The trade-off between security and the existing IPX business model ETSI Security Week | What does 5G security offer? Ewout Pronk KPN/Chair GSMA DESS group © GSM Association 2018
The trade-off between security and the existing IPX business model
ETSI Security Week | What does 5G security offer?Ewout Pronk KPN/Chair GSMA DESS group
© GSM Association 2018
Provides guidelines and requirements for end-to-end signalling security between LTE (4G) networks and between 5G networks
Serving the interest of mobile operators and their customers
Working closely together with 3GPP and other stakeholders in the ecosystem
Guide the implementation of a secure, yet flexible security solution
The work of the (Diameter) End-to-end Security Subgroup
2Security Classification: Non-confidential
The IPX network as described in GSMA documents
5Security Classification: Non-confidential
Source: https://www.gsma.com/newsroom/wp-content/uploads/IR.88-v16.0-1.pdf
For routing purposes the IPX provider is the “one stop shop” for operators
Providing Quality of Service to both signalling and user plane messages
On top services are provided to operators:
– Mediation– Fraud control– Value Added Services
The need for IPX providers in the ecosystem
6Security Classification: Non-confidential
Operators have a number of measures to protect themselves:– Apply topology hiding– Deploy a signalling firewall
But no measures exist to unambiguously determine authenticity and integrity of a Diameter signalling message end-to-end, and no encryption measures
Potentially leading to:– Denial of Service– Impersonation– Fraud– Tracking– Interception
So why not regulate the IPX providers and tell them what they should do?
The security implications of the hop-by-hop model
7Security Classification: Non-confidential
The one who is responsible for the security (such as spoofing prevention) does not bear the cost/impact in case of a failure. In economics “An externality”
Economic effects hamper the effectiveness of regulation
8Security Classification: Non-confidential
Assets
Regulation
LTE roaming operator 1 IPX provider B
DRA/DEA DRA/DEAGMLC
LTE roaming operator 2
MMEDRA/DEA
Mallory impersonating LTE roaming operator 1
GMLC
PL REQ
PL REQ
PL RESP
IPX provi der A
DRA/DEA
PL RESP
PL REQ
PL RESP
Regulation
The lack of end-to-end security has led to IPX providers to build services
Providing services is not only in the interest of IPX providers, many operators rely on them
And of course in general: the complexity of applying security measures to a fairly big ecosystem: key management, security awareness and resistance against mandatory measures
The complexity of providing end-to-end security
9Security Classification: Non-confidential
Maximum flexibility Deviates from the goal to provide E2E security Paper tiger
against
Maximum security Jeopardizing the IPX business model
We are left with a difficult trade-off
10Security Classification: Non-confidential