Security Edge Protection Proxy

Security Edge Protection Proxy (SEPP)

Ensure end-to-end protection between the home and visited network

SEPP protects the home network and acts as a security gateway 

Mobileum’s Security Edge Protection Proxy (SEPP) protects the home network and acts as a security gateway. Located at the edge of the network, it polices connections between the home network and the visited networks. Mobileum’s SEPP offers end-to-end 5G Security as a standards-based node based upon 3gpp specifications. This is a significant enhancement to security compared to the prevailing practices in 4G/3G/2G networks where SS7 and Diameter were used.
SEPP Provider

Achieving end-to-end 5G Security using SEPP

The Mobileum SEPP enables secure interconnection between 5G networks ensuring end-to-end confidentiality and integrity between source and destination network for all 5G interconnect roaming messages. Mobileum’s SEPP provides the following features to CSPs:
  • security at the application level and protection against eavesdropping and replay attacks.
  • end-to-end authentication, integrity, and confidentiality protection through signature and encryption of all HTTP2/ roaming messages.
  • key management mechanisms for configuring the required cryptographic keys and performing procedures to negotiate security capacity
  • message filtering and monitoring, topology hiding, and JSON object validation; including cross-layer information verification with address information on the IP layer
5G Security with SEPP

See how Mobileum can help protect & grow your business

Over 750 Telecom companies, in more than 150 countries, are scaling their business with Mobileum solutions.

SEPP Network Function is used as the sole ingress and egress point for signaling messages

  • Compliant to 3gpp 33.501, 29.573, 33.210, 33.310
  • Non-transparent Proxy
  • Support TLS and PRINS (JOSE/JWS)
  • N32c – policy and initial key exchange
  • N32f – Encryption and signing of messages
  • Key Management
  • Message filtering, policing, and mediation
  • Rate Limiting
  • FunctionalityDiscovery and load balancing
  • Topology hiding
SEPP network function

N32 Interfaces to protect messages

To protect messages sent over the N32 interface, the 5G system architecture introduces SEPP as the entity sitting at the perimeter of the Public Mobile Network (PMN) network that:
  • Receives all service layer messages from the Network Function and protects them before sending them out of the network on the N32 interface
  • Receives all messages on the N32 interface and forwards them to the appropriate network function after verifying security, where present
N32 Interfaces

Request a Demo with our Threat Intelligence Specialist

Contact us today and learn how to use our SEPP to protect your network.

Built on Cloud-Native Architecture

Mobileum SEPP is built on cloud-native architecture and uses industry-standard open CNCF Plugins. Mobileum SEPP is a network function built as a stateless container function running microservices for producer and consumer services, O&M, presentation layer as well as the data layer. We are able to provide a scalable and cloud provider agnostics system, which can also integrate with external storage like UDSF for N32 context state.

Mobileum provides a flexible approach to Key Management Mechanism

To provide a flexible implementation, Mobileum SEPP follows the GSMA Key Management (FS.34) stage 1: Manual (public) key exchange (via certificates), collection of Root CAs from roaming partners, where Verification is done by CSP Root CAs.
Mobileum SEPP checks the certificate verification in N32 connections in TLS handshake and then verifies the whole certificate chain checking consistency for MCC and MNC in this chain. SEPP also verifies both TLS server certificate for outbound connections and TLS client certificate for inbound connections. Adding an extra flexibility feature, Mobileum SEPP is able to manage information if Root CAs are centrally provisioned, synchronised across SEPP instances and if the certificate revocations are also provisioned centrally, giving a whole set of key management features to the CSP when looking at the 5G roaming partners agreements.

Interoperability with other Mobileum Product

Today’s mobile communications networks are part of society’s critical infrastructure and have been woven into every aspect of our lives. Telecom operators have begun to realize that providing best-in-class security measures to every connected ‘thing’ on their network can become a key competitive differentiator - especially in a constantly changing threat environment. Signaling protocols are the foundation of mobile communications, so it is imperative that networks are adequately protected from the potential threats they enable. Mobileum provides a market-proven solution that addresses the inherent risks of multi-signaling protocols, providing protection for today’s converged mobile networks, including GTP, SIP and 5G.

6 key features of Mobileum SEPP that will help you to protect your Network

Best in class interconnect signaling security:
SEPP – Non-transparent proxy for signing/encrypting IE. Firewall – 5G/4G/3G Firewall (SS7, Diameter, SIP, GTP) to provide protection against partner attack.
Cloud-native
microservices
Most efficient and effective operationally and for scaling SEPP, Firewalls, Provisioning, and analytics/ML: SEPP, Firewalls, Provisioning
Transparent to SCP layer – supports vendor routing controls
Service mesh agnostic – environment
Flexible Mediation Policy at HPMN and VPMN level
Add/update/delete the inter PLMN HTTP /2 message headers
Supports for Network Slicing
Mobileum SEPP supports network slicing
Protects your 5G network
Integrated with Mobileum Signalling Firewall

Increase your Security Maturity with other products in our Portfolio.

Cross-Protocol Signaling Firewall
Cross-Protocol Signaling Firewall
Mobileum has a state-of-the-art signaling firewall as part of its security threat detection portfolio, protecting against malicious attacks under network signaling systems like SS7, CAMEL, Diameter, MAP, GTP, SIP, and 5G HTTP/2.
SMS Firewall
SMS Firewall
Our SMS Firewall has a comprehensive set of features and functionalities that allow MNOs to fight grey route threats coming from SIM farms and other bad actors having also the capability to provide MNOs with a safe, spam-free network environment that their subscribers can trust.
Penetration Testing
Pen Testing
Mobileum’s pen testing service provides carriers the ability to understand whether their network is secure from unauthorized access or other malicious activity.