IKEv2 Configuration Payload Extension for Notarizing Femtocell in Mobile Core Network
draft-zong-ipsecme-ikev2-cpext4femto-00

Document Type Expired Internet-Draft (individual)
Last updated 2012-07-30 (latest revision 2012-01-18)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-zong-ipsecme-ikev2-cpext4femto-00.txt

Abstract

IPSec IKEv2, RFC 5996 [RFC5996], has been adopted by many standardized network solutions to provide the secure transport between network elements over third party's infrastructure. Today Femtocell deployment requires the mobile operator's Femtocell AP (FAP) to leverage the IPSec IKEv2 to support mutual authentication and data protection between the insecure Femtocell, which typically deployed in customer's premise, and its corresponding mobile core network. A known security threat exists in Femto architecture for failing to validate the FAP's identity and information provided by FAP at the mobile operator's core network. This document reviews this security threat and proposes a simple extension of the IKEv2 to resolve the issue.

Authors

Zaifeng Zong (zong.zaifeng@zte.com.cn)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)