IPSec IKEv2, RFC 5996 [RFC5996], has been adopted by many
standardized network solutions to provide the secure transport
between network elements over third party's infrastructure. Today
Femtocell deployment requires the mobile operator's Femtocell AP
(FAP) to leverage the IPSec IKEv2 to support mutual authentication
and data protection between the insecure Femtocell, which typically
deployed in customer's premise, and its corresponding mobile core
A known security threat exists in Femto architecture for failing to
validate the FAP's identity and information provided by FAP at the
mobile operator's core network.
This document reviews this security threat and proposes a simple
extension of the IKEv2 to resolve the issue.