9.3 IP Layer Protection
9.3.1 IPsec
IP Security (IPsec) is a set of protocols designed to provide cryptographic protection of a communication flow. It provides confidentiality, integrity protection and authentication services. It operates at the IP layer and as such it is able to protect any protocol carried by IP. For the same reason, it is not able to provide protection at the physical layer.
In mobile networks, the network domain security relies on the use of IPsec, which, according to the 3GPP is mandatory for all the communications between security domains (Za interface) and optional for the communications within the same security domain (Zb interface). Mobile backhaul, although not matching exactly either the Za or the Zb interfaces, is subject to a number of security threats which could be mitigated by using IPsec.
9.3.2 IPsec SA
An IPsec Security Association (SA) is a unidirectional logical connection established between two or more peers which defines the protection to be applied to the packets it carries. The IPsec SA has an associated list of parameters which governs how the packets are processed, the algorithms to be applied, the security protocol to be used, etc. These parameters are stored in the Security Association Database.
Provided that most of the communications are bidirectional, a pair of SAs is usually established. Packets carried by both SAs in a pair receive the same kind of protection.
IPsec SAs can be established manually by using a management interface ...
Get Mobile Backhaul now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
