Marcus Wong

Similar documents
Experimental Analysis of the Femtocell Location Verification Techniques

Securing emerging wireless networks and services

Femtocells as a Tool for Data Off-Load November 18 th 2010 CDG-Femto Forum Live Webinar: How Femtocells are Enhancing CDMA Networks

Alcatel-Lucent Small Cells-Femto. FEMTO RPEC Team

Small Cells- Innovation for Wireless networks

Home-Mobile. The Cast Devices. The Cast Network Related (2) The Cast Network Related. Voice over IP (VoIP) Dr. Hayden Kwok-Hay So

Improving 4G coverage and capacity indoors and at hotspots with LTE femtocells. White Paper

One LTE, Multiple Spectrums and Rich Services Ultra Mobile Broadband

Femtocell: Femtostep to the Holy Grail

Agile Controller-Campus V100R002C10. Permission Control Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

FEMTOCELL WITH RELAYS TO ENHANCE THE MACROCELL BACKHAUL BANDWIDTH

Cisco ASR 5000 Series Small Cell Gateway

2001, Cisco Systems, Inc. All rights reserved. Copyright 2001, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.

Advanced Security Measures for Clients and Servers

Achieving End-to-End Security in the Internet of Things (IoT)

Entire contents 2013 Mobile Experts LLC. Reproduction of this publication in any form without prior written permission is strictly forbidden and will

Building a Global Leader

What is Eavedropping?

Wireless LAN Security (RM12/2002)

ETSI TS V ( ) Technical Specification

Exploring the potential of Mobile Connect: From authentication to identity and attribute sharing. Janne Jutila, Head of Business Development, GSMA

3GPP security. Valtteri Niemi 3GPP SA3 (Security) chairman Nokia

LS100 Series Residential Femtocell

M2M in the Real World: Security Best Practices and Lessons Learned

Handover between Macrocell and Femtocell for UMTS based Networks

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Opportunities and Challenges in India s Growing Computing and Wireless Broadband Market

Addressing Femtocell Integration Challenges

Femtocells : Inexpensive devices to test UMTS security

IPv6 deployment (challenges) for mobile

IPv6 Transition Technology

Mobile WiMAX Security

How To deploy IoT Gloablly

Evolved Backhaul and Transport Critical for Service Innovation and Data Profitability. Director, Backhaul Solutions Juniper Networks

Trusted Computing Today: Benefits and Solutions

Aerohive and IntelliGO End-to-End Security for devices on your network

Eudemon 1000E. Eudemon 1000E Series Product Quick Reference. Huawei Technologies Co., Ltd.

A NEW MODEL FOR AUTHENTICATION

Implementing Security in Windows 2003 Network (70-299)

Naresh Soni CTO, InterDigital

CDMA450 - a low frequency radio based broadband solution in Värmland

SMALL CELLS: AN INTRODUCTION Strategic White Paper

Leveraging Wi-Fi Calling To Reduced Operator Costs and Improve the Customer Experience

GRAMEENPHONE LTD. Dilip Pal, CFO

Multiband Capacity utilization Compact design SMALL CELL SOLUTION

Wireless 20/20. Business Case for MulteFire Technology. February 27, 2018

CIS Controls Measures and Metrics for Version 7

300Mbps Wireless N VDSL/ADSL Modem Router

3GPP TS V ( )

Industrial Control System Security white paper

3GPP security hot topics: LTE/SAE and Home (e)nb

Digital Payments Security Discussion Secure Element (SE) vs Host Card Emulation (HCE) 15 October Frazier D. Evans

Traffic Offloading and Load Balancing to Enable Cloud Computing Connectivity

No required additional monthly fees just use the wireless minutes and data from your existing plan.

Securing Wireless LANs with Certificate Services

Corning SpiderCloud SCRN-250 Radio Node for Enterprise Radio Access Network (E-RAN)

BYOD: BRING YOUR OWN DEVICE.

IPSec Network Applications

Make the most of Mobile Broadband - an enabler of the digital economy and sustainable society

BEST PRACTICES IN JOINT USE. Erik Nelson March 21, 2018 RMEL Distribution Overhead and Underground Operations and Maintenance Conference

Wi-Fi Security for Next Generation Connectivity. Perry Correll Aerohive, Wi-Fi Alliance member October 2018

Addressing Current and Future Wireless Demand

ETSI CTI Plugtests Report ( ) The 1st UMTS FemtoCell Plugfest; Sophia Antipolis, France; March 2010

CIS Controls Measures and Metrics for Version 7

Copyright 2011 Nomadix, Inc. All Rights Reserved Agoura Road Suite 102 Agoura Hills CA USA White Paper

Security+ SY0-501 Study Guide Table of Contents

5G Network Slicing and Convergence. Maria Cuevas, Head of core network and services research BT plc

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

A Survey on Femtocells: Benefits Deployment Models and Proposed Solutions

WNRT-627. Data Sheet. Europe/ ETSI: 2.412~2.472GHz (13 Channels) Japan/ TELEC: 2.412~2.484GHz (14 Channels) RF Power.

Enablers for Mobile Broadband Wireless Access

LTE Backhaul Considerations. June 25,

DMARC Continuing to enable trust between brand owners and receivers

COPYRIGHTED MATERIAL. Introduction. Harri Holma and Antti Toskala. 1.1 WCDMA technology and deployment status

Huawei 1.9GHz LTE TDD Solutions in China

Layer 2 authentication on VoIP phones (802.1x)

Aruba Instant

Table of Contents. Conclusion

Cisco Universal Wi-Fi Solution 7.0

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

M2MD Communications Gateway: fast, secure, efficient

Novel Signaling Scheme for 1x CDMA based Femtocell Networks

E3-E4 (CM MODULE) WiMAX OVERVIEW & BSNL WiMAX PROJECT

Transmission Solution for Small-Cell Base Stations White Paper

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Commonly Asked Questions for 4G Rates 1. What are the available 4G Combo Mobile plans To see our complete range of plans, please click here.

PCI DSS Compliance. White Paper Parallels Remote Application Server

Wireless technologies Testers. WLAN traffic offload bypass for crowded mobile networks

Link Security Considerations in the. Enterprise

Mobile Broadband Wireless: Path toward 4G

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council

Network Security and Cryptography. December Sample Exam Marking Scheme

User Scenarios. Francisco Hernández GMV Soluciones Globales Internet (SGI) DESEREC Dependability Security by Enhanced Reconfigurability

Internet Platform Management. We have covered a wide array of Intel Active Management Technology. Chapter12

METERS AND MORE: Beyond the Meter

Taking Over Telecom Networks

Connect Broadband Fibre Residential

Cisco Universal Small Cell 8838

ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS

CompTIA E2C Security+ (2008 Edition) Exam Exam.

Transcription:

Security Implications and Considerations for Femtocells Marcus Wong mwong@huawei.com www.huawei.com HUAWEI TECHNOLOGIES Co., Ltd.

Agenda Introduction Architecture Latest attack Overview Threats and attacks Security Requirements Security Considerations Femto Success Stories Q&A HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 2

Femtocell Commercial Deployments UK Portugal France Spain Greece Qatar China Japan USA Singapore launched AIRAVE (CDMA) at Sep, 2007 launched 3G MicroCell at Mar, 2010 launched Wireless Network extender at Jan, 2009 UK(July/09), ES (June/10), GR (July/10), QATAR launched 3G INN at Nov,2009 launched HomeZone at Nov,2008 launched it at Jan, 2009 launched CallZone at Oct, 2009 launched MyArea at Nov, 2009 launched Sinal ON at Jan, 2010 launch Home 3G at Nov, 2009 launch au Femtocell at 1st of July, 2010 significant growth over the next few years, reaching just under 49 million femtocell access points in the market by 2014. (source: Informa) HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 3

Architecture DNS AAA Server/HSS Core network IP network UE Femto AP SeGW Femto GW FMS FMS Femto AP : home-based base station Low cost solution to extends operator network (~$100 / unit vs several $k for larger cells) Provides new services with higher data rate at relatively lower cost 3GPP terminology for FAP = HNB (UMTS) or HeNB (SAE/LTE) Vulnerable to attacks (e.g. traditional-ip based attacks and accidental hackers) Requires IP connectivity Connects to home-based or small office-based IP network Accesses operator core via insecure connections Operates at licensed spectrum Accommodates different billing models Depending on ownership of FAP: subsidy-based or traditional billing HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 4

Recent Attack What happened? XXX s early 2009 BSR 9356 model using Picochip PC202 Admin interface not disabled inside the case Root password used to gain access to console disabled firewall and changed configurations Damage listening on conversations change to open mode CSG use in unauthorized areas HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 5

Threats and Attacks User Data Physical and attacks identity on privacy a Femto attacks Protocol attacks on a Femto DNS AAA Server/HSS Core network IP network UE Femto AP SeGW Attacks on Radio resources and management Femto GW FMS Compromise Configuration of Femto attacks Credentials on a Femto FMS Attacks on the core network HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 6

Femto Security Requirements Strong credentials, authentications, confidentiality, and integrity Secure backhaul link to the operator core network Secure Access Control Protection for clock signaling and synchronization Location verification and authentication Local interface protection Tamper proof platform Firewall and high layer protection Secure configuration, software, firmware download Remediation and recovery User data and privacy protection HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 7

Authentication Considerations Who and what to authenticate MS (i.e. subscription) vs User ( owner of Femto)) Device Authentication Need to authenticate equipment physically located in user premise Additional risk for being located in user accessible location Device credential either PSK or certificate Subscription Authentication Subscription depending on operator model, may not be tied to billing SIM-based credentials for simpler subscription management Combined authentication Binding device/subscription id and/or credential Local or network binding further limit usage of Femto HLR FAP Subscription Device Combined Authentication ISP Network SEGW FMS HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 8

Secure Backhaul Considerations Insecure backhaul between Femto and SeGW over public IP network SeGW is single point of entry into a private operator network Mutually authentication alone is insufficient Link should be secure as well (e.g. HTTP vs HTTPS) as robust Secure tunnel is a MUST for this link May need separate tunnels for control/user/management traffic better security and better QoS handling IPsec or TLS can be used Benefits of IPsec outweighs the overhead associated FAP Public IP Network IPSec Tunnel IPSec Tunnel TLS Tunnel Wireless CORE SeGW FMS HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 9

Location Security Considerations Femto assumed to be fixed in location Users generally not allowed to relocate Femto to another location Maybe based on billing/charging arrangement Need to satisfy regulatory requirement (e.g. E911, spectrum license) Not 100% precise, but close enough Location Authentication Femto-based GPS or A-GPS Cost of Femto increases Femto IP IP assigned by internet service provider shared with the wireless operator Femto + macro cell Femto within neighboring macro cell coverage area Femto IP + MS MS maybe GPS-equipped Home Domain CN may provide location service to UE Only works if/after MS attaches to Femto Fixed Access FAP MODEM DSLAM BRAS SGW AS DHCP Location 1 Location 2 Wireless Core FMS HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 10

System Security Considerations Femto Platform Physical Security Trusted Environment provide root of trust for the femto device Trending toward TPM (Trusted Platform Module) technology Access Control ACL (Access Control List) List of MS allowed to access a particular Femto Can be black or white Management of ACL by owner or operator CSG (Closed Subscriber Group) List of cells or Femtos a MS is allowed to access UE and CN need to maintain CSG list Clock Signaling Protection needed for vital Femto functions, such as device-certificate based authentication (e.g. checking expired certificates) Synchronization with either macro cell or Clock Server in IP network HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 11

Other Security Considerations FMS (Femto Management System) Protects software and configuration download IPSec for traffic going through SeGW TSL for direct connection to FAP Minimize/Eliminate Local Interfaces Protect internals of FAP Maintain integrity of configuration and/or software Prevent accidental attack Prevents attacks cascading to CN via FAP Firewall Necessary protection for Common IP-based attacks (DoS, scanning, spoofing, etc.) Attacks coming from backhaul HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 12

Nation-wide Femto networks deployment Challenges and Needs Grasp new 3G users Second large operator; lauched 3G UMTS in 09Q1 and iphone in 09Q3 Poor Indoor Coverage Heavy MBB traffic load after iphone shipment Tian Jin University Solution and Benefits SPD Bank Huawei s E2E femto solution covered 18 provinces platform ready for commercial launch, 11 pre-commercial site, 1 commercial case Resolved 3G fast-deployment problem, accelerated 3G applications. Deployed following subscribers needs, accurately coverage and billing through customer authentication Hubei Yangtze Rive Maritime Safety Administration HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 13

Aiming at High value SME Customers SingTel brings You Easier Office with CallZone! Free Calls Talk and Surf Convenience HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 14

Aiming at High value users and improve coverage Vodafone Greece: Consumer Market 150. If ARPU > 40, free If 20 < ARPU < 40, 75 Vodafone Spain: Business market 15 per month. branded 'Voz y Datos Premium Oficina Vodafone,' Best Friend of iphone HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 15

High Speed Home MBB for StarHub O&M Centre GGSN IP AG AP Business Plan of Starhub Brand: HomeZone Monthly rental: $16.05 Contract period: 12 months AP replacement: $ 369.15 Global 1st commercial mobile broadband network with Femto cell in Starhub HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 16

SINAL ON to improve end user s experience HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 17

Marcus Wong mwong@huawei.com www.huawei.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback