TLS Adaptation for Virtualized Border Gateway

WiFi radio access technology is being adopted as a part of the current small cell solutions of mobile networks. Any WiFi network with Internet connectivity can be used by the mobile device to access packet-based LTE services like voice calling and instant messaging. This service traffic is strictly confidential and needs to be protected with encryption when an untrusted access, i.e., a public hotspot access, is used. This new scenario requires a new network element that terminates the encrypted service connection. For Nokia Networks this element is called the Border Gateway. At the same time the telecommunications industry is moving towards cloud computing so network elements are being virtualized to operate on virtual machines running in the cloud instead of the current embedded systems. This thesis begins by discussing the current industry landscape and how both the WiFi small cells and the cloud-based network infrastructure are partly answering the problem of rapidly growing mobile data consumption. The focus of the thesis is studying the capabilities of the Border Gateway on the context of non-real-time service traffic encryption, with an emphasis on the virtualized platform. Also a general network security related validation is performed, as this element exists for providing security features. The virtualized Border Gateway proved to be ten times more capable than the original embedded system, because the current x86-based processors used in the cloud offer significantly more performance than the digital signal processors in the embedded system. The fact that the Unix operating system and related software in the cloud are mostly open source, proved that security related testing only needed to be performed on the embedded platform, as there the platform software is closed-source and not already verified by the masses

TLS Adaptation for Virtualized Border Gateway

WiFi radio access technology is being adopted as a part of the current small cell solutions of mobile networks. Any WiFi network with Internet connectivity can be used by the mobile device to access packet-based LTE services like voice calling and instant messaging. This service traffic is strictly confidential and needs to be protected with encryption when an untrusted access, i.e., a public hotspot access, is used. This new scenario requires a new network element that terminates the encrypted service connection. For Nokia Networks this element is called the Border Gateway. At the same time the telecommunications industry is moving towards cloud computing so network elements are being virtualized to operate on virtual machines running in the cloud instead of the current embedded systems. This thesis begins by discussing the current industry landscape and how both the WiFi small cells and the cloud-based network infrastructure are partly answering the problem of rapidly growing mobile data consumption. The focus of the thesis is studying the capabilities of the Border Gateway on the context of non-real-time service traffic encryption, with an emphasis on the virtualized platform. Also a general network security related validation is performed, as this element exists for providing security features. The virtualized Border Gateway proved to be ten times more capable than the original embedded system, because the current x86-based processors used in the cloud offer significantly more performance than the digital signal processors in the embedded system. The fact that the Unix operating system and related software in the cloud are mostly open source, proved that security related testing only needed to be performed on the embedded platform, as there the platform software is closed-source and not already verified by the masses