop up yet again.

Siphiwe Nelwamondo
By Siphiwe Nelwamondo, technical marketing manager with Aviat Networks.
Johannesburg, 20 Sep 2013

With LTE-enabled devices having recently crossed the 1 000-models-available threshold, handsets and even tablets are finding their way to subscribers in parts of Africa. Also, LTE roll-outs are beginning to pick up the pace, with six networks now operating commercially, connecting customers with voice and data services, and another three in various stages of deployment across Africa.

However, along with better coverage and higher throughput, LTE also brings some not-as-bright elements - security concerns.

With its reliance on IP technology, LTE is subject to all the underlying vulnerabilities of IP. Compared to TDM (time division multiplexing) and some 3G predecessors, LTE communications can be more susceptible to having voice conversations tapped and data uploads/downloads read, manipulated or corrupted. In addition, management of LTE networks could be compromised through weak security.

It is with these limitations of LTE's native security that customer-centric mobile operators are examining what can be done to assure their subscribers that critical telecom usage (eg, M-Pesa, mobile money) is as protected as possible.

Reinforcements

Because the majority of mobile operators in Africa utilise microwave radio communications to transmit calls and user throughput between cell sites, and to and from central office terminations of wireless networks, fortifying the protection of telecommunications on these network segments can go a long way towards securing customer voice and data. But, just how can a form of strong security for microwave communications bolster LTE protection? I believe an effective strategy for strong security should be based on:

* Payload encryption
* Secure management
* Access control

While LTE operators are just becoming aware of heightened protection of wireless communications, historically, security measures have been regularly employed by government and defence agencies and by the financial services industry to protect sensitive information.

As more government, defence, finance and other wireless traffic that previously travelled exclusively on private networks begins to traverse publicly accessible LTE networks, operators will need to move to higher levels of security, because it has strict security requirements traversing all points in the network.

Based on my experience with these types of traffic, I can say the same security principles that apply to sensitive throughput can also be applicable to today's wider world of wireless communications.

I'll look briefly at each of these strong security concepts, and then expand on them individually in succeeding Industry Insights.

Payload encryption

Both popular and scholarly publications have been rife with stories of how easy it has become to tap into mobile calls. For example, the GSM code has been ineffective arguably since a hack was announced in September 2009. With GSM encryption broken, degraded or bypassed, mobile calls and text messages can be monitored and diverted by snooping parties. This can happen even before they get to the base station. Once calls and messages are in the LTE backhaul, in many cases, no encryption is applied at all.

In the past, hackers would have had to purchase - or by other means obtain - radio equipment identical to what they wanted to hijack. This was not an obstacle for those intent on espionage, but it put it beyond the means of the run-of-the-mill hacker. Even if the hacking was not beyond the average hacker's technical abilities, it was beyond his economic capabilities. Now hackers have access to advanced devices that help them tap into private networks.

Secure management

Another aspect of microwave security encompasses how secure the management of the network is. Even if the payload of an LTE microwave backhaul network is secure, the management may not be, allowing hackers or other malefactors to drop or kill traffic.

Unsecure management channels can allow them to create mismatched frequency settings between radios, reconfigure circuitry or reroute payload. For example, there was an instance where unauthorised users took control of a motorised antenna and repeatedly sent instructions for the motor to adjust the position of the antenna, eventually draining the batteries for the entire site. However, with the shift to IP-based LTE networks, hackers are finding ways to wreak havoc on backhaul networks from their tablets, smartphones and other mobile devices.

Both popular and scholarly publications have been rife with stories of how easy it has become to tap into mobile calls.

Additionally, most microwave misconfigurations - intentional and unintentional - result from acts by personnel inside the operator firewall. However, a secure management solution would enable centralised, sophisticated permissions granting to limit who can configure microwave radios and to what extent. And a security event logging feature could record all management activity for improved accountability, troubleshooting and root-cause analysis.

Access control

Access control of the LTE microwave backhaul is also a concern. It is critical that only authorised personnel log onto the administration of a microwave network. Like many computerised systems, microwave radios are set up with some basic logon procedures.

Oftentimes, the logon screen will not look dissimilar to the typical Windows or Macintosh machine. There will be a dialogue box for username and password. However, unlike the typical computer, a microwave radio's graphical user interface is not logged onto that often. Therefore, as per human nature, the usernames and passwords can become all too predictable.

"Root" and "admin" and "123456" and "password" are very popular as usernames and passwords, respectively, according to one security study. A "mechanised" or "dictionary" attack can randomly generate username-and-password combinations and succeed in unlawfully logging onto a radio on this premise: that the logon will be subject to people being creatures of habit. Thus, there must be a way for microwave network administration to enforce hard-to-guess username/password policy.

Another aspect to access control is the issue of the level of control. It is also essential to control what each legitimate user is allowed to perform once logged on - to prevent voluntary and involuntary damaging actions. Not only must users be limited to their area of responsibility and knowledge, and avoid involuntary commands that could damage the network, but also reserve critical activity for designated key personnel (eg, cryptography officers).

Delving deeper

While some of the security concerns relating to LTE seem disturbing, all is not lost. By implementing the aforementioned tripartite strong security strategy, LTE networks can be enjoy highly protected voice and data exchanges on their critical backhaul connections.

For the first prong of this strategy, next month's Industry Insight will take a closer look at how microwave radio payload encryption can help secure an LTE network.

Share