How Vodafone Turkey keeps its rapidly growing network secure with PKI
With thousands of base stations and a rapidly growing network, Vodafone Turkey made a transition from GSM to LTE technology, using public key infrastructure (PKI) to manage the important encryption of the mobile traffic.
The transition from Global System for Mobiles (GSM) to Long Term Evolution (LTE) was done in April 2016. From then on, traffic through the base stations – that is, the eNodeBs or femtocells – and the gateways behind the evolved packet core (EPC) were encrypted. This is important, as LTE mobile networks are connected with IP-based services. This increases the risk of intrusion, compared to GSM and older technologies from the era when mobile networks were, to a greater extent, isolated.
Avoiding chaos in encryption management
But encryption management can quickly turn into a very complex matter. Issuing certificates for identifying trusted network devices and using a single certificate authority (CA) are keys to avoiding chaos in encryption management. As stated in NIST, in its Guide for LTE Security, “a scalable system such as public key infrastructure (PKI) is likely to be utilized for a commercial LTE network.”
“The encryption part was very important for us and had to be managed by a proper supplier. Issues may arise in any operation if the encryption does not work properly,” says Oncu Inan Yazicioglu, IP planning expert at Vodafone Turkey.
A big and challenging project
The transition from GSM to LTE was by all means a big venture for Vodafone Turkey, involving around 35 people working full-time from September 2015 to April 2016, on a budget of about 500 million dollars. The encryption was part of the main transformation from GSM to LTE and employed around five people for two months. The major challenges were to get the redundancy of the servers right and to get the database running properly with the software installed.
“The biggest challenge was technical. Now everything is running in production and working well,” says Oncu Inan Yazicioglu.
Flexibility in how to expand the network
Vodafone Turkey has a fast-growing network and is experiencing a high increase in traffic volume. The major part of the encryption project is now completed with some minor parts in the network still to be finished. Since Vodafone Turkey now has a certificate authority managing the encryption, Vodafone has flexibility in how to expand the network without changing the encryption management.
“Vodafone Turkey is always expanding its capacity. Traffic is increasing day by day and challenging the capacity, but the certificate authority that we are running is handling that well,” says Onur Önoglu, a network engineer at Bntpro, which is a supplier working closely with Vodafone Turkey.