There is an increasing demand for providing secure handling of sensitive subscriber data. From the early days of mobile telecommunications, solutions for this problem are available in earlier and current networks for subscriber identification.
The increased demand of the mobile networks to provide multiple of services for the customers made it possible to create Performance Monitoring (PM) solutions to monitor and improve a network performance. The introduced PM solutions primarily intend to collect, aggregate and evaluate network related subscriber data.
The current solutions of PM systems are based on events and counters provided by selected network elements. The PM information is collected in network nodes according to predefined subscription profiles. The network nodes store the PM data in PM files covering variable time periods for example 15 minutes or 1 minute.
Additionally, network nodes can make the PM data available on a streaming interface where PM data are provided as a continuous stream. Examples of PM data that can be sensitive are the relatively detailed location of the mobile subscriber. This can be a potential confidentiality threat for a network operator.
In 3rd Generation (3G) networks, for example a Radio Network Controller (RNC) is responsible to store and make PM data available for higher layer applications, e.g. a network management system. In a core network, an example of a node creating the PM data is a Serving GPRS Support Node (SGSN) or a Mobile Switching Center (MSC) Server.
Today cryptology is widely used as a mechanism to provide confidentiality of subscriber identification. Those cryptographic algorithms, which are using the same key material for encryption and for decryption, are referred to as symmetric (encryption) algorithms.
Those cryptographic algorithms, which are using different key materials for encryption and for decryption, are referred to as asymmetric encryption algorithms. Asymmetric cryptographic operations are more processor capacity consuming, approximately with three orders of magnitude, than the symmetric encryption algorithms. To improve the efficiency of the usage of the asymmetric encryption algorithms, the current best practice is to encrypt a random data by using an asymmetric encryption algorithm, which is later used to encrypt the confidential data by using a symmetric encryption algorithm.
Internet Key Exchange (IKE) (RFC2409) and IKEv2 (RFC4306) are key management protocols to authenticate the remote peers and agree a shared secret which can be used to generate shared keys for an IP Security (IPsec) security protocol. PF_KEY (RFC2367) defines an interface between a key management application and an engine of the IPsec security protocol.
To meet the increasing demand for secure handling of sensitive subscriber data, an improved handling of performance monitoring data in a communication network is required, matching with the demands of subscriber data confidentiality and at the same time allow for tuning of the performance of network nodes.