Why GTP Security is Essential for 4G and Evolving 5G Networks

, Why GTP Security is Essential for 4G and Evolving 5G Networks

Anthony Webb, EMEA Vice President at A10 Networks, discusses the importance of 5G and why security is essential

It is often written that 5G will usher in the Fourth Industrial Revolution and change the economy. The speeds and capacity that 5G network promises to bring has the potential to be an indispensable technology. Verizon estimated that by 2035, 5G “will enable £10.5 trillion of global economic output and support 22 million jobs worldwide.

Therefore, 5G is not only important because it has the potential to support millions of devices at ultra-fast speeds, but also because it has the potential to transform the lives of people around the world. But with this new opportunity also comes higher security risks as cyberattacks grow in sophistication and volume and use lightly protected mobile and IoT devices in their botnets or targeted attacks.

GTP today

Since the early days of 3G or 2.5G, GPRS Tunnelling Protocol (GTP) has been used to carry traffic and signalling through mobile networks and has continued to do so in 4G/LTE and recent 5G non-standalone architectures. But GTP was never designed with security in mind and therefore has no inherent security mechanisms.

As traffic, devices and interconnection partners surge, so does the use of GTP. The transition to 5G is happening and most operators will opt to deploy 5G in stages, using a common 4G core as they build out the 5G RAN. As a result, threats to 4G core elements from GTP-based attacks will still be present during this hybrid period. This where operators must now include a GTP firewall as part of their current network security posture and as they evolve the network to 5G.

GTP vulnerabilities have been well known by the industry and documented in GSMA reports. What is required is a GTP firewall which stops attackers from trying to exploit GTP vulnerabilities on the interfaces exposed to the network. These attacks target both mobile subscribers and mobile network infrastructure. The most common GTP security issues include confidential data disclosures, denial of service, network overloads, and a range of fraud activities. In 5G, additional security measures have been added, but GTP will continue to play an important role, especially in roaming.

What is required?

The simple answer is scalable security. Mobile operators face the challenge of securing roaming and EPC interfaces where GTP protocols are used extensively in and are known to have vulnerabilities that can be readily exploited by malicious actors. As vulnerable devices and partners expand, so does the attack surface available for malicious purposes. Operators need to meet the growing security challenges while also providing a seamless subscriber experience.

As they move towards 5G, with likely a 4G common core for many years, operators will need to tackle the risks inherent in GTP, as threats continue to grow against a much larger volume of traffic and applications. Roaming traffic, with its high complexity and large number of interconnect partners and hubs, can be an especially vulnerable and attractive target for malicious actors.

Common Threats

The most common threats from a GTP based attacks include the following:
• Eavesdropping – intercepting and snooping into GTP traffic gaining valuable and confidential subscriber information

• Fraud: Attackers can use services at the expense of the operator or another subscriber using invalid or hijacked IMSI

• Injection of malicious GTP messages: Disrupting sessions and creating DDoS

• Subscriber denial of service: Spoofing subscriber IDs to generate malicious messages that cause service disruption for an individual subscriber

• Message Suppression and Modification: Prevent message delivery or allow malicious content delivery, disrupting service

• Network Overload/DDoS: Malicious, malformed or invalid signalling packets are sent that overwhelm network elements or cause vulnerable elements to fail

GTP Firewall

The A10 Networks GTP firewall provides security and scalability, while protecting the mobile core against GTP-based threats mentioned above through GTP interfaces in the access networks and GRX/IPX interconnect to support uninterrupted operations.

The A10 Networks GTP firewall functions are included in the Thunder® Convergent Firewall (CFW) product. The Thunder CFW consolidates a number of firewalls and others functions and so offers operators a cost-effective approach for strengthening security postures, protecting network infrastructure without the need for disparate point products that add latency and complexity. The GTP firewall can be inserted into multiple interfaces carrying the GTP traffic. The primary use case is being inserted on S5-Gn and S8-Gp (roaming firewall) interfaces. The GTP firewall can operate as a standalone instance (after proper configuration) or can be integrated with several components residing in the operator ecosystem.

A Thunder CFW with GTP firewall also provides integrated DDoS protection and CGNAT. This comprehensive and consolidated approach provides best-in-class performance, efficiency and scale to protect mobile infrastructures while reducing OPEX and CAPEX costs.