Security and Mobility Aspects of Femtocell Networks

Background

Femtocell security architecture consists of three major stratums such as access security stratum, UE access control stratum and mobile network security stratum. FAP access security is provided in terms of mutual authentication, establishment of secure association, authorization, location looking mechanisms and the SeGW located in the border of the core network. Network domain security includes the security communication between SeGW and the core network whereas, UE access security includes access control based on Close Subscriber Groups (CSG) applicable legacy UEs. However, FAP authentication and message encryption across unreliable Internet or broadband access are major security considerations in femtocell networks.

Femtocell backhaul is vulnerable to any external attack since; there is no guarantee of security by the network provider. The femtocell security aspects are not yet standardized according to the 3GPP specifications (Akyildiz, Xie, & Mohanty, 2004). Thus, there are many ongoing research efforts to enable an end-to-end secure communication in femtocell technology. FAP authentication is a major consideration in femtocell security. In general, FAP authentication is performed using Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA), certificate or as a combination of both. The 3GPP standard presumes validation and authentication to be performed sequentially. Thus, during the initial power-up, FAP gets authenticate to the core network. If the certificate based authentication is used, the mutual authentication between the FAP and the core network is performed with X.509 certificate which is already configured at FAP and SeGW. Rather, Universal Integrated Circuit Card (UICC) that defines the identity of the secondary hosting party is used for the authentication (Akyildiz, Xie, & Mohanty, 2004).