SECURE TUNNELS IN 4G LTE NETWORKS

Abstract

Mobile networks are moving from traditional voice based service rendering to all IP based data services rendering with high speed data transmission introduced in LTE technology. Ensuring confidentiality of data transmitting in LTE data-plane is still challenge. This dissertation address the question of how securing data transmitting in the LTE network so as to use for the enterprise’s VPN. Layer-2 and Layer-3 are VPN technology use by enterprises to connect their branch office with head office. Through this project, implement the system for secured communication between those head offices and branch offices using LTE mobile broad band network. Using LTE mobile network for providing Layer-2 and Layer-3 VPN service is very coast effective way compared to existing technologies. Having mobility and maintenance-free Layer-2 and Layer-3 secure VPN system is implemented in this project. Setup LTE mobile network with different APN for creating Layer-2 and Layer-3 tunnels. Without doing any modification in eNodeB create Layer-3 tunnels (L3-VPN) to connect geographically separated private LANs through the ISP’s public network. Create separate routing instance at LTE core network, isolate the tunnelling data packets from other internet users. Extend the tunnel traffic from LTE core network to ISP MPLS network to merge the tunnel with other wireless technologies like WiMAX. Dedicated virtual routing and forwarding instance creates for each Layer-3 VPN to handle their routing table independently. IPSec protocol use to create secured tunnel with pre-shared security key. Client-server architecture is used to build L2-tunnel (L2-VPN) inside the LTE mobile network without having any changes to eNodeB. Server has placed between PDN-gateway and MPLS edge router while client is placed at L2-tunnel end point. Marked data packet with IEEE dot1q tag from L2-server to MPLS edge, make the flexibility to extend the tunnel with other wireless technologies. Virtual-template creates for particular tunnel separate the users in a particular Layer-2 tunnel. The protocol use to create L2-tunnel is L2TP that wrap the end user’s IP packet with L2TP header and send through the LTE network to other end. IPSec protocol suit with the ISAKMP frame work use to exchange pre-shared key for build IPSec secured tunnel inside the L2TP tunnel.A user in LTE network has two bearers (tunnels) that are signalling bearer and data bearer to have services from ISP. The signalling bearer has encrypted all the way it going through. But data bearer is encrypted up to eNodeB from the LTE wireless router. So the intruder who can capture the data bearer in between eNodeB and PDN-gateway can read the data. Layer-2 and Layer-3 Packet captured at PDN-gateway clearly shows the information inside the data packets. After creating encrypted Layer-2 and Layer-3 tunnels, packet captured at PDN gate way does not show any information inside it. IPSec protocol encrypt the information inside the data packet with Pre-shared key agreed by all parties in the particular communication channel. Again there are many boundaries to overcome for capture the LTE data bearer. Therefore security in LTE network for day-to-day internet users are in satisfied level. But for the enterprises who connect their offices through VPN in LTE need extra layer of security to ensure their information is not at the risk when they using Layer-2 or Layer-3 VPN system proposed by this project. IPsec tunnel inside the L2 and L3 tunnel (VPN) make secure communication over LTE networks providing extra layer of security by encrypting the IP packet payload.