Showing posts with label IPX. Show all posts
Showing posts with label IPX. Show all posts

Friday, June 22, 2018

5G and IoT Security Update from ETSI Security Week 2018

ETSI Security Week 2018 (link) was held at ETSI's Headquarters in Sophia Antipolis, South of France last week. It covered wide variety of topics including 5G, IoT, Cybersecurity, Middlebox, Distributed Ledger Technology (DLT), etc. As 5G and IoT is of interest to the readers of this blog, I am providing links to the presentations so anyone interested can check them out at leisure.


Before we look at the presentations, what exactly was the point of looking at 5G Security? Here is an explanation from ETSI:

5G phase 1 specifications are now done, and the world is preparing for the arrival of 5G networks. A major design goal of 5G is a high degree of flexibility to better cater for specific needs of actors from outside the telecom sector (e.g. automotive industry, mission-critical organisations). During this workshop, we will review how well 5G networks can provide security for different trust models, security policies, and deployment scenarios – not least for ongoing threats in the IoT world. 5G provides higher flexibility than legacy networks by network slicing and virtualization of functions. The workshop aims to discuss how network slicing could help in fulfilling needs for different users of 5G networks.

5G will allow the use of different authentication methods. This raises many interesting questions. How are these authentication methods supported in devices via the new secure element defined in ETSI SCP, or vendor-specific concepts? How can mission-critical and low-cost IoT use cases coexist side-by-side on the same network?

The 5G promise of higher flexibility is also delivered via its Service-Based Architecture (SBA). SBA provides open 3rd party interfaces to support new business models which allow direct impact on network functions. Another consequence of SBA is a paradigm shift for inter-operator networks: modern APIs will replace legacy signaling protocols between networks. What are the relevant security measures to protect the SBA and all parties involved? What is the role of international carrier networks like IPX in 5G?

Event Objectives
The workshop intends to:

  • Gather different actors involved in the development of 5G, not only telecom, and discuss together how all their views have shaped phase 1 of 5G, to understand how security requirements were met, and what challenges remain;
  • Discuss slicing as a means to implement separate security policies and compartments for independent tenants on the same infrastructure;
  • Give an update of what is happening in 3GPP 5G security;
  • Explain to IoT players what 5G security can (and cannot) do for them, including risks and opportunities related to alternative access credentials;
  • Understand stakeholders' (PMNs, carriers, GSMA, vendors) needs to make SBA both secure and successful. How can SBA tackle existing issues in interconnect networks like fraud, tracking, privacy breaches;
  • Allow vendors to present interesting proposals for open security questions in 5G: secure credential store, firewalling SBA's RESTful APIs;
  • Debate about hot topics such as: IoT security, Slicing security, Privacy, Secure storage and processing and Security of the interconnection network.


So here are the relevant presentations:

Session 1: Input to 5G: Views from Different Stakeholders
Session Chair: Bengt Sahlin, Ericsson

Hardening a Mission Critical Service Using 5G, Peter Haigh, NCSC

Security in the Automotive Electronics Area, Alexios Lekidis, SecurityMatters

Integrating the SIM (iUICC), Adrian Escott, QUALCOMM

Smart Secure Platform, Klaus Vedder, Giesecke & Devrient, ETSI SCP Chairman

Network Slicing, Anne-Marie Praden, Gemalto

Don't build on Sand: Validating the Security Requirements of NFV Infrastructure to Confidently Run Slices, Nicolas Thomas, Fortinet

5G Enhancements to Non-3GPP Access Security, Andreas Kunz, Lenovo

Security and Privacy of IoT in 5G, Marcus Wong, Huawei Technologies

ITU-T activities and Action Plan on 5G Security, Yang Xiaoya, ITU-T SG17

Wrap up: 5G Overview from 3GPP SA3 Perspective and What is There to Be Done for Phase 2, Sander Kievit, TNO


Session 2: Security in 5G Inter-Network Signalling
Session Chair: Stefan Schroeder, T-Systems

Presentation on SBA: Introduction of the Topic and Current Status in SA3, Stefan Schroeder, T-Systems

5G Inter-PLMN Security: The Trade-off Between Security and the Existing IPX Business Model, Ewout Pronk, KPN on behalf of GSMA Diameter End to End Security Subgroup

Secure Interworking Between Networks in 5G Service Based Architecture, Silke Holtmanns, Nokia Bell Labs

Security Best Practises using RESTful APIs, Sven Walther, CA Technologies

Identifying and Managing the Issues around 5G Interconnect Security, Stephen Buck, Evolved Intelligence

Zero Trust Security Posture in 5G Architecture, Galina Pildush, Palo Alto Networks (Missing)


Session 1 & 2 Workshop Wrap up: 5G Phase 1 Conclusions and Outlook Towards Phase 2 - Stefan Schroeder, T-Systems and Bengt Sahlin, Ericsson


Session 5: Benefits and Challenges of 5G and IoT From a Security Perspective
Session Chair: Arthur van der Wees, Arthur's Legal

Setting the Scene, Franck Boissière, European Commission

ENISA's View on Security Implications of IoT and 5G, Apostolos Malatras, ENISA

Smart City Aspects, Bram Reinders, Institute for Future of Living

The Network Operators Perspective on IoT Security, Ian Smith, GSMA


Related Links:

Friday, October 7, 2016

Whats up with VoLTE Roaming?

I have been covering the LTE Voice Summit for last couple of years (see here: 2015 & 2014) but this year I wont be around unfortunately. Anyway, I am sure there will be many interesting discussions. From my point of view, the 2 topics that have been widely discussed is roaming and VoWiFi.

One of the criticisms of VoWiFi is that it does not the QoS aspect is missing, which makes VoLTE special. In a recent post, I looked at the QoS in VoWiFi issue. If you haven't seen it, see here.

Coming back to VoLTE roaming, I came across this recent presentation by Orange.
This suggests that S8HR is a bad idea, the focus should be on LBO. For anyone who is not aware of the details of S8HR & LBO, please see my earlier blog post here. What this presentation suggests is to use LBO with no MTR (Mobile Termination Rates) but instead use TAP (Transferred Account Procedures). The presentation is embedded below:



Another approach that is not discussed too much but seems to be the norm at the moment is the use of IP eXchange (IPX). I also came across this other panel discussion on the topic


IPX is already in use for data roaming today and acts as a hub between different operators helping to solve inter-operability issues and mediating between roaming models. It can work out based on the calling and callee party what kind of quality and approach to use.

Here is the summary of the panel discussion:



Hopefully the LTE Voice Summit next week will provide some more insights. I look forward to hearing them.

Blog posts on related topics:

Sunday, November 1, 2015

Quick Summary of LTE Voice Summit 2015 (#LTEVoice)

Last year's summary of the LTE voice summit was very much appreciated so I have created one this year too.

The status of VoLTE can be very well summarised as can be seen in the image above.
‘VoLTE network deployment is the one of the most difficult project ever, the implementation complexity and workload is unparalleled in history’ - China Mobile group vice-president Mr.Liu Aili
Surprisingly, not many presentations were shared so I have gone back to the tweets and the pictures I took to compile this report. You may want to download the PDF from slideshare to be able to see the links. Hope you find it useful.



Related links:

Monday, June 23, 2014

LTE Roaming using IPX


A very interesting presentation from Raphaël Glatt of Bics in the Signalling Focus Day of LTE World Summit 2014. IPX is probably the most popular solution as its already being used by many operators for roaming agreements. Anyway, his presentation was the most detailed one I have come across and he was happy to share it with me for this blog. His complete presentation is embedded below:



Friday, April 18, 2014

International LTE Data and VoLTE Roaming - NTT Docomo


Quick recap of the Bearer Architecture: Remember the interface between S-GW and P-GW is known as S5/S8. S5 in case the S-GW and P-GW are part of the same network (non-roaming case) and S8 in case where P-GW belongs to another network than S-GW (roaming case). The S5/S8 interfaces are generally exactly the same. There is a possibility of different types of S5/S8 interfaces like GTP based and PMIP based but lets not discuss that here.

NTT Docomo published an excellent article in their magazine recently showing the different approaches to International Data roaming.


The different scenarios above are based on the guidelines provided in GSMA PRD IR.88. Each operator has to adopt one of the scenarios above, NTT Docomo has selected scenario 4. The Home PLMN (HPLMN) and the Visited PLMN (VPLMN) connect via IP eXchange (IPX).


As can be seen above, the MME in VPLMN communicates with HSS in HPLMN using Diameter Edge Agent (DEA).



Finally, it is well known that NTT Docomo is not launching VoLTE untill 2015. The above is their proposal on how they handle VoLTE while in Japan and when roaming.

The paper is an interesting read, embedded below:



Another article worth a read is the VoLTE roaming with RAVEL here.

Friday, June 1, 2012

On LTE Roaming ...

The IP eXchange (IPX) is used for data when the users roam between different networks. GPRS Roaming eXchange (GRX) is a service within IPX. One of the main areas of discussion within the LTE World Summit 2012 in the Signalling Focus day was roaming on LTE. Different vendors have different proposals and solutions; couple of them are as follows:



Interesting to see that iBasis has proposed LTE Signalling eXchange (LSX) as a way forward.

A presentation from Acme Packet (for an earlier conference) has interesting VoLTE roaming options proposal.

Finally, while everyone was focussing on LTE-LTE roaming, only Diametriq was looking at LTE-LTE/3G/2G Roaming. The relevant part of their presentation is embedded below.
Happy to hear more on this topic if anyone else wants to contribute. Please feel free to add comments.

Wednesday, May 23, 2012

#LTEWS: Highlights and Pictures of Signalling day from 8th LTE World Summit



I got a chance to attend the 'Handling the Surge in Signalling Traffic Focus day' at the LTE World Summit. In fact I got this opportunity through Diametriq, who were the sponsors of this event and were kind enough to provide me a free pass :) As a result, they get a little plug below.




We got off to a flying start with an Introduction to the need of Signaling followed by a brilliant presentation by Martin Pineiro from Telecom Personal, Argentina.


This was the only presentation that looked at the Access Network Signalling. All other presentations focussed on Diameter signaling. Telecom Personal have 4 carriers, 1 is used for 3G and other 3 for GSM.


Above is their revenue share for different services. The data services really took off for them when they offered a flat rate if 1 peso per day for unlimited data.


Their average dongle data consumption is 2GB/month and average smartphone is 200MB/month.


They do have a simple definition of Smartphone, which is a device that produces 10+ packet connections per day. The device that is most popular in their network is Motorola and Apple devices produce highest data load but their comparison of devices from different manufacturers showed they all produced similar signalling traffic. 

One final point highlighted was that OS & Apps are not part of test and certification so we should get better understanding of that to help avoid signalling overload in future.

Ron de Lange from Tekelec was up next:


Interesting to hear that they are 40 year old company with 300+ customers in 100+ countries.



There is a shift coming in the usage plans with multi access roaming. Some sessions will go over WiFi and some over the mobile network. Plans with OTT allowance are already here and will be more common. There may be opportunity for end users to earn allowance as part of loyalty scheme. The main thing for operator to think is how to get a revenue share from advertisement.



Diameter 2.0 is coming. The signalling storms, if not handled properly can cause disruption (congestion) internationally, if the interconnect is not handled properly.

Next up was Ben Volkow, F5 Traffix:

Today we use Diameter 1.0, tomorrow it would be Diameter 2.0. Diamater 2.0 us "nervous system" approach.


Diamater is much less predictable than SS7 but this could be because of Immaturity of Diameter.


Real networks like the one above is out in the field. An example of n/w is one with 140 point to point connections.


DRA (Diameter Routing Agent) is a new topology introduced by 3GPP and DEA (Diameter Edge Agent) was introduced by GSMA.


The network does not want to spend million of dollars in one go so they start by deploying individual components first and then depending on the use cases this scales up as they add more components.

Next up was the Panel Discussion:


Key points:
  • Diameter is first protocol that has dedicated vendors offering monetisation of protocol as well
  • Early operators would have deployed Diameter 1.0 so they can evolve by putting DRA for one use case and so on.
  • When operators want to monetise using diameter, the signalling problems may become worse
  • Adding VoLTE may increase Diameter Signalling by 3 times
  • What is meant by monetisation of Diamater is that in SS7, the focus was on reliability, etc. but in Diameter, the operators can leverage PCRF and as a result monetisation. A new use case can also be a OTT proxy that can leverage advertisement revenue. 
  • The forecast for Diameter is couple of 100 million for this year and growing. There are many components including Router, Roaming, Charging, Security, Interconnect capability, Aggregating relationships with small carriers and OTT service providers, etc.


Next up was Marjan Mursec of Telecom Slovenia

Some interesting facts from them is that they have a public WLAN n/w, GSM with EDGE as fallback and have rolled out HD voice. Their Data usage surpasses voice and Voice and SMS is still growing as can be seen below.



Above shows the data usage increase after they rolled out all you can eat package. They were then forced to introduce fair usage policy.

Their upgrade paths include RAN, Core, Backhaul.


They think they have a big signalling challenge over S1-MME interface. One wrong configured user is sending 4 requests/second. 12,500 users can be enough to reach congestion (ZG: Maybe they should look at PDP Context Parking). Over the S1-U interface, Narrowband users can send 50 packets/sec. 40,000 users at 13.6kbps can saturate the network and the routers will be overloaded.

Next up was Ajay Joseph from iBasis:


Interesting to see that GRX is a service in IPX above.


I think the main point of above is that Diameter by itself is not enough and a mechanism like IPX is required for roaming scenario.


For LTE a new service called LTE Signalling exchange (LSX) can be created within IPX. iBasis has just launched Sandbox for testing Roaming, Charging, Interoperability, etc.

Will LSX bring the roaming costs down? Its operators call but it does provide a foundation and in the next 2-3 years, data roaming costs should come down dramatically.

It should be noted that GRX is an IP network without QoS. Its a service within IPX. Security is also a service within IPX and GSMA based compliance should be there for proper and secure interoperability.

Voice over IPX is not of much interest, especially because there is no return of investment and HD voice cant be send over IP.

Next up was Douglas Ranalli from NetNumber:

His slides are self explanatory




One question during Q&A was, why not put this functionality in the cloud and avoid complexity of having another physical box in the system. The answer was that CDRB is implemented to be compliant with cloud deployment but operators have not yet taken this step. The customers are deploying physical boxes but shared infrastructure would be much more efficient.

Next up was Doug Alston from Sprint:



Next up was Anjan Ghosal from Diametriq:






Everyone is talking about LTE-LTE roaming but there is a need for LTE-3G and LTE-2G so some translation may be required between Diameter and SS7.


Diametriq provides a single platform for signalling between any service (2G/3G/4G) and possibility to enhance.

Next up was another Panel Discussion:


One observation is made is that as compared to the ITM Optimisation event, where the operators were more worried about the OTT players eroding revenues, the focus here was that how Diameter can help monetise the OTT services,

Next up was Edward Gubbins from Current Analysis:




The Final presentation was from Julius Mueller from Fraunhofer FOKUS:




As usual, Dimitris Mavrakis was up to the mark and chaired the whole day very well.

To end an enjoyable day even better, iBasis invited the attendees for drinks on the Hilton Terrace, which is next to CCIB and complemented the drinks with some delicious Tapas as can be seen below :)






E&OE. In case if have misheard, misquoted, etc. please feel free to correct me via comments in this post.

For all the action from LTE World Summit for the next 2 days, please follow twitter #LTEWS.

Please let me know by using the voting buttons below if you found it useful or not.