The latest advances in wireless cellular technologies are bringing to our connected life a renewed appetite for content consumption. The availability of smarter and ever powerful end-user devices combined with the proliferation of mobile applications are pushing mobile network operators to race for newer and faster mobile networks leveraging the freshly standardized fourth generation Long Term Evolution (4G LTE) network. 4G LTE networks started to go live late 2011 and as of today more than 140 networks are operational worldwide, forecasting to hit 240 worldwide operators by the end of 2013 (according to Global mobile Suppliers Association). With uplink speeds up to 100Mbits and downlink speeds up to 50Mbits, 4G LTE offers to end-users high data rate communications at low, medium and high mobility. 4G LTE is set to be the reference standard for cellular communications unifying the quite fragmented worldwide technology landscape.
However, in this exciting and highly dynamic context, mobile network operators are quite cautious about investment spending and operational costs. With the enhancement of the technology boundaries, the availability of small footprint and low cost radio equipment, called small cells, opens the door for new use cases and deployment scenarios. Therefore, mobile network operators aim at increasing wireless bandwidth while reducing the overall deployment costs. Mixed deployments of traditional macro cells with next generation small cells (located in public and physically accessible environments) offer an optimal, scalable and long-term solution to address the ever increasing data explosion of the wireless broadband Internet. Cell size reduction is not the only way to cost reduction. The Internet Protocol (IP) up to now mostly used in the Internet world is today a key building block of the 4G LTE network. In fact end-user devices, radio access network elements and core network components are interconnected and managed via well-known IP protocols (e.g. IPv4, IPv6, UDP, SCTP, GTP, DIAMETER, SIP) standardized by the Internet Engineering Task Force (IETF) and publicly available to the Internet community.
He/she who talks openly can potentially address a wide range of auditors and not necessarily the audience intended. In this sense we are witnessing a shift in the traditional telecom paradigm. From hierarchical network deployments and a plethora of proprietary protocols (i.e. SS7) we are now moving into an open, IP-based and flat access/core network. The old walled garden is falling apart bringing new players to the game; hackers among others. Malware, mobile phishing, DoS, DDoS, port scanning, pen-testing, spoofing, poisoning, hijacking, replay attacks, are just a few examples of a large set of possible attacks. In addition, the physical access to key components of the network (e.g. metro cells) adds new variables to the security equation mobile network operators are requested to solve.
The way to address these security issues is yet to be understood as well as the risks they imply. What is clear, however, is that isolated solutions have serious shortcomings. As an example, antivirus choices for mobile handsets are becoming more common, counteracting malware or phishing activities. While this is an important issue to address, there might be complementary technologies to detect and prevent such activities from happening (e.g. profiling of users to detect suspicious use of the network). Such new technologies can then be deployed in areas other than in mobile devices. In other words, what the market will demand in the near future are end-to-end approach combining solutions at the different levels of the communication stack. With the advancement of technology and increase in the volume of security threats, the market will consolidate security expertise from the IT world, the mobile world and the managed services into a single comprehensive package creating a real opportunity for security service providers.
Kudelski Security Research 
One comment