- an overview of the technology and issues associated with femtocell security and ensuring cellular system and user security is not compromised.
Femtocell security is an issue which is at the top of many femtocell developers and users minds. It is widely known that Wi-Fi security measures, and in particular the WEP (Wired Equivalent Privacy) scheme is very easy to break. Accordingly it is great importance that femtocell security is not broken.
Should there be any breach of security within femtocells this would have a significant impact on the deployment and uptake of femtocell technology. This is clearly a major concern to operators who see femtocell deployment as an integral part of their roll out of new technologies such as LTE.
Femtocell security risks
There are a number of concerns that exist about femtocell security. By categorising these femtocell security concerns it is possible to address them and ensure that any risks are minimised.
- User privacy: Since a variety of data bout the user, including the voice calls and data themselves pass over the Internet. As a result it is necessary to provide security for these IP communications and prevent any monitoring of the data.
- Denial of service and general service availability: A significant area of concern for service providers in terms of their femtocell security strategy arises from the fact that the link between the femtocell and the cellular core network is across the Internet and it is IP based. Accordingly the service provider is open to denial of service attacks which overload the network and degrade the service or even totally prevent legitimate users accessing the cellular network.
- Fraud and service theft: This form of femtocell security addresses the scenarios where unauthorised users connect to the femtocell and use it in an unauthorised fashion. This may be done to avoid being charged for calls, or to transfer the costs of the calls to the authorised femtocell user. This would clearly give significant adverse publicity which would not be wanted by the operator.
It is therefore essential, that from the first deployment phase for femtocells, to the maintenance phases, operators keep sufficient security measures in place and upgrade them to counter any new techniques that are developed.
Femtocell security vulnerabilities
There are a number of areas where there are possible security risks within the overall femtocell system.
It is assumed that the cellular core network is safe from attack. This is a safe assumption as the core network is under the control of the operator, and any security issues would need to be maintained whether femtocells were active or not. Accordingly this area of femtocell security is not addressed.
The main areas of femtocell security vulnerabilities are given below:
- Wireless link into the femtocell: Here there is a possible for external wireless transmissions to gain access to the femtocell.
- The femtocell itself: It is possible that hackers could gain access into the femtocell and control it for their own use.
- Internet link: This is the backhaul link used between the femtocell and the femtocell gateway into the service provider's core network.
Femtocell security measures
In order to prevent femtocell security attacks from succeeding, there are several areas that can be addressed:
- Use of IPsec: In order to ensure that the femtocell security is maintained across the Internet IPsec or IP security is used. The IPsec standard is a widely used standard defined by the Internet Engineering Task Force (IETF).
- Femtocell Secure Authentication: Authentication is required by both the service provider or operator to ensure that valid femtocells are connecting to the core network. Additionally femtocells need to be correctly identified within the network. Femtocell security procedures using SIM cards authentication or X.509 are used.
- Wireless link security: The wireless link is an area where femtocell security is needed to ensure that unauthorised users do not connect or take over the femtocell. Techniques include ensuring that the femtocll coverage area does not exceed the physical area where the femtocell is to be used.
- EAP, Extensible Authentication Protocol: This form of protocol is used in a number of wireless networks and its use has been proposed for providing femtocell security.
It is absolutely essential that sufficient security measures are added to any femtocell system and that the security measures are monitored and kept up to date to ensure that no breaches of the femtocell security occur. In this way, the femtocell system will be able to operate satisfactorily without any fear from the femtocell user community.
By Ian Poole
Share this page
Want more like this? Register for our newsletter