vEPC-sec: Securing LTE Network Functions Virtualization on Public Cloud

Public cloud offers economy of scale to adapt workload changes in an autonomic manner, maximizing the use of resources. Through network function virtualization (NFV), network operators can move LTE core to the cloud; hence removing their dependency on carrier-grade LTE network functions. Recent research efforts discuss performance, latency, and fault tolerance of LTE NFV, largely ignoring the security aspects. In this paper, we discover new vulnerabilities that LTE NFV face today with no standard solutions to address them. These vulnerabilities span at both LTE control and user planes. To address them, we propose vEPC-sec that cryptographically secures LTE control-plane signaling messages in the cloud. It provides distributed key management and key derivation schemes to derive shared-symmetric keys for securing the communication between any two network functions. Our approach provides encryption and integrity protection to the messages even during virtual machines scalability and failure recovery scenarios. vEPC-sec also prevents user-plane vulnerabilities by ensuring that LTE routing modules should faithfully forward the LTE subscriber packets.