Contact Person
Behzad Mesgarzadeh +46107138926
Behzad.Mesgarzadeh@ericsson.com
Master Thesis – Creating a Multi-Vendor Virtual Environment with Security Gateways
Background
With the continuous increase of connected devices and small cell deployment on large scale, there is a great demand on telecom operators to deploy IPSec (Internet Protocol Security) aware nodes to make sure that communication between radio base stations and operator’s core network is secure. The usage of internet as mobile backhaul has also increased the demand of IPSec implementation to provide secure data communication. The Security Gateway (SeGW) plays a vital role in deployment of IPsec since the IPsec traffic from backhaul is terminated on SeGW before it is routed to operator’s core network. The SeGW not only makes sure that operator’s trusted nodes are only able to communicate to core network but also takes care of encryption/decryption of large amount of the traffic. The operators are keen to choose such a SeGW which provides the desired functionality with high performance. There are multiple vendors in the market providing the SeGWs with different features. Furthermore, the cost of SeGWs is typically high. Due to these considerations, creating a multi-vendor-based virtual environment to simulate a real network as close as possible for experimental and educational purposes can be beneficial.
Thesis Description
The features on SeGW from RAN (Radio Access Network) perspective are quite demanding to enable SeGWs to cater challenges for small cells and LTE advanced. The main assignment is to configure two commonly used SeGWs in virtual environment. The configuration will be based on IPsec and PKI (Public Key Infrastructure), so that SeGW will accept connection from operator’s trusted nodes. The expected result is to prepare a working virtual environment to be utilized for technical experiments and also for education purpose in workshops, seminars, etc.
Background information and technical support on the implementation platform and environment will be provided. The student is expected to be self-motivated and work independently on the assignment.
Deliverables expected at the end of the thesis work include working virtual environment and a final thesis report. The student is also expected to provide a final presentation internally within Ericsson.
Qualifications
The student should have studied courses on Computer Security (or Cryptography), and Computer networks (or Internetworking) during the master programs at university.
Extent
1-2 students, 30hp each
Preferred Starting Date
Fall 2015
Keywords
IPSec, PKI, Small Cell, Mobile Backhaul, LTE, Security Gateway