Mobile phones have become the preferred method of communication for consumers worldwide, offering a wide variety of voice and data services. But while the devices are “mobile” in nature, it is a small surprise that “mobile phone calls” are, however, less “mobile” than is expected. In fact, a significant number of the calls and data sessions initiated by mobile devices originates in the confines of the consumers’ homes. This can pose problems for the operators of mobile phone networks.

Due to the physical characteristics of the radio waves in the high frequencies that the cellular networks use, the provision of good network coverage in indoor locations is somewhat problematic, and it poses a serious challenge for the mobile carriers to overcome. To address the bandwidth and quality of coverage demanded by their subscribers, mobile operators are turning to femtocell systems.

Femtocell access points (FAPs) are close-range, limited-capacity basestations that utilize residential broadband connections to connect to carrier networks. The use of such distributed basestation architecture improves reception and allows the operators to deliver fast, seamless, high-bandwidth cellular coverage into the homes and offices of their end customers.

The deployment of femtocell solutions is overwhelmingly attractive to mobile network operators as they successfully address coverage and mobile data bandwidth requirements by leveraging widely available broadband connections without the extraordinary cost associated with the alternative macro-cell deployment. Like all communications technologies, though, femtocells also require robust security. 

How To Counter Threats

FAPs and femto gateways (FGWs) leverage ubiquitous broadband (ADSL, ADSL2+, cable, etc.) Internet Protocol (IP) communications for the backhaul of cellular voice and data communications. As with any IP-based networking architecture, the communications between the client device, the FAP, and the carrier’s core network must be secured against eavesdropping, fraud, and other malicious activity.

To maintain the level of security that is expected of the telecommunications networks, femtocell systems require that the authenticity of the communicating peers (access points and gateways) and the privacy and integrity of the data exchanged are guaranteed. The threat model consists of attack threats from third parties that try to compromise the security of the communication links and from hosting parties that attack the FAP devices themselves (Fig. 1).

The most common threats posed by existing customers include hacking, reverse engineering, and device cloning. These insider attacks, which target the customer premise equipment (CPE) devices (the FAP), can be driven by simple curiosity or by organized crime, billing fraud, or grey imports.

Security concerns associated with femtocell-enabled networks can be classified into three main categories:

• Device and network authentication: FAPs and the network must mutually authenticate to become part of the cellular network.
• Data privacy: When the connection to the carrier is over a public, hostile, and unreliable IP network, the privacy and therefore confidentiality of data shared between the FAP and the network and handsets must be ensured.
• Integrity: When the FAP is physically vulnerable to tampering by malicious users, the validity of billing, subscription, and device data must be secured.

The ongoing standardization effort for femtocells has addressed peer authentication and backhaul privacy and integrity issues by prescribing the use of a combination of the strongest and most versatile of the security measures designed for IP communications: the Internet Key Exchange v2 (IKEv2) and the IP Security (IPsec) protocols.