While Long Term Evolution (LTE) networks bring the promise of relieving traffic jams for mobile operators, they also entail new security risks.
Three items caught my eye in Deloitte’s document TMT (Technology media, Telecommunication) predictions for 2013. According to Deloitte, one billion smartphones will be shipped in 2013; Long Term Evolution (LTE) subscribers will triple; and more than 90 percent of user-generated passwords will be vulnerable to hacking in a matter of seconds.
Put differently, mobile carriers will continue struggling with the data traffic generated by smartphones; LTE networks’ fast mobile broadband will assist handling the exploding traffic; and as for security – mobile operators will have to learn how to handle the new threats. New Advanced Persistent Threats (APT) are emerging and mobile carriers and mobile user will find themselves struggling with similar APTs that we see at Enterprises today.
Nevertheless, password vulnerability is only one of many security challenges operators must face with mobile networks.
Six Security Risk with Data-Rich Mobile Networks
LTE, also known as mobile network 4th generation (4G), provides a solid infrastructure to deliver advanced, content-rich applications in real-time. Here are six security challenges that must be addressed to take advantage of LTE’s speed.
Always-on connectivity. The always-on connectivity of mobile networks is a catalyst to new mobile multi-vector threats. Not only are the core elements targeted as potential attack victims, but customers and their device endpoints are also considered targets at any given moment.
All-IP networks. As an all-IP network, LTE provides a superior service experience. However, this also leaves the radio and core elements such as MME, SGW and eNodeB exposed to threats from the Internet and from end customers.
LTE architecture. LTE is designed to collect traffic from multiple heterogeneous access types to the LTE evolved packet core (EPC). Traffic may arrive from WiMax, Wi-Fi offload solutions, FEMTO cells, and from legacy 2.5G and 3G networks. All such external traffic may risk network availability.
Mobile app stores. Mobile app stores provide over 600,000 different applications for a range of smart phones. A malware or bot attack on an app store can spread swiftly and attack multiple entities: end customer devices, the mobile operator network (via DDoS attacks, DNS and application-level attacks), and enterprise networks (using BYOD trends).
Application and protocols. The vast variety of applications and protocols to which LTE networks are exposed means that in addition to TCP- or HTTP-based attacks, other types of threats must be addressed - control-plane attacks such as SIP related attacks (SPAM over Internet Telephony), invite floods, DIAMETER attacks, signaling storms, AVP normalization, MMS attacks, and DNS attacks, etc.
Lack of security standards. The lack of security standards or the absence of reference architectural framework leaves LTE networks exposed to a variety of attacks with no ability to identify and mitigate evolving mobile threats.
Adopting a More Comprehensive Security Strategy
To protect the network from overload and declining quality of service, mobile operators should consider adopting a new security approach - one that provides full visibility into subscriber behavior and applications, and enables responding in real-time to both known and unknown attacks. Not a trivial task with millions of subscribers.
More specifically, such a security approach would involve several key characteristics:
Detection. The core of a solution requires identifying abnormal client activity beyond normal thresholds in order to block malicious actions. Each network source-based flow must be automatically scored and compared to a network baseline, using evaluation parameters such as average connection per user, per application, or per user agent; connection length; connection errors, and more. Moreover, reputation based engine can provide additional information during the detection phase by identifying bad reputation websites and known ‘Command & Control’ sites where mobile apps might be infected with malware and viruses; thus preventing from the mobile apps to access those malicious content.
Characterization and classification. Abnormal activity must then be characterized, while distinguishing between different customers and applications. Why? Because the abnormal activity of one type of user or application may be considered legitimate traffic for another customer or another application. One relevant technology for both detection and classification of behavior is fuzzy logic, as it enables drawing definite conclusions from ambiguous or imprecise information. It can eliminate false positives, and create an adaptive expert system that requires minimal human intervention for the configuration of rules. Additionally, suspicious mobile apps should run on virtual sandbox whenever a suspicious activity is encountered to validate the legitimacy of the application.
Mitigation. In the mobile network context, both known and unknown attacks can be expected. Known attacks are usually characterized by a well-defined content signature that can be used to remove the threat quickly. However, when the attack is unknown (zero-minute attack), no signature exists. To block the attack, the behavioral-based security solution should be able to automatically create an attack signature using the parameters of the ongoing anomaly, and enforce counter measure actions to accurately mitigate the attack, without impacting legitimate users.
For Long Term Evolution networks not to fall short on security, mobile operators must realize the increased threats from malware, fraud, distributed denial of service (DDoS) attacks and many other attacks, and adopt more comprehensive and innovative security strategies.