VEPC-sec: Securing LTE Network Functions Virtualization on Public Cloud

Muhammad Taqi Raza, Songwu Lu, Mario Gerla

Research output: Contribution to journalArticlepeer-review

11 Scopus citations


Public cloud offers economy of scale to adapt workload changes in an autonomic manner, maximizing the use of resources. Through network function virtualization (NFV), network operators can move LTE core to the cloud; hence removing their dependency on carrier-grade LTE network functions. Recent research efforts discuss performance, latency, and fault tolerance of LTE NFV, largely ignoring the security aspects. In this paper, we discover new vulnerabilities that LTE NFV face today with no standard solutions to address them. These vulnerabilities span at both LTE control and user planes. To address them, we propose vEPC-sec that cryptographically secures LTE control-plane signaling messages in the cloud. It provides distributed key management and key derivation schemes to derive shared-symmetric keys for securing the communication between any two network functions. Our approach provides encryption and integrity protection to the messages even during virtual machines scalability and failure recovery scenarios. vEPC-sec also prevents user-plane vulnerabilities by ensuring that LTE routing modules should faithfully forward the LTE subscriber packets.

Original languageEnglish (US)
Article number8678830
Pages (from-to)3287-3297
Number of pages11
JournalIEEE Transactions on Information Forensics and Security
Issue number12
StatePublished - Dec 2019
Externally publishedYes


  • 4G LTE
  • 5G networks
  • Security
  • evolved packet core
  • fault tolerance
  • network functions virtualization
  • software defined networking

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'VEPC-sec: Securing LTE Network Functions Virtualization on Public Cloud'. Together they form a unique fingerprint.

Cite this