About me

Nullam nec elit quis tortor aliquam venenatis a ac enim. Quisque iaculis orci ante, eu tincidunt arcu tempor vitae. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Suspendisse malesuada ante dictum, auctor elit semper, semper dui.

Turkcell assesses mobile network readiness to resist attacks by quantum computers

Turkcell assesses mobile network readiness to resist attacks by quantum computers
June 26, 2025
by

The emergence of quantum computers presents a significant threat to traditional cryptographic systems, particularly in mobile backhaul networks. These networks transport all the traffic that flows between the cell towers and mobile core networks. Because they are remote and often carry sensitive data, they are prime targets for cyberattacks. A particularly important aspect of mobile networks is the critical need for accurate time distribution. Recently, the security impact and the need for protecting time information has been discussed in [1].

Turkcell’s innovative approach to field-hardened, quantum-safe networking

To achieve superior accuracy, Turkcell combines time information of two distinct protocols (PTP and SyncE) in its network. This combination achieves high timing accuracy but, at the same time, each protocol can be subjected to targeted protocols threats. This threat can be mitigated by advanced encryption, thereby protecting these protocols from eavesdropping and manipulation..

Turkcell led the industry by being the earliest to confirm the the accuracy of network time distribution while employing quantum-safe protection for user data and all protocols involved.

March 2025: In collaboration with Juniper Networks and IDQuantique (IDQ), Turkcell validated its network’s readiness to protect against quantum threats maintaining the highest quality standards for time distribution, upon which mobile networks rely.

The solution involved using Media Access Control Security (MACsec) to secure all traffic on the wire including Data, PTP, and SyncE. In addition, the validation made use of QKD created keys by IDQ to run MACsec in a quantum-safe mode.

The validation was performed in two phases. In the first phase, a virtualized key management system (KMS) generated cryptographic keys fed into a pair of field-deployed Juniper Networks™ ACX7100 line of Cloud Metro Routers (as network nodes) via a standard ETSI-014 REST API and protected all traffic with MACsec and measuring synchronization accuracy. In the second phase, the virtual KMS was replaced with IDQ’s QKD system, providing quantum-protected QKD-keys and additional data protection using IPsec. Further validation comprised failure scenarios affecting key distribution and tested resilience against network failures.

This proof-of-concept found that data and the mission-critical synchronization network can  be protected effectively in a quantum-safe manner by MACsec without impairing the accuracy of time information. Furthermore, even while key management was disconnected,synchronization remained operational. This test demonstrated that Turkcell’s network is well positioned to incrementally adopt quantum-safe, key cybersecurity technologies with field-deployed equipment.

 Understanding the threat

Quantum computers can solve complex mathematical problems much more efficiently than classical computers, rendering many current encryption methods obsolete. This is especially concerning for mobile backhaul networks, which are crucial for mission-critical data traffic. Beyond protecting data traffic, a specific vulnerability lies within the time synchronization subsystem of these networks. Accurate time synchronization is essential for mobility functions such as call handovers and data transmission. Any manipulation can lead to severe consequences, including:

  • Increased latency and dropped connections: Users may experience delays or interruptions in service
  • Financial losses for businesses: Companies relying on mobile networks could face reduced productivity and financial setbacks due to disruptions
  • Loss of trust: Frequent issues can erode user confidence in the reliability and security of mobile services

Types of attacks

Mobile networks face various threats, including spoofing attacks where adversaries send false timing signals to destabilize the network. This can lead to:

  • Service interruptions: Misalignment with the network can result in dropped calls or failed data transmissions
  • Location disclosure: Manipulated timing signals may expose user locations, allowing unauthorized access to sensitive information
  • Network instability: Inaccurate synchronization can trigger cascading failures, affecting multiple users simultaneously

Mitigating risk

To safeguard against these vulnerabilities, mobile operators implement robust security measures protecting data and synchronization. An innovative approach uses MACsec leveraging quantum-safe AES256 encryption, which is classified as quantum-resistant, method to protect data. The MACsec protocol is a standard security technology employed in Ethernet networks to ensure the confidentiality, integrity, and authenticity of data transmitted over the physical medium. MACsec is defined by IEEE standard 802.1AE. By implementing AES in silicon, network devices can offload cryptographic tasks from software, thereby enabling the encryption of data and synchronization traffic with high time precision. MACsec protects against:

  • Passive wiretapping
  • MAC address spoofing
  • Man-in-the-middle attacks
  • Multiple denial-of-service (DoS) attacks

Proof-of-concept phase 1

Synchronization and data path:

Turkcell validated that field-deployed Juniper ACX7100s is capable to secure data and synchronization traffic in a manner resisting attacks by quantum computers. For this setup, Turkcell leveraged an in-service synchronization source to pass time information between a pair of field-deployed Juniper ACX7100s (green area), passing it through additional Juniper Networks™ MX304 Universal Router and feeding it into a Calnex Sentinel Synchronization Measurement device in the Turkcell Lab (blue area).

Use case scenarios 

In the first scenario, the link between the two ACX7100s has been configured without further encryption and monitored for data traffic and synchronization quality. The results of this scenario were used as the baseline for the other scenarios.

Figure 1: Phase –1, scenario 1

In the second scenario, static MACsec had been enabled and monitored the same way. No performance difference was observed in the data traffic and synchronization quality.

Figure 2: Phase –1, scenario 2

The third scenario involved an additional application developed by Juniper Networks, through Juniper® Beyond Labs innovation, to enable quantum-safe MACsec VPNs with Crypto Agility. It regularly fetches keys from an external key management source and frequently renews keys used to encrypt the link using MACsec. To keep logistics manageable, the ACX devices were configured to ingest keys from a virtual ETSI GS QKD 014 v1.1.1 – Reference Implementation simulating key delivery by QKD devices. As in the second scenario, no performance difference was observed in the data traffic and synchronization quality compared to the baseline test.

 

Figure 3: Phase –1, scenario 3

The data collected in this first phase shows that data and the synchronization plane (PTP and SyncE) can be protected contemporaneously using deployed ACX7100s with MACsec. Furthermore, it validated that enhanced protection with quantum-safe MACsec can be deployed incrementally and does not impair data and synchronization traffic.

Proof-of-concept phase 2

As a first test in the second phase, quantum-safe IPsec integration with QKD devices of IDQ was validated between a pair of SRX 1500. The setup was complemented with a pair of ACX devices used to provide IP transport. IP traffic between the sites of the VRF had been used to verify the connectivity.

Juniper’s IPsec solution leverages virtual and/or physical key management entities to enhance existing Internet Key Exchange (IKE) protocols with an additional secret (key) through RFC8784 standards. This solution combines strong-classical algorithms with quantum-resistant algorithms through interchangeable key-management solutions.

The setup confirmed that Juniper Networks™ SRX1500 Firewall provides quantum-safe IPsec services that are fully compatible with QKD devices of IDQ.

Figure 4: Phase –2, scenario 1

As the second scenario in that phase, quantum-safe IPsec over quantum-safe MACsec was validated. It enabled network operators to combine deployed MACsec and IPsec VPNs capabilities, securing them against post-quantum era threats.

To cover this test case, a pair of ACX7100s was deployed in Turkcell Labs adjacent to QKD devices of IDQ. Furthermore, Juniper SRX1500 firewalls were used in the setup. Here, all SRX and ACX devices were requesting QKD-keys from the same pair of IDQ QKD devices. Like in phase 1, a Calnex Sentinel Synchronization Measurement device was used to validate data traffic and synchronization quality. No performance difference was observed in the data traffic and synchronization quality compared to phase 1.

Figure 5: Phase –2, scenario 2

Findings 

The crypto-agile solution architecture enabled Turkcell to switch from a virtual QKD-emulation key-management to QKD without requiring any software upgrade. By leveraging IDQ’s QKD system, the security posture of the solution became truly quantum safe. This showed that solutions, where physical and virtual key management entities are separate from the existing network infrastructure, can seamlessly reconfigure any time if a key-distribution method becomes vulnerable or outdated. Furthermore, evolving standards or government regulations may mandate deploying particular key-management entities over time. Hence, crypto-agility that does not affect VPN service availability is critical. In summary, the data collected confirms that quantum-safe IPsec and quantum-safe MACsec work hand-in-hand. Furthermore crypto-agility was validated by configuring key-management sources from the reference implementation of phase 1 to true QKD devices in phase 2 without performing an in-service upgrade. In short: IPsec and MACsec technology with a quantum-secure Airbag.

Conclusion

Precision time synchronization is crucial for the effective functioning of mobile networks. With increasing threats by Quantum Computers, it is essential for operators to adopt comprehensive strategies that enhance synchronization accuracy while protecting against malicious attacks. By prioritizing these measures, mobile networks can maintain reliable services, safeguard user data, and ensure operational integrity against future cyber threats. As the industry transitions toward quantum-resistant security measures, proactive initiatives like those undertaken by Turkcell serve as a model for others in the telecom sector.

Reference

[1] A. Maamary, H. A. Alameddine, M. Debbabi and C. Assi, “Synchronization Plane in O-RAN: Overview, Security and Research Directions,” in IEEE Communications Magazine, vol. 63, no. 2, pp. 88-94, February 2025, doi: 10.1109/MCOM.001.2300563. keywords: {Synchronization;Security;Main-secondary;Frequency synchronization;Topology;Time-frequency analysis;Open RAN},

Share
Related posts
Modernizing healthcare IT: key insights
Modernizing healthcare IT: key insights
June 12, 2025
by
Redesigning WAN architectures to unlock AI’s potential in financial services
Redesigning WAN architectures to unlock AI’s potential in financial services
June 12, 2025
by
Ditch the proprietary tax: scale smarter with Juniper AI load balancing
Ditch the proprietary tax: scale smarter with Juniper AI load balancing
June 9, 2025
by