IKEv2 Configuration Payload Extension for Notarizing Femtocell in Mobile Core Network
draft-zong-ipsecme-ikev2-cpext4femto-00

 
Document
Type Expired Internet-Draft (individual)
Last updated 2012-07-30 (latest revision 2012-01-18)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream
Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG
IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

Email authors IPR References Referenced by Nits Search lists

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
//www.ietf.org/archive/id/draft-zong-ipsecme-ikev2-cpext4femto-00.txt

Abstract

IPSec IKEv2, RFC 5996 [RFC5996], has been adopted by many standardized network solutions to provide the secure transport between network elements over third party's infrastructure. Today Femtocell deployment requires the mobile operator's Femtocell AP (FAP) to leverage the IPSec IKEv2 to support mutual authentication and data protection between the insecure Femtocell, which typically deployed in customer's premise, and its corresponding mobile core network. A known security threat exists in Femto architecture for failing to validate the FAP's identity and information provided by FAP at the mobile operator's core network. This document reviews this security threat and proposes a simple extension of the IKEv2 to resolve the issue.

Authors

Zaifeng Zong (zong.zaifeng@zte.com.cn)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)