The Radio Access Network (RAN) in wireless networks has been evolving from a circuit-switched network to a packet-switched network to meet the growing need to carry wireless high speed packet data and to interface and operate with other packet data networks. The advent of 4G wireless, and LTE technology in particular, has imposed a faster and flatter network architecture with an all-IP base protocol for communication. Relative to older networks, the LTE network, for example, has fewer anchor points, greater distribution of control logic at the edge, and high cell bandwidth that drives transport sharing among multiple operators. One consequence is that RAN network elements (NEs) such as computers, servers, routers, and base stations, as well as the interfaces between them, are exposed to IP traffic. This introduces security threats and vulnerabilities to the NEs at the network layer and higher layers. There remains a need to resolve such threats and vulnerabilities.
One defensive measure that network operators have adopted to protect the RAN network elements from such threats and vulnerabilities has been to implement secure versions of the communication protocols used by the RAN. One example is the suite of secure protocols known as IP security (“IPsec”), which was developed by the Internet Engineering Task Force (IETF) to support secure exchange of packets at the IP layer.
Among other advantageous properties, IPsec is scalable so that it can be supported in networks of all sizes from LANs to global networks. It operates at low network layers, and thus is unaffected by users, applications and higher-level protocols. It is not limited to specific applications. It does not require the upgrade of the transport protocols (for example TCP, UDP, SCTP) or of higher-layer protocols (for example http, ftp, SSH) and applications. IPsec can encapsulate IP packets to form IPsec tunnels, which preserve the original properties of the packets and provide secure VPNs at the network layer.
IPsec supports source authentication, integrity protection, and encryption on a packet-by-packet basis. To do so, IPsec relies on a secret key that is shared between the two IPsec peers, and on the execution of several symmetric cryptographic algorithms (“symmetric cipher algorithms”) that are agreed between the two peers during IPsec activation. The symmetric cipher algorithms use session keys that IPsec derives from pre-established keys stored in each IPsec peer. A protocol referred to as Internet Key Exchange (“IKE”) effectuates the key negotiation and key agreement during IPsec activation and when keys are refreshed.
IKE is the first protocol that runs when IPsec is activated. Although the two current standard versions of IKE, namely IKEv1 and IKEv2, are mutually incompatible, they have certain properties in common, which we now briefly describe. Both versions of IKE perform a message exchange in two phases. In the first phase, IKE sets a secure channel to set up a Security Association between the two IPsec peers. In the second phase, the IKE peers authenticate each other. If either phase fails, then the IPsec connection is terminated.
Several alternative methods of IKE authentication are known. In one widely used method, X.509 digital certificates are exchanged between the two IPsec peers during the IKE authentication phase. In accordance with well-known procedures, the digital certificates are obtained from a Certification Authority (CA). Digital certificates provide great flexibility to bind the public key to many identity types, data information and formats. X.509 is a standard from ITU-T for a public key infrastructure. ITU-T is the Telecommunication Standardization Sector of the International Telecommunication Union.
For example, a base station, a server in the LTE backhaul network, or some other entity acting as IP host, can bind the host public key to the host identity by inserting the public key and the host identity as parameters in the host digital certificate so that the IP host certificate will contain both of these parameters.
Methods using of digital certificates for IKE mutual authentication are advantageous because, among other reasons, they are scalable: The number of certificates required in a network of nodes to authenticate each node when IPsec is activated is linear with the number of nodes.
During IKE authentication, each peer exchanges a certificates bundle (a bundle typically holds one to three certificates) to provide proof of its identity. The bundle forms a delegation chain of certificates that define a trusted path starting from the identity of the IP host all the way to an anchor that is trusted by the recipient. If the delegation chain can be validated, certificate-to-certificate, from the trusted anchor to the peer certificate, then the IKE peer is authenticated. For the authentication procedure to complete successfully, each IKE peer needs to be provisioned with the correct bundle of certificates, or else the IKE authentication phase will fail.
There is a need to automate the procedure for managing and refreshing the digital certificates so that the demands of large networks such as the wireless backhaul can be met.