IKEv2 Configuration Payload Extension for Notarizing Femtocell in Mobile Core Network
draft-zong-ipsecme-ikev2-cpext4femto-00
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Author | Zaifeng Zong | ||
Last updated | 2012-07-30 (Latest revision 2012-01-18) | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
IPSec IKEv2, RFC 5996 [RFC5996], has been adopted by many standardized network solutions to provide the secure transport between network elements over third party's infrastructure. Today Femtocell deployment requires the mobile operator's Femtocell AP (FAP) to leverage the IPSec IKEv2 to support mutual authentication and data protection between the insecure Femtocell, which typically deployed in customer's premise, and its corresponding mobile core network. A known security threat exists in Femto architecture for failing to validate the FAP's identity and information provided by FAP at the mobile operator's core network. This document reviews this security threat and proposes a simple extension of the IKEv2 to resolve the issue.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)