S2 Security Gateway

GENBAND’s S2^TM Security Gateway allows mobile operators to offer secure, scalable fixed mobile convergence solutions, including femtocells and FMC/WiFi/WLAN solutions, advancing high quality voice and multimedia services to residential and business subscribers at their homes or places of work. For the mobile operator, femtocells and FMC pose significant security threats since these services typically use the public Internet for communication into the mobile core network. Use of the Internet for backhauling voice and multimedia traffic exposes the operator’s core network to numerous types of IP-based attacks and exploitations, and user privacy is also at risk of being compromised. The S2 Security Gateway ensures that femtocell/FMC communications can travel securely over untrusted networks like the Internet, into the mobile core network. 

S2 Security Gateway:  The S2 Security Gateway protects the mobile operator’s network and ensures user privacy by leveraging state-of-the-art security technologies.  Using a carrier-class Advanced Telecom Computing Architecture (ATCA), the Security Gateway feature is enabled via purpose-built modules that reside in GENBAND’s 2-slot Integrated Border Gateway chassis.  The S2 offers full high-availability (HA) with sub-second failover and supports hot-swappable components, with in-service platform upgrades.  Highly scalable in a small form factor, it can reach up to 200,000 IPSec tunnels and 500 tunnels per second setup. 

In femtocell and FMC networks, the S2 platform provides security, user authentication, mobile-IP connectivity management, secured tunnel management, policy enforcement, and accounting.  It monitors each femtocell/FMC connection for IP intrusion and attacks, and filters and firewalls mobile control protocols.  The S2 manages mobile traffic flows from the femtocell/FMC access point into the mobile core network.  Voice traffic is forwarded to the Mobile Switching Center (MSC) or Call Session Control Function (CSCF) where call treatment takes place, and multimedia traffic is forwarded to the Packet Data Serving Node (PDSN) in a CDMA network or to the Gateway GPRS Support Node (GGSN) in a GSM/UMTS network.

The S2 Security Gateway enables choice and flexibility for femtocell deployment models that best fit the operator’s business and technical requirements. Open standards compliance with IETF, IMS, and 3GPP/3GPP2 allows flexible options for deploying femtocell/FMC services -- operators can start with a traditional MSC service model and migrate to architectures such as IMS and LTE.  In GSM/UMTS networks, the S2 Security Gateway is a Tunnel Termination Gateway (TTG), and in CDMA networks the module functions as the Packet Data Interworking Function (PDIF). The Security Gateway also addresses the technical gaps not addressed by the GGSN or the Packet Data Serving Node (PDSN).